Principal Associate, Risk Management, Policy Analyst

Technology & Data Risk Management (TDRM) is a small organization that packs a big punch. The ~200 professionals in TDRM are trusted experts who oversee ~14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk, and data management risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. For years, the cybersecurity community has debated whether the CISO should report to the CIO or not. In regulated financial services, the answer is: both. The first-line CISO has operational responsibilities and reports to the CIO. The second-line Chief Tech Risk Officer (CTRO) and the Tech & Data Risk Management (TDRM) organization have broader responsibilities for cybersecurity but also reliability, software quality, resilience, and the risk of failing to manage our data. The CTRO is independent and oversees the work of the CISO, the CIO/CTO, and the Chief Data Officer. The CTRO reports to the Chief Risk Officer, who reports directly to the CEO. Our business leaders must make technology decisions constantly. TDRM makes sure they have the tech and data risk information they need to make good decisions. Associates within TDRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, data analyst, data scientist, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As a Policy Analyst at the Principal Associate level you will play a key role evolving our data, technology, and information security policies, standards, and procedures (PSPs). This includes annual updates to our PSPs, developing new PSPs on an as-needed basis, and partnering with subject matter experts across TDRM to draft policy-level requirements. You will engage with stakeholders across the first and second lines of defense as part of the PSP process and apply a customer-focus perspective. Desired outcomes: PSPs renewals are delivered on-time, meeting our high bar for quality TDRM owns a greater share of requirements in the policies we own TDRM shapes and influences first line owned PSPs through advisory engagement Stakeholder feedback is considered and incorporated throughout the process Our PSPs align to industry standards and best practices The ideal candidate: Is a strategic thinker who is intellectually curious, thrives in a data-driven environment, effective influencer, demonstrates good judgment, excellent problem solver, and is a team player. Is a clear communicator with excellent verbal and written communication skills across levels of leadership Has passion and expertise in data management or data protection, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Raises concerns early and knows when to escalate, including the ability to raise issues and facilitate constructive problem-solving at all levels of the organization Can manage multiple projects/initiatives while maintaining superior results Is execution oriented and a self-motivator