Finding the best job has never been easier
Share
For years, the cybersecurity community has debated whether the CISO should report to the CIO or not. In regulated financial services, the answer is: both. The first-line CISO has operational responsibilities and reports to the CIO. The second-line Chief Tech Risk Officer (CTRO) and the Technology Risk Management (TRM) organization have broader responsibilities for cybersecurity but also reliability, software quality, resilience, and other technology risks. The CTRO is independent, reports to the Chief Risk Officer, and oversees the work of the CISO and the CIO.
Manager - Technology Risk Management Policy Governance:
The individual for this role should be comfortable dealing with complex challenges and problem-solving autonomously, including the ability to research solutions independently. The individual should be a thought leader who can react in and work successfully in ambiguous environments. The individual should be a proficient writer and verbal communicator who is comfortable presenting to large audiences of senior level stakeholders. The individual should have a desire for rapid learning and growth opportunities.
Responsibilities:
Develop PSPs overseeing the technology and cybersecurity functions in the First Line of Defense, as well as PSPs directed to self-govern TRM in the Second Line of Defense.
Manage the policy management system to drive draft PSPs through publication.
Work with Subject Matter Experts (SMEs) to gather information and create or revise documents; assisting with committee meetings.
Research industry frameworks, regulatory guidance, legal citations, and Capital One PSPs owned outside of TRM to distill clear, concise, actionable policy directives for TRM’s PSPs.
Draft proposals and socialization materials for senior management and other stakeholders, to potentially include regulatory agencies, Internal Audit, and Capital One C-Suite stakeholders, as needed.
Exhibit a subject matter expertise in the processes TRM uses to provide oversight, analysis, effective challenge, and risk-informed decision-making.
Remain current on emerging enterprise-level technology risks and risk management approaches.
Collaborate effectively with stakeholders and leaders across multiple organizations to achieve objectives, including the ability to present to and drive influence of senior management stakeholders.
Coordinate program-related activities and deliverables to ensure effective collaboration within the team and across stakeholder groups.
Possess strong organizational skills; prioritize assignments and multi-task to meet multiple project deadlines.
Demonstrate strong attention to detail.
Work independently and collaboratively on a team.
Basic Qualifications:
Bachelor’s degree or military experience
At least 4 years of policy or governance experience within technology or cybersecurity
Preferred Qualifications:
5+ years of experience with financial services technology or cybersecurity risk management
2+ years of experience using Agile tools
Familiarity with theAgile Project Management methodology
Experience performing policy or standard adherence monitoring activities
Experience responding to requests from internal audit or external regulatory agencies
Familiarity with financial sector regulatory practices and second line of defense effective challenge
Professional security management certification such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified in Risk and Information Systems Control (CRISC)
Familiarity with the National Institute of Standards and Technology Cybersecurity Framework, National Institute of Standards and TechnologySpecial Publication800.53, Committee of Sponsoring Organizations of the Treadway Commission Risk Framework, International Organization for Standardization27001, andControl Objectives for Information and Related Technologies5 (COBIT 5), Information Technology Infrastructure Library version 4 (ITIL v4), etc.
Familiarity with Federal Financial Institutions Examination Council's Examination Guidance, The Gramm-Leach-Bliley Act (GLBA), General Data Protection Regulation (GDPR),California Privacy Rights Act(CPRA), etc.
Program, product, or process innovation experience or experience as a change agent
. Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level.
If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1-800-304-9102 or via email at . All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations.
These jobs might be a good fit