Manager, Governance and Compliance

About The Position

Requirements

• Bachelor’s degree or military experience
• At least 4 years of experience working in the fields of information security, technology, or risk management
• At least 3 years of experience in a second-line or oversight role at a financial institution or regulatory agency
• At least 3 years of experience developing, evaluating, or implementing cybersecurity, technology or compliance risk assessments

Nice To Haves

• 4+ years of experience in a second-line or oversight role at a financial institution or regulatory agency; prior compliance work at Visa, Mastercard or American Express
• Knowledge of supervisory expectations expressed in the FFIEC IT Handbook, Federal Reserve Supervisory Letters, Office of the Comptroller of the Currency Bulletins, or Federal Deposit Insurance Corporation Financial Institution Letters
• Professional security management certifications, such as a Certified Information Systems Security
• Working knowledge of domestic and international regulatory requirements and laws that govern credit and debit network Professional (CISSP) or Certified Information Security Manager (CISM)
• Excellent verbal and written communication skills
• Experience in cybersecurity, with the ability to be provide credible challenge when necessary
• Ability to manage multiple projects while maintaining superior results
• Ability to work cross-functionally

Responsibilities

• Responsibilities include mapping complex legal and regulatory requirements—including federal, state, and international tech and cyber laws—to our internal business processes.
• This includes providing a "credible challenge" to ensure our systems and procedures are not only compliant but resilient against the evolving global regulatory landscape (including Discover and international payment requirements).
• Compliance Advisory & Challenge: Provide guidance and effective challenge on the compliance risk of business initiatives.
• Evaluate the adequacy of systems and procedures supporting the tech and cyber compliance program.
• Regulatory Mapping: Understand and assess the inventory of technology and cyber risk management related laws and regulations, as well as industry standards such as the NIST, PCI DSS, CSF and FFIEC guidance, and how they translate into organizational requirements and controls.
• Regulatory Applicability: Perform technology and cybersecurity risk management requirement applicability and impact assessments against business, technology and cyber processes.
• Risk Assessments: Coordinate and execute compliance assessments for risk taking activities and process breakdowns against these organizational technology and cybersecurity risk management requirements, including any planned remediation; ensuring the team has a documented, rationalized and repeatable assessment methodologies.
• Issue Management: Identify compliance issues requiring investigation or follow-up.
• Review complaints from various Lines of Business (LOB) and advise on necessary remediation.
• Stakeholder Collaboration: Work with internal and external stakeholders to develop and/or enhance existing compliance assessment reporting, and draft assessments for senior management and other stakeholders, to include regulatory agencies and the Board of Directors, as needed.

Benefits

• Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being.
• Learn more at the Capital One Careers website.