Capital One Principal Associate Authentication Access Assurance AAA 

United States, Virginia, Arlington 

680831607

Principal Associate, Authentication and Access Assurance (AAA)

As a Principal Associate, Cyber Risk Assessor, you will play a critical role in assessing authentication risks, identifying control gaps, and providing actionable recommendations. You will engage with stakeholders across cybersecurity, IT, and business functions to drive risk-based decision-making and improve authentication and access security.

Cyber Risk Assessment & Advisory

• Conduct cybersecurity risk assessments focused on authentication and access management practices, ensuring alignment with the FFIEC Authentication & Access Guidance and cybersecurity best practices.

• Identify and assess authentication-related risks and IAM (Identity & Access Management) control gaps, providing well-supported risk ratings and recommendations.

• Work with cybersecurity and business teams to understand the impact of authentication risks on the organization and provide business-relevant risk insights.

• Maintain an up-to-date understanding of emerging authentication threats, IAM security practices, and regulatory expectations to continuously enhance assessment methodologies.

Risk Communication & Stakeholder Engagement

• Translate technical findings into clear, actionable insights tailored for business and technology leaders.

• Influence risk decisions by effectively articulating the significance of authentication risks and advocating for necessary security improvements.

• Engage with stakeholders to challenge assumptions, push back when appropriate, and ensure risk assessments maintain independence and objectivity.

• Strengthen team credibility by ensuring assessment reports and presentations are clear, concise, and aligned with customer needs.

Process and Team Development

• Improve the consistency, efficiency, and strategic impact of risk assessments by refining assessment frameworks, templates, and methodologies.

• Ensure assessments adhere to defined schedules and deadlines, proactively escalating issues when needed.

• Serve as a knowledge resource for authentication and IAM risks, mentoring junior assessors and contributing to team training initiatives.

• Support efforts to expand the team's capabilities in end-to-end IAM risk assessments, helping evolve the program's strategic focus over time.

Experience:

• Experience in cybersecurity risk assessment, cybersecurity audit, or IAM security, with a focus on authentication risks and access management.

• Familiarity with the FFIEC Authentication & Access Guidance and experience assessing compliance against it.

• Strong understanding of authentication technologies, including multi-factor authentication (MFA), passwordless authentication, biometric authentication, and risk-based authentication.

• Working knowledge of IAM security principles, such as identity governance, privileged access management (PAM), role-based access control (RBAC), and just-in-time access.

• Experience working with stakeholders across business, IT, and security teams, with an ability to effectively communicate and influence security decisions.

• Ability to manage multiple assessments simultaneously, maintain adherence to deadlines, and escalate issues when needed.

• Strong critical thinking and analytical skills, with the ability to assess control effectiveness and make well-reasoned risk judgments.

• Excellent written and verbal communication skills, including the ability to translate technical risk assessments into business-relevant insights.

Why Join Us?

• Work in a collaborative and supportive environment, with leadership committed to professional growth and development.

• Be part of a team that has successfully navigated significant organizational changes and regulatory shifts, demonstrating adaptability and resilience.

• Gain exposure to senior cybersecurity and business leaders through impactful risk assessments.

• Play a role in shaping how the team continues to evolve its authentication and IAM risk assessment capabilities.

Basic Qualifications

• High School Diploma, GED or equivalent certification

• At least 3 years of experience working in cybersecurity or information technology

• At least 1 year of experience in cybersecurity risk assessments or cybersecurity audit

Preferred Qualifications:

• 2+ years of experience with risk frameworks NIST CSF, NIST 800-63, ISO 27001, or PCI DSS

• 1+ year of experience in federated identity management, single sign-on (SSO) solutions, and modern authentication protocols (OAuth, SAML, OpenID Connect)

• 1+ year of experience working in financial services cybersecurity or a highly regulated environment

• One or more professional certifications CISSP, CISA, CRISC, or CCSP

McLean, VA: $127,500 - $145,500 for Prin Assoc, Cyber Risk & Analysis Richmond, VA: $115,900 - $132,200 for Prin Assoc, Cyber Risk & AnalysisThis role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan.

. Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level.

If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1-800-304-9102 or via email at . All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations.