Senior Manager, Tech and Product Risk Guide - Enterprise Services Risk

Capital One•McLean, VA

About The Position

The Enterprise Services Risk organization is expanding with a focus on attracting innovative, pioneering, collaborative, and highly skilled professionals. We operate at the forefront of risk management, providing support for novel and developing technologies, as well as critical business strategies. Diverse perspectives and experiences are valued as we work to redefine the financial sector. As a Senior Manager on the Cyber and Technology Product Risk team, you will apply your risk management, cyber and technical expertise to the company’s Vulnerability Management and Security Testing programs. Our team serves as the first line of defense to help ensure our Company remains well-managed and avoids unnecessary risk. In this position, you will play a key role in enhancing our risk management processes and cyber risk profile across Capital One by translating complex technical vulnerabilities into clear business impacts. Your contributions will drive organizational change through risk identification, measurement, analysis and reporting in order to better manage the company’s cyber risks in an open and collaborative environment. In this role, you will: Lead the risk oversight for a suite of security testing capabilities, including SAST, DAST, SCA, container and infrastructure scanning, to ensure comprehensive coverage across the development lifecycle Partner with engineering leads to prioritize and escalate recommendations for mitigating critical vulnerabilities and configuration compliance gaps Leverage your deep information technology experience to drive effective vulnerability remediation strategies across complex enterprise platforms Lead the execution of core risk management processes, including Process Level Assessments (PLA), LAUNCH initiatives, and Material Technology and Cybersecurity Changes (MTC) Collaborate with stakeholders to draft, manage, and validate risk objects from their inception to their closure Serve as a trusted advisor to stakeholders in the Cyber organization for risk management best practices and enterprise-wide risk frameworks Influence leaders within Tech, Compliance, Cyber Security, second line risk organizations, and Internal Audit on key cyber risks and actions needed Collaborate with cross-functional teams to address regulatory responses and internal audit actions related to cyber security controls Deliver key reporting for technology executives across a wide variety of metrics, KRIs, KPIs and Cybersecurity topics to inform on the organization’s risk posture Perform high context critical thinking and problem solving to address key challenges as we integrate new security tooling and platforms

Requirements

Bachelor's Degree or military experience
At least 7 years of experience in an information technology or technical risk management
At least 5 years of experience in Risk Management, Process Management, Project Management, or a combination of these
At least 7 years of experience supporting, partnering and interacting with internal and external stakeholders

Nice To Haves

At least 7 years of information technology experience with a focus on vulnerability remediation and security operations
At least 5 years of experience with Vulnerability Management and Security Testing tools (SAST, DAST, SCA, or Configuration Compliance)
At least 4 years of Project Management experience leading cross functional projects in Risk
Experience with Offensive Cyber Security programs, such as Responsible Disclosure or Bug Bounty programs
At least 3 years of experience in the Financial Services industry
Risk Certifications (CRISC, CISSP, CISM, CRCM, CIPP, ABA Risk Mgmt Certification)
Working functional knowledge of Networking, Cloud Environments, enterprise grade Cybersecurity tooling, and enterprise technology platforms

Responsibilities

Lead the risk oversight for a suite of security testing capabilities, including SAST, DAST, SCA, container and infrastructure scanning, to ensure comprehensive coverage across the development lifecycle
Partner with engineering leads to prioritize and escalate recommendations for mitigating critical vulnerabilities and configuration compliance gaps
Leverage your deep information technology experience to drive effective vulnerability remediation strategies across complex enterprise platforms
Lead the execution of core risk management processes, including Process Level Assessments (PLA), LAUNCH initiatives, and Material Technology and Cybersecurity Changes (MTC)
Collaborate with stakeholders to draft, manage, and validate risk objects from their inception to their closure
Serve as a trusted advisor to stakeholders in the Cyber organization for risk management best practices and enterprise-wide risk frameworks
Influence leaders within Tech, Compliance, Cyber Security, second line risk organizations, and Internal Audit on key cyber risks and actions needed
Collaborate with cross-functional teams to address regulatory responses and internal audit actions related to cyber security controls
Deliver key reporting for technology executives across a wide variety of metrics, KRIs, KPIs and Cybersecurity topics to inform on the organization’s risk posture
Perform high context critical thinking and problem solving to address key challenges as we integrate new security tooling and platforms

Benefits

Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being.
Learn more at the Capital One Careers website.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume