|
Senior Software Engineer, Full Stack-Card Tech - Naperville Illinois
Company: Capital One Location: Naperville, Illinois
Posted On: 11/09/2024
Center 3 (19075), United States of America, McLean, VirginiaManager, Cyber Risk & AnalysisCapital One is one of the fastest growing organizations in the world today. The growth of the business is being accelerated by leveraging innovative and emerging technologies. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years, fully exiting our data centers. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The roughly ninety professionals in TRM are trusted expert advisers who shape decisions, challenge activities to ensure they meet our standards, and generally oversee technology and information security risk across the business and the central technology organization. TRM is a second line organization, which means it is independent and reports up through the Chief Risk Officer.TRM plays a critical role in ensuring that the company's risk-taking entities are aware of the risks inherent in their activities and decisions, the impact of their actions on the company at an enterprise level, and opportunities to reduce, mitigate or avoid the risks altogether. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals who have a wealth of experience and a demonstrated ability to provide value added recommendations and deliver high-impact results in their areas of expertise.As a member of a growing organization, you are expected to shape and further refine the risk program, and will have the opportunity to operate with both autonomy and empowerment from senior leadership. The successful candidate will be a seasoned leader with strong practical knowledge of risk frameworks and risk assessment methodologies applied to technology/cyber risk, who can think strategically, who is intellectually curious, and who thrives in a data-driven environment.Desired Outcomes: - Challenge and reinvent the methodology that the 1st and 2nd Lines of Defense will use to measure cybersecurity and technology risk within the existing ERM framework, including control efficacy
- Research and develop data-driven assessment practices that will facilitate deeper risk conversations and surface insights in support of strategic decision-making
- Evaluate and standardize various risk scoring methods for tech/cyber domains across the enterprise
- Standardize the approach for TRM to prioritize the assessment scope to best focus our team on the areas of the greatest impact -
- Evolve the existing risk, process, control taxonomies to succinctly frame emerging threats and risks
- Distill complex risk, process, and control relationships into simple designs and solutions
- Introduce forward-looking risk measures
- Demonstrate tech/cyber risk measurement advocacy and thought leadership, and train and mentor peers and executives across the enterprise to enable adoption of more modern analysis and assessment techniques
- Constructively debate trade-offs between different assessment approaches with other 2nd Line and 1st Line partners
- Enhance the business' understanding of regulatory/compliance requirements and the implications to the firm
- Mentor peers to meet their professional development goalsBasic Qualifications:
- A bachelor's degree or military experience
- At least 4 years of experience managing, consulting, or auditing in the fields of information security, technology, or risk management
- At least 3 years of experience developing and implementing industry risk frameworks, quantitative analysis, tools, and methodologies (COSO, quantitative analysis, Factor Analysis Information Risk (FAIR), Process, Risk & Control (PRC) library), and assessment methodologies (RCSA, scenario analysis, or new initiative risk assessments))
- At least 1 professional security management certification (Open FAIR, Certified Information Systems Security Professional (CISSP), Certified Informations Systems Auditor (CISA), or Certified in Risk and Information Systems Control (CRISC))Preferred Qualifications:
|
|