Manager, Technology Risk Oversight

Manager, Technology Risk Oversight

Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute:
Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk.

The Technology Risk Management (TRM) is a growing organization focused on providing expert advice, credible challenge, and effective oversight of information security and technology activities to identify, assess, control, and manage cyber and technology risk throughout the company. This organization plays a critical role in helping to ensure that the company's risk‑taking entities are aware of the risks inherent in their activities and decisions, the impact of their actions on the company at an enterprise level, and opportunities to reduce, mitigate, or avoid risks altogether.

Associates within the Technology Risk Management organization are highly‑skilled information security, cyber, technology, or risk management professionals who have a wealth of experience and a demonstrated ability to provide value‑added recommendations and deliver high‑impact results in their areas of expertise.

As a Manager, Technology Risk Oversight, you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, capabilities, and architecture including but not limited to enterprise technology initiatives, cloud services, architectural patterns and capabilities, as well as other areas of high risk technology changes. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm’s controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm’s cyber risk management capabilities.

As a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the firm. The position affords opportunities for substantial growth. The demands and high‑visibility nature of this position require an expert with a proven ability to work independently in a fast‑paced environment and who can begin contributing immediately.

• Play a lead role in identifying areas of Technology Change risk to provide oversight, analysis, effective challenge, and risk‑informed recommendations and expertise
• Independently drive the organization’s participation in assessing Technology Changes by reviewing all aspects of changes (e.g. threat scenarios, applicable controls, risk mitigating, scope, rollout plans, etc.) focusing on Technology Risks related to technical implementation, controls, testing, and architecture concepts
• Provide technical assessments of Capital One’s Technology Changes and Change Management Processes to identify, assess, and communicate Technology and Cyber risk
• Draft assessments for senior management and other stakeholders, to include regulatory agencies and the Board of Directors, as needed
• Stay current on emerging cyber threats and potential implications to the firm
• Collaborate effectively with colleagues, stakeholders, and leaders across multiple organizations to achieve objectives

• A bachelor's degree or military experience
• At least 5 years of experience in information security, information technology or cybersecurity
• At least 2 years experience with public cloud implementations

• Professional technology or security management certification (Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), AWS certification)
• 2+ years experience working in a hybrid IT environment that…