Senior Manager, Risk Advisor, Technology and Data Risk Management
About The Position
Capital One is a rapidly growing organization focused on customer passion and technological innovation. We are committed to cybersecurity, reliability, software quality, and data management. The Technology & Data Risk Management (TDRM) organization, comprising approximately 200 professionals, plays a crucial role in overseeing around 14,000 developers. TDRM sets high standards for cybersecurity, reliability, tech risk, and data management risk, influencing strategy, challenging activities, and conducting independent tests. In the financial services industry, a dual CISO structure is essential: a first-line CISO with operational responsibilities reporting to the CIO, and a second-line Chief Tech Risk Officer (CTRO) and TDRM organization with broader responsibilities for cybersecurity, reliability, software quality, resilience, and data risk management. The CTRO is independent, oversees the CISO and CIO/CTO, and reports to the Chief Risk Officer, who reports directly to the CEO. TDRM ensures business leaders have the necessary tech and data risk information for informed decision-making. TDRM associates are highly skilled professionals in information security, cybersecurity, site reliability engineering, technology, data analysis, data science, and risk management, bringing extensive experience and delivering high-impact results. This specific role, Senior Manager, Cyber Risk and Analysis, is pivotal in shaping the second line's independent perspective on cybersecurity, reliability, and tech risk, with a focus on emerging technologies and risks. The role involves analyzing the outcomes of first-line analyses to enable robust challenge, leading independent risk analysis workshops, applying quantitative and qualitative risk assessment methodologies, understanding control stacks, identifying risk reduction strategies, and systematically reviewing and aggregating assessment outputs. A key responsibility is influencing the first line to define and prioritize high-leverage risk reduction initiatives. The role requires providing expert guidance and mentorship within TDRM, fostering strong relationships with other first and second-line groups, and navigating the Enterprise Risk Management framework. As part of a growing organization, the successful candidate will help shape and refine the risk program, operating with autonomy and empowerment. The ideal candidate is a seasoned leader with practical knowledge of risk frameworks and assessment methodologies for technology/cyber risk, strategic thinking, data-driven decision-making, intellectual curiosity, and a drive for change.
Requirements
- Bachelor’s degree or military experience
- At least 6 years of experience managing, consulting, or auditing in the fields of risk management, information security or technology
- At least 5 years of experience performing or challenging risk assessments leveraging qualitative and quantitative methodologies (COSO Framework, quantitative analysis, Factor Analysis Information Risk (FAIR), Process, Risk & Control (PRC) library, Risk and Control Self Assessment (RCSA), scenario analysis, new initiative risk assessments)
- Professional security management certification (Open FAIR, Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or Certified in Risk and Information Systems Control (CRISC))
Nice To Haves
- Master’s degree in Information Technology, Cybersecurity, or equivalent
- 5+ years of experience communicating and presenting data to both technical and non-technical audiences
- 5+ years of experience applying risk quantification methodologies and rolling out risk framework changes
- 4+ years of experience interacting with different stakeholders and leaders across multiple organizations
- 4+ years of experience in a second-line or oversight role at a financial institution or regulatory agency
- Experience implementing risk and controls framework for GenAI or other emerging technologies and risks.
Responsibilities
- Understand new guardrails and guidelines related to emerging technology and risks, and establish systems to iteratively include them in routine risk assessments.
- Review and challenge first line periodic and change-driven risk assessments, including risk sizing, control suite adequacy and mitigation plan relevance.
- Prepare executive reports summarizing TDRM’s point of view on cyber and technology risks.
- Research industry trends and internal data to substantiate risk management decisions and make recommendations.
- Scope and facilitate cross-functional risk workshops and document the conclusions to influence 1st line’s risk framing.
- Foster a collaborative relationship with stakeholders across 1st and 2nd line.
- Develop and implement plans to orchestrate the operational rollout of risk methodology changes.
Benefits
- health, financial and other benefits that support your total well-being
- performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI)
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
