West Creek 3 (12073), United States of America, Richmond, Virginia

Manager - Operational Risk Challenge & Advisory, Cyber Risk & Analysis

Risk Advisors at Capital One are highly motivated Risk and process management professionals with excellent analytical, organizational, risk management, project management, and communication skills. These skills allow us to gain insights, and act as a change agent to influence our business partners. As Capital One evolves to meet the ever-changing technology landscape, so do our risk managers. A successful Risk Advisor operates from a foundation of knowledge about the Line of Business with whom they are working, including processes, risks and associated controls, and good risk management practices. They are forward thinking, quick to adapt, and technologically adept with a background that includes technical skill sets. Risk Advisor have a broad level of exposure across the lines of business and have the opportunity to work with the business to create and implement solutions to appropriately manage risks within Enterprise Services. The demands and high-visibility nature of this position require an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately to work focused on performing technical assessments across technology and cybersecurity domains.

The Operational Risk, Challenge and Analytics group provides second line oversight for operational risk and is responsible for ensuring current and emerging risks are appropriately identified and managed through Enterprise Risk governance policies and procedures. Operational Risk Advisors are the liaisons between Operational Risk Management (ORM) and first line business partners serving as both an effective challenger and a trusted advisor. Our teams are integrated into multiple dimensions of first line risk identification and mitigation activities.

This position – Operational RIsk Advisor supporting Enterprise Services on the Operational Risk, Challenge and Advisory team - will play a key role in the organization’s second line of defense risk identification program by providing expertise in assessing both tech and non-tech operational risk areas. This role will focus on enhancing the organization’s cybersecurity and technology risk posture and supporting the identification and assessment of enterprise-level technology and cybersecurity risks. As part of the second line of defense, you will collaborate closely with associates in cybersecurity, technology, the lines of business, and other risk management offices in the various lines of business, to perform and support evaluations of the firm’s risk posture and offer independent advice and value-add recommendations regarding ways to reduce risks. Having the ability to understand and translate data-driven analysis, business drivers, initiatives and priorities into technology and cybersecurity risks is critical to ensure proper advising to business stakeholders. While a strong foundation of technology, cybersecurity, and risk management expertise is required to support core assessment responsibilities, being able to engage as a trusted business risk advisor to deliver high-impact results in their area(s) of expertise is a core expectation for the role.

A strong candidate is passionate and proficient in technology, cyber risk, industry, and regulatory trends, who is intellectually curious and stays current on emerging cyber threats, technologies, and potential implications for the company. This candidate has a team-first attitude and is comfortable building relationships and collaborating with the team and other partners and stakeholders to get the work done. This candidate is execution oriented, a self-motivator in an ambiguous environment, can manage multiple projects while maintaining superior results, can successfully work in a fast-paced environment, and is able to quickly come up to speed with the business and technology environments with which they will be working. This candidate also will have excellent verbal and written communication skills (tailored to the audience) and can concisely and logically explain complex/technical topics.

Responsibilities:

• Core Assessment Responsibilities

• Perform the review and effective challenge of technology and cybersecurity risks through first-line assessment activities (i.e., Division and Business Unit risk and control self assessment activities, Process Level Assessments), to include providing expertise and advice on risk themes and mitigating activities

• Perform the review and effective challenge of technology and cybersecurity risks through first-line change-drive assessment activities (i.e., new, expanded, or modified products and services)

• Perform review and effective challenge of the completeness of the first-line annual critical business process (CBP) inventory

• Monitor, report, and escalate first-line’s cybersecurity and technology metric performance, identify changes or trends in the risk profile, draft relevant commentary, and brief senior management

• Develop reports to support assessment results and present these results to the team, business executives, and other stakeholders

​

• Advisory/Team Responsibilities

• Be a trusted advisor and guide/drive effective and relevant Tech and Cyber risk conversations with Line of Business leadership and their teams (e.g., aligning to or providing insights in support of strategic priorities or objectives for the business, increasing risk accountability, etc.)

• Support and contribute in discussions to enable the identification, assessment, management, and reporting of key technology and security risks and control related issues

• Communicate in a compelling manner, with a strong point of view, to any audience, including internal and external stakeholders

• Navigate regulatory and compliance requirements as an approachable and effective partner to develop solutions in response to Line of Business focus areas

• Collaborate effectively and build trusted relationships with colleagues, stakeholders, and leaders across multiple organizations to achieve objectives.

• Coordinate project-related activities and deliverables to ensure effective collaboration, teamwork, and influence with and beyond the immediate team and across stakeholder groups.

• Operate a continuous improvement approach by reviewing and challenging the design and operation of processes

• Support assessments for senior management and other stakeholders, to include regulatory agencies and the Board of Directors, as needed.

Basic Qualifications:

• Bachelor's Degree or military experience

• At least 4 years of experience in information security or technology risk management

• At least 4 years of experience supporting, partnering, and interacting with internal business clients

• At least 4 years of experience with information security, technology policies, standards or procedures

• At least 3 years of experience developing, evaluating, or implementing information security programs

Preferred Qualifications:

• At least 5 years of experience in information security or technology risk management

• At least 5 years of project management experience leading cross functional projects and programs

• At least 4 years of experience with analysis of information security or technology threats and risks

• At least 4 years of experience in information security or technology risk identifications and assessments associated with new or changed initiatives

• Background in the financial services industry

• Certified Information Systems Security Professional (CISSP), or Certified Information Security Manager (CISM)

• Ability to set direction, manage expectations, and lead cross-functional teams

• Ability to communicate and influence clearly and to interact effectively at all levels of the organization

At this time, Capital One will not sponsor a new applicant for employment authorization for this position.

Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website (https://www.capitalonecareers.com/benefits) . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level.

This role is expected to accept applications for a minimum of 5 business days.

No agencies please. Capital One is an equal opportunity employer committed to diversity and inclusion in the workplace. All qualified applicants will receive consideration for employment without regard to sex (including pregnancy, childbirth or related medical conditions), race, color, age, national origin, religion, disability, genetic information, marital status, sexual orientation, gender identity, gender reassignment, citizenship, immigration status, protected veteran status, or any other basis prohibited under applicable federal, state or local law. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections 4901-4920; New York City’s Fair Chance Act; Philadelphia’s Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries.

If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1-800-304-9102 or via email at RecruitingAccommodation@capitalone.com . All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations.

For technical support or questions about Capital One's recruiting process, please send an email to Careers@capitalone.com

Capital One does not provide, endorse nor guarantee and is not liable for third-party products, services, educational tools or other information available through this site.

Capital One Financial is made up of several different entities. Please note that any position posted in Canada is for Capital One Canada, any position posted in the United Kingdom is for Capital One Europe and any position posted in the Philippines is for Capital One Philippines Service Corp. (COPSSC).