Principal Associate, Cyber Risk & Analysis - Enterprise Services Risk

Principal Associate, Cyber Risk & Analysis - Enterprise Services Risk

The Enterprise Services Risk organization is expanding with a focus on attracting innovative, pioneering, collaborative, and highly skilled professionals. We operate at the forefront of risk management, providing support for novel and developing technologies, as well as critical business strategies. Diverse perspectives and experiences are valued as we work to redefine the financial sector.

As a Principal Associate on the MTC Program team, you will lead the execution of the Horizontal Services tower, ensuring seamless operations for our MTC Program leadership team. The MTC Program team is a first-line risk management function that assesses technology and cybersecurity risks associated with Capital One's material technology changes. The team manages the end-to-end MTC lifecycle, which includes identifying in-scope initiatives, facilitating Targeted Risk Assessments (TRAs), and monitoring mitigation plans to enable secure and well-managed innovation across the enterprise.

You will be responsible for overall team governance and reporting, process improvements, audit / exam requests, and executive-level stakeholder communications. You will also play a key role in maintaining centralized planning and direction for our strategic objectives, primarily focused on adoption of Generative AI.

• Execute the monthly and quarterly reporting cycles (M /QER), turning complex data into actionable talking points for leadership.
• Coordinate responses to audit and regulatory requests, ensuring all supporting evidence is accurate and delivered within strict deadlines.
• Drive organizational engagement by developing and managing the MTC’s stakeholder-facing resources.
• Manage the renewal and off-cycle updates for policies, standards, and procedures to ensure alignment with enterprise requirements.
• Manage team resources, including shared drive access, onboarding guidance, PWC contractor management, JIRA, and Confluence.
• Manage the testing and reconciliation of specific MTC controls to ensure continuous regulatory compliance.
• Lead team operations by facilitating strategy alignment sessions, coordinating team events, and providing strategic support to leadership to ensure cohesive execution of organizational goals.
• Adopt and operationalize Generative AI and automation throughout the above responsibilities to achieve new levels of efficiency in these functions.

• High School Diploma, GED or Equivalent Certification
• At least 3 years of experience in Risk Management, Process Management, Project Management, or a combination of these

• Bachelor's Degree or Military Experience
• At least 4 years of experience in risk management or technology risk management
• At least 5 years of experience in project, program, or portfolio management
• At least 1 year of Financial Services industry experience
• Risk Certifications (CRISC, CISM, CRCM, CIPP, ABA Risk Management Certification)
• Experience with Generative AI tools including Gemini, Google Workspace Studio, or Claude Code

At this time, Capital One will not sponsor a new applicant for employment authorization for this position.

The minimum and maximum full‑time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part‑time roles will be prorated based upon the agreed upon number of hours to be regularly worked.

Richmond, VA: $119,400 - $136,200 for Prin Assoc, Cyber Risk & Analysis

This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan.

Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website. Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level.

Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug‑free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23‑A of the New York Correction Law;
San Francisco, California Police Code Article 49, Sections 4901‑4920;
New York City’s Fair Chance Act;
Philadelphia’s Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries.