Manager, Global Trade Compliance

About the position

As a Risk Manager for Global Trade Compliance (GTC), you will play a pivotal role developing and driving our international risk management framework-from day one. The Manager for GTC will support our Enterprise Services (ES) Risk office in Capital One's first line of defense. They will be on the forefront of implementing enterprise-level technology and cybersecurity risk management initiatives related to international operations. In this position, you will help lead international risk management functions for ES, particularly in the area of global trade compliance and export control. This includes deftly navigating and interpreting a dynamic regulatory environment, executing and enhancing risk management processes across Capital One, methodically ensuring project and program delivery, analyzing technology use cases, and influencing outcomes that support our company's broader international risk strategy. You will collaborate closely with associates and senior leaders across all lines of defense, lines of business, and other risk management teams to support this work. This includes implementing risk management tools and frameworks for the organization and managing a sustainable and mature process to identify, assess, mitigate, and monitor risk in the area of global trade compliance.

Responsibilities

• Drive collaboration across first-line-of-defense Technology and Cyber teams, Legal, second-line risk organizations, and other lines of business to design, cultivate, and implement effective processes in furtherance of U.S. export control activities and other worldwide trade compliance requirements as defined by applicable laws and regulations.
• Support the integration, refinement, and management of innovative procedures incorporating export control governance through technology development, supplier management, and other enterprise operations that anticipate and streamline international business opportunities.
• Provide expert analysis of technology use cases in the context of international operations and export control, particularly in the areas of internal development and production, cybersecurity, and risk management.
• Assist project and program delivery, risk reporting, and other governance activities, and lead the overall process for first-line intake and data management, such as through infrastructure and enterprise integration of global trade compliance systems of record that ensure responsive decisioning, auditability, and oversight.
• Identify, size, and resolve risk in a well-managed and strategic way, finding value creation opportunities that foster continuous improvement and drive innovative, sustainable processes that reduce risk through technology.
• Maintain currency on the changing regulatory environment, interpreting and advising on the impacts to our international operations as they relate to information security and emerging technology.
• Draft, coordinate, and deliver exceptional written products that contribute to the development of strong policies, standards, procedures, guidelines, tools, templates, and job aids in furtherance of global trade compliance activities, decisions, and risk methodology.
• Conduct program- and process-level risk assessments to identify international risks and mitigation plans based on industry standards and best practices in alignment with Capital One's strategic risk direction.
• Represent the team in risk and other management forums, and support interactions with internal audit and regulatory agencies related to our work, as applicable.
• Support the ES Risk organization by implementing new and innovative ideas, and support special projects for the team, as needed.

Requirements

• Bachelor's Degree or military experience.
• At least 4 years experience in cyber risk management, information technology, tech risk management, or technology audit, or a combination.
• At least 4 years experience in project, risk program, or process management, or a combination.
• At least 3 years of experience, in national security, export control, foreign policy, or technology industry, or a combination.
• At least 2 years experience consulting with executives or in enterprise strategy and policy development, or a combination.

Nice-to-haves

• 5+ years experience performing information security or technology compliance, risk identification, assessments or controls governance for digital products and services, or a combination.
• 4+ years experience performing data analysis in support of compliance, internal risk assessments, control design, and operating effectiveness associated with new or change-driven initiatives.
• 4+ years experience setting direction, managing, and leading cross-functional programs and projects.
• 3+ years experience with the U.S. Export Administration Regulations or U.S. International Traffic in Arms Regulations, or a combination.
• 2+ years experience in regulation or policy roles related to cryptography, the application of encryption-related technologies, computing, or telecommunications, or a combination.
• 2+ years experience performing data analysis in support of cybersecurity assessments and control design in a cloud environment.
• Project Management (PMP) or Program Management (PgMP) certification.
• Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), AWS Security certification, or other Industry Risk Professional Certification.
• Certifications in AWS, Google Cloud Platform (GCP), and Azure.

Benefits

• Comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being.