Capital One Principal Associate Governance Risk Identification Testing 

United States, Virginia, Arlington 

934269299

As a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing

Essential Functions (Responsibilities):

• Perform independent controls review of the company’s cybersecurity and technology control environment

• Perform assessments of first line control testing programs to determine sufficiency of processes and effectiveness of execution

• Provide technical assessments of technology control design and effectiveness by performing independent testing

• Draft assessments for senior management and other stakeholders, to include regulatory agencies and the Board of Directors, as required

• Provide challenge, expertise and advice on enhancing the design, effectiveness, and maturity of the company’s technology controls and capabilities

• Participate in management of the overall technology control inventory which defines the scope of the controls review program

• Stay current on emerging cyber threats, technologies, controls, and potential implications for the company

• Collaborate effectively with colleagues, stakeholders, and leaders across multiple organizations to achieve objectives

• Coordinate program-related activities and deliverables to ensure effective collaboration within the team and across stakeholder groups

Basic Qualifications:

• Bachelor’s degree or military experience

• At least 3 years of experience testing technology controls based on established industry risk frameworks, including: the NIST Cybersecurity Framework, COBIT v5, COSO or FedRAMP

• At least 3 years of experience managing, consulting, auditing or working in the fields of information security or information technology

• At least 3 years of experience with cybersecurity and technology practices

Preferred Qualifications:

• Professional security management certifications, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified Cloud Security Professional (CCSP), AWS Cloud Practitioner Certification

• Experience using automated testing tools

At this time,will not sponsor a new applicant for employment authorization for this position.

. Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level.