Expoint - all jobs in one place

The point where experts and best companies meet

Limitless High-tech career opportunities - Expoint

Capital One Manager Cyber Risk & Analysis 
United States, Virginia, Arlington 
339863721

26.06.2024
Center 3 (19075), United States of America, McLean, Virginia Manager, Cyber Risk & Analysis

Desired Outcomes:

  • Challenge and reinvent the methodology that the 1st and 2nd Lines of Defense will use to measure cybersecurity and technology risk within the existing ERM framework, including control efficacy

  • Research and develop data-driven assessment practices that will facilitate deeper risk conversations and surface insights in support of strategic decision-making

  • Evaluate and standardize various risk scoring methods for tech/cyber domains across the enterprise

  • Standardize the approach for TRM to prioritize the assessment scope to best focus our team on the areas of the greatest impact

  • Evolve the existing risk, process, control taxonomies to succinctly frame emerging threats and risks

  • Distill complex risk, process, and control relationships into simple designs and solutions

  • Introduce forward-looking risk measures

  • Demonstrate tech/cyber risk measurement advocacy and thought leadership, and train and mentor peers and executives across the enterprise to enable adoption of more modern analysis and assessment techniques

  • Constructively debate trade-offs between different assessment approaches with other 2nd Line and 1st Line partners

  • Enhance the business’ understanding ofregulatory/compliancerequirements and the implications to the firm

  • Mentor peers to meet their professional development goals

Basic Qualifications:

  • A bachelor’s degree or military experience

  • At least 4 years of experience managing, consulting, or auditing in the fields of information security, technology, or risk management

  • At least 3 years of experience developing and implementing industry risk frameworks, quantitative analysis, tools, and methodologies(COSO, quantitative analysis, Factor Analysis Information Risk (FAIR), Process, Risk & Control (PRC) library), and assessment methodologies (RCSA, scenario analysis, or new initiative risk assessments))

  • At least 1 professional security management certification (Open FAIR, Certified Information Systems Security Professional (CISSP), Certified Informations Systems Auditor (CISA), or Certified in Risk and Information Systems Control (CRISC))

Preferred Qualifications:

  • A master’s degree

  • Critical analytical thinker, including the ability to express a point of view supported by data (with both technical and non-technical audiences)

  • Excellent communication and teaching skills. Strong influencing and persuasion skills

  • Raises concerns early and knows when to escalate, including the ability to raise issues and facilitate constructive problem-solving at all levels of the organization

  • Passion and expertise in technology and cybersecurity domains, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions

  • Experience implementing risk quantification frameworks

  • Ability to collaborate effectively with colleagues, stakeholders, and leaders across multiple organizations to get consensus, socialize strategy, and achieve objectives

  • Ability to manage multiple parallel initiatives while maintaining superior results

  • Execution oriented and a self-motivator

  • Personal resilience - the ability to stay optimistic and keep people focused during crises or times of change

  • Experience in a second-line or oversight role at a financial institution or regulatory agency

  • Knowledge of supervisory expectations expressed in the FFIEC IT Handbook, Federal Reserve Supervisory Letters, Office of the Comptroller of the Currency Bulletins, and/or Federal Deposit Insurance Corporation Financial Institution Letters


New York City (Hybrid On-Site): $163,300 - $186,400 for Manager, Cyber Risk & AnalysisThis role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan.

. Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level.

If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1-800-304-9102 or via email at . All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations.