Principal Auditor - Cyber, Risk and Analysis Technology Audit

About This Role

Serve as a Principal Auditor specializing in Cyber, Risk and Analysis Technology Audit within Capital One's Audit function. This role involves evaluating and analyzing technology and cybersecurity risks, particularly in critical technology functions and cloud-based implementations.

Responsibilities

• Execute major components of audits, including critical technology functions, cloud-based infrastructure, cybersecurity, risk management, application, and third-party management
• Assist in leading components of small to medium size audits
• Perform risk assessments of business units and technology operations
• Design and execute audit procedures to verify the effectiveness of existing controls
• Identify and define issues, review and analyze evidence, and document client processes and procedures
• Communicate or assist in communicating the results of some audit projects to management via written reports and oral presentations
• Prepare clear, organized and complete documentation to support work performed
• Self prioritize and effectively plan own work activities managing multiple priorities and tasks
• Perform various aspects of engagement administration, including hours and budget tracking
• Provide periodic on-the-job coaching and direct supervision over less experienced associates

Requirements

• Bachelor’s Degree or military experience
• At least 4 years of experience in information technology, information security, information systems risk management, or information systems auditing
• At least 1 year of experience in cloud computing and controls
• At least 2 years of experience in managing components of audit engagements or project management
• At least 2 years of experience in analyzing data extracts to identify trends, patterns, and anomalies
• At least 1 year of experience in test scripting or coding

Qualifications

• Bachelor’s Degree or military experience
• At least 4 years of experience in information technology (operations, software delivery, access management, microservices), information security, information systems risk management, or information systems auditing. At least 1 year in cloud computing and controls, at least 2 years managing audit components or project management, and at least 2 years analyzing data extracts for trends and anomalies, including 1 year of test scripting or coding.

Nice to Have

• Certifications related to Cloud, Cyber or Technology Operations (e.g., Cloud provider certifications, CISSP, CISM)
• 1 year of experience with payment technologies (HPE Nonstop, IBM Mainframe, Mobile Payments, Tokenized services, cloud-based and virtualized environments, Windows and Linux operating environments)
• Certifications related to Auditing (e.g., CIA, CISA)
• 4+ years of experience with IT control frameworks
• 2+ years of experience in planning and leading audits
• 2+ years of experience auditing cyber or information security
• 1+ years of experience auditing emerging technologies
• 1+ years experience in cloud computing (AWS, GCP, Azure) and controls
• 1+ years of experience in risk and data management
• 1+ years of experience performing data analysis in support of internal auditing

Skills

* Required skills

Benefits