Capital One Principal Associate Cyber Risk & Analysis - 

United States, Virginia, Arlington 

758930246

You will:

• Perform process and technology risk assessments to determine the optimal control mix for the products pursuing a Commercialized Technology Attestation engagement (SOC 2).

• Proactively identify changes in our products features and evaluate their impact on the controls needed to achieve any Commercialized Technology Attestations the product is pursuing.

• Monitor changes in attestation frameworks and how the changes impact the optimal mix of controls required for our products pursuing a Commercialize Technology Attestation.

• Ensure seamless design of our controls around emerging technologies as they are integral in supporting our Commercialized Technology Attestation engagement.

• Interpret and communicate/present appropriate control design to senior leadership.

• Influence leadership with recommendations for Controls and Process improvements on an ongoing basis.

• Evaluate control deviations and their impact on management's opinion over the design, implementation, and operating effectiveness of the controls in place to address the Commercialized Technology Attestation frameworks we pursue.

• Draft Management Responses that are presented within Attestation Reports.

• Partner with the product teams to answer any customer inquiries on issues listed within an attestation report.

• Facilitate evidence requests made by external auditors to support their independent attestation requirements.

• Provide advisory to control owners on ensuring the evidence they are submitted will meet the needs of the auditors.

• Partner with external auditors to establish evidence collection timelines/deadlines.

The associate should be able to:

• Be well organized and able to manage multiple requests

• Demonstrate strong ability to analyze information and data and leverage to support recommendations

• Work in collaboration across multiple teams while maintaining business relationships

• Develop and communicate quality recommendations to the program

• Demonstrate strong subject matter expertise and sound judgment to align appropriate risk level

• Work with diverse contacts throughout Capital One

• Communicate technical issues to non-technical people

• Demonstrate strong problem-solving and conceptual thinking abilities

• Demonstrate capacity to think broadly but go deep into subject matter when needed

Basic Qualifications:

• High School Diploma, GED or equivalent certification

• At least 4 years of technology experience in Internal Controls, Risk Management, or Audit or a combination

• At least 3 years of experience in identifying and assessing IT general, IT application, data movement and systems implementation controls

Preferred Qualifications:

• Bachelor’s Degree

• 5+ years of experience in Auditing and Control Evaluation

• CISA, CISSP, or CRISC certification

• 2+ years of experience with Cloud technologies (AWS, Azure, or GCP)

. Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level.