Director, Cyber and Tech Risk Management

About The Position

Requirements

• Superb communication skills that include active listening and executive presentation skills
• Proven critical analytical behavior, including and the ability to express a point of view supported by data (with both technical and non-technical audiences)
• Expertise in technology and cybersecurity domains, with an ability to identify risks and to propose multiple options to manage to an acceptable level
• Excellent influencing skills across all levels of the organization, tailoring the style and content to meet the needs of the audience
• The ability to understand the materiality of feedback from stakeholders, knowing when to act and when to listen, including driving discussions to find resolution where required.
• A track record of providing strategic direction to teams, peers, and stakeholders to drive results, solve problems, and influence outcomes
• Experience managing small high performing teams and delivering results through them
• Bachelor’s Degree or military experience
• At least 7 years of experience in information security, information technology or risk management
• At least 5 years of experience developing, evaluating or implementing cybersecurity, technology or risk assessment activities

Nice To Haves

• Master’s Degree
• Professional security management or risk management certification (Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified Risk & Information Systems Control (CRISC), Certified Information Privacy Professional (CIPP) or Open FAIR Certified)
• Knowledge of supervisory expectations expressed in the FFIEC IT Handbook, Federal Reserve Supervisory Letters, Office of the Comptroller of the Currency Bulletins or Federal Deposit Insurance Corporation Financial Institution Letters

Responsibilities

• Influence executives across the Lines of Business to take accountability for complex (and sometimes sensitive) technology and cyber risks
• Execute the Risk Leveling program across centralized and decentralized divisions
• Leverage leadership experience and executive influencing skills to continuously improve our risk maturity journey
• Constructively debate issues and connect the dots across various assessments (typically includes risk and control self-assessments, critical business process-level assessments, assessments of new initiatives, scenario analysis, challenge of risk acceptances, etc.)
• Identify opportunities to influence risk-taking strategies
• Demonstrate robust risk management oversight in supporting various internal audits and regulatory exams
• Mentor and develop associates to meet their professional development goals
• Provide strategic context for the team, empowering them to perform to their highest potential and cultivating an inclusive team environment.
• Maintain a broad, expert understanding of technology risk frameworks, with an innate ability to leverage this understanding for the purposes or risk identification and mitigation
• Effectively communicate and demonstrate subject matter expertise in risk categorization, how risks can occur in a new environment, and the measures required to safeguard the enterprise
• Exhibit strong critical thinking and communication skills, with proven ability to navigate the unknown
• Leverage reporting & tools to perform analysis on different types of data points to inform policies and drive change; understand associated reporting metrics and is able to inform on tech and cyber risks
• Demonstrate sound lifecycle program management to include socializing action plans, impediments and risks, and stakeholder training / engagement

Benefits

• Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being.
• Learn more at the Capital One Careers website .
• Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level.