Senior Associate, Technology Controls Testing - Enterprise Services Risk

About This Role

As a Senior Associate, you will apply risk management skills to Capital One's Technology organization, partnering with various teams to develop and support industry risk solutions. You will monitor and test processes and control environments, evaluate compliance with Cyber Security requirements, and drive insights into risk and control performance.

Responsibilities

• Perform independent control testing activities and document results
• Use code and tools (Python/SQL) to perform analysis, extract, and visualize data for testing efforts
• Maintain a broad understanding of relevant operating systems, their vulnerabilities, and major cyber threats
• Leverage reporting and tools to analyze various projects and datasets to inform policies and drive change
• Possess an understanding of technology systems at an aggregate level (networks, applications, cloud, data)
• Quickly analyze data, assess risk, prioritize vulnerabilities, and escalate issues appropriately
• Research, assemble, and evaluate information regarding industry practices or regulatory changes affecting cyber security policies
• Make recommendations regarding changes to policy, procedures, and control programs to mitigate evolving risks
• Effectively self-challenge cyber control programs as part of first line duties and escalate risks where appropriate
• Report on vulnerability assessments to ensure proper functionality and alignment with Information Security Standards

Requirements

• High School Diploma, GED or Equivalent Certification
• At least 2 years of experience in Risk Management, Process Management, Project Management, or a combination of these
• At least 2 years of experience in technology or cyber security risk management
• At least 1 year of experience working with at least one scripting language

Qualifications

• High School Diploma, GED or Equivalent Certification
• At least 2 years of experience in Risk Management, Process Management, Project Management, or a combination, with at least 2 years in technology or cyber security risk management and at least 1 year with a scripting language.

Nice to Have

• Bachelor's Degree or Military Experience
• 2+ years of experience testing Technology controls
• Risk Certifications (CRISC, CISM, CRCM, CIPP, CISA, CISSP, ABA Risk Mgmt Certification)
• 3+ years of Risk Management experience in Cyber or Information Security
• Project Management experience leading cross functional projects in Risk
• Experience with AWS, GCP, or Azure cloud technologies
• Strong communication and presentation skills
• Experience with security operations, data loss prevention, or access management
• Scripting experience in Python or SQL

Skills

* Required skills

Benefits