Senior Associate, Technology Controls Testing - Enterprise Services Risk

About This Role

This role involves applying risk management skills to Capital One's Technology organization. The Senior Associate will partner with various teams to develop and support industry risk solutions, focusing on cybersecurity requirements and regulations.

Responsibilities

• Perform independent control testing activities and document results
• Use code (e.g., Python/SQL) to perform and automate analysis and repeatable tasks, leveraging tools to extract and visualize data
• Maintain a broad understanding of operating systems and their vulnerabilities to identify severity of potential issues
• Demonstrate understanding of major categories of cyber threats and measures to safeguard the enterprise
• Leverage reporting and tools to analyze different projects and datasets, using data to inform policies and drive change
• Understand technology systems at an aggregate level, including networks, applications, cloud computing, and data
• Analyze data, assess risk, and prioritize vulnerabilities, escalating critical issues appropriately
• Research, assemble, and evaluate information on industry practices or regulatory changes affecting cybersecurity policies
• Make recommendations regarding changes to policy, procedures, and control programs to mitigate evolving risks
• Effectively self-challenge cyber control programs as part of first-line duties and escalate risks as appropriate
• Report on vulnerability assessments to ensure proper functionality and alignment with Information Security Standards

Requirements

• High School Diploma, GED or Equivalent Certification
• At least 2 years of experience in Risk Management, Process Management, or Project Management
• At least 2 years of experience in technology or cyber security risk management
• At least 1 year of experience working with at least one scripting language

Qualifications

• High School Diploma, GED or Equivalent Certification
• At least 2 years of experience in Risk Management, Process Management, Project Management, and at least 2 years in technology or cybersecurity risk management, with at least 1 year experience with a scripting language.

Nice to Have

• Bachelor's Degree or Military Experience
• 2+ years of experience testing Technology controls
• Risk Certifications (CRISC, CISM, CRCM, CIPP, CISA, CISSP, ABA Risk Mgmt Certification)
• 3+ years of Risk Management experience in Cyber or Information Security
• Project Management experience leading cross functional projects in Risk
• Experience with AWS, GCP, or Azure cloud technologies
• Strong communication and presentation skills
• Experience with security operations, data loss prevention, or access management
• Scripting experience in Python or SQL

Skills

* Required skills

Benefits