Expoint - all jobs in one place

The point where experts and best companies meet

Limitless High-tech career opportunities - Expoint

Capital One Director Policy Risk Reporting 
United States, Virginia, Arlington 
96766079

20.11.2024
Center 3 (19075), United States of America, McLean, Virginia Director, Policy and Risk Reporting

For years, the cybersecurity community has debated whether the CISO should report to the CIO or not. In regulated financial services, the answer is: both. The first-line CISO has operational responsibilities and reports to the CIO. The second-line Chief Tech Risk Officer (CTRO) and their Technology Risk Management (TRM) organization oversee cybersecurity but also have broader responsibilities for reliability, software quality, resilience, and other technology risks. The CTRO is independent, reports to the Chief Risk Officer, and oversees the work of the CISO and the CIO.

As the Director, Policy & Risk Reporting, you will provide thought leadership and strategic guidance as we update and maintain our portfolio of policies, standards, and procedures, as well as establish policy-level requirements for the first line. You will drive improvements to our reporting processes and ensure that materials meet our high bar for clarity, consistency, and message. You will oversee the coordination and drafting of our quarterly memo to the Risk Committee of the Board of Directors, partnering closely with our peers in the second line and our counterparts in the first line. You will support the development of technology and cyber risk content for a committee composed of members of the Executive Committee. Lastly, you will oversee additional risk reporting, including the TRM Forum and monthly business reviews.

The successful candidate will:

  • Be a seasoned leader with strong influence, problem solving, and judgment skills

  • Strong technical writing skills as well as verbal and visual communication

  • Be a strategic and critical thinker who has the ability to express a point of view supported by data (with both technical and non-technical audiences)

  • Possess a high Emotional Intelligence

  • Be a self-starter that can work autonomously and take initiative

  • Have the ability to navigate “white space” or ambiguous situations

  • Collaborate effectively with colleagues, stakeholders, and leaders across multiple organizations to get consensus

Basic Qualifications:

  • Bachelor’s degree or military experience

  • At least 5 years experience with policy development or risk reporting

  • At least 5 years experience in the financial services industry

  • At least 5 years experience in the technology, cybersecurity, or risk management

  • At least 2 years experience as a people leader

Preferred Qualifications:

  • Master’s degree

  • Familiarity with industry frameworks such as NIST CSF, NIST 800-53, and/or COBIT

  • Knowledge of supervisory expectations

  • At least 2 years of experience working in an Agile environment

  • At least 3 years experience as a people leader

  • Professional security management certifications, such as a Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) or Certified in Risk and Information Systems Controls (CRISC)

. Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level.

If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1-800-304-9102 or via email at . All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations.