Capital One Principal Associate Governance Risk Identification Testing 

United States, Virginia, Arlington 

117727228

• Serves as Agile Delivery Lead/project manager for multiple teams
• Ensures team maintains focus on quality and continuous delivery of business value
• Helps team proactively identify impediments and recommends solutions to remove impediments
• Coaches team members on effectively using JIRA to track their work
• Perform independent controls review of the company’s cybersecurity and technology control environment
• Perform assessments of first line control testing programs to determine sufficiency of processes and effectiveness of execution
• Provide technical assessments of technology control design and effectiveness by performing independent testing
• Draft assessments for senior management and other stakeholders, to include regulatory agencies and the Board of Directors, as required
• Provide challenge, expertise and advice on enhancing the design, effectiveness, and maturity of the company’s technology controls and capabilities
• Participate in management of the overall technology control inventory, which defines the scope of the controls review program
• Stay current on emerging cyber threats, technologies, controls, and potential implications for the company
• Collaborate effectively with colleagues, stakeholders, and leaders across multiple organizations to achieve objectives
• Coordinate program-related activities and deliverables to ensure effective collaboration within the team and across stakeholder groups
• Communicate in a compelling manner to any audience, including internal and external stakeholders

Basic Qualifications:

• Bachelor’s degree or military experience
• At least 3 years of experience in implementing and managing controls review assessments or controls testing functions based on established industry risk frameworks, including: the NIST Cybersecurity Framework, COBIT v5, COSO, or FedRAMP
• At least 2 years of experience working in the fields of information security, technology, or technology risk management
• At least 2 years of experience with cybersecurity and technology practices

Preferred Qualifications:

• Professional security management certifications, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified in Risk and Information Systems Control (CRISC), Certified Cloud Security Professional (CCSP), AWS Cloud Practitioner Certification
• Certified Scrum Master or PMP certification
• Experience working in an Agile environment
• Experience within the Big 4 performing SOC 1 or SOC 2 assessments
• Experience using automated testing tools