Director, Metrics Strategy and Reporting

Capital One•McLean, VA

4d•$209,500 - $286,900

About The Position

Capital One is a rapidly growing organization focused on customer passion and technological innovation. The Technology & Data Risk Management (TDRM) organization, comprising approximately 200 professionals, plays a crucial role in overseeing technology and data risk for the company's ~14,000 developers. TDRM is responsible for setting high standards in cybersecurity, reliability, tech risk, and data management risk. The Chief Technology Risk Officer (CTRO) leads TDRM and reports to the Chief Risk Officer, who reports directly to the CEO, ensuring independence and broad oversight of cybersecurity, reliability, software quality, resilience, and data management. TDRM provides essential technology and data risk information to business leaders for informed decision-making. Associates in TDRM are highly skilled professionals in information security, cybersecurity, site reliability engineering, technology, data analysis, data science, and risk management, known for their expertise and ability to deliver impactful results. As the Director, Metrics Strategy and Reporting, you will be instrumental in developing a strategy to leverage metrics for driving change. This includes updating the organization's metrics for cybersecurity, technology risk, and developer quality, and implementing these metrics to achieve systemic improvements. You will also enhance reporting processes to ensure clarity, consistency, and effective communication. A key responsibility will be overseeing the coordination and drafting of the quarterly memo to the Board of Directors' Risk Committee, in close collaboration with peers in the second line and counterparts in the first line. Additionally, you will support the creation of technology, cyber, and data risk content tailored for executive audiences. This role requires a seasoned leader with a strong understanding of quantitative methods in technology/cyber risk, strategic thinking capabilities, intellectual curiosity, and a preference for data-driven environments. The ideal candidate is execution-oriented, self-motivated, and possesses strong collaboration skills to work effectively with colleagues, stakeholders, and leaders across various organizations. A passion for technology risk and cybersecurity, coupled with the ability to articulate dissenting opinions confidently and respectfully, is essential. The role also demands critical analytical thinking and the ability to present data-supported viewpoints to both technical and non-technical audiences. As a people leader, you will be expected to include, empower, and inspire your direct reports.

Requirements

Bachelor’s degree or military experience
At least 10 years of experience in cybersecurity or technology risk
At least 5 years of experience with cybersecurity or technology risk metrics
At least 5 years of experience with governance fora
At least 3 years of experience leading people

Nice To Haves

Master’s degree in computer science, mathematics, or engineering
At least 12 years of experience in cybersecurity or technology risks related to resilience, reliability, or code quality
At least 3 years of experience in cloud computing
An understanding of more than one of the following domains: cybersecurity, site reliability engineering, dev/ops, and developer excellence
Experience revamping an organizational metrics program
Experience with governance fora in which senior leaders use metrics to manage their organizations

Responsibilities

Understand our current approach and develop a strategy to better use metrics, dashboards, and governance fora to drive change. The intended audience starts at the program manager level and progresses up through the Board of Directors and formal risk appetite metrics.
Develop suites of metrics across the technology, technology risk, and cybersecurity domains, aligned to industry frameworks.
Engage stakeholders across the first, second, and third lines of defense to align on the metrics and thresholds.
Dive deeply into different domains to understand the shortcomings and limitations of metrics and ensure they are appropriately documented and communicated.
Monitor metrics, investigate anomalies, and escalate necessary response actions.
Make recommendations on how to better leverage metrics and data in reporting.
Oversee the development of various reports and reports, such as the quarterly Board memo, presentations to senior and executive management as well as external audiences.