Capital One Principal Risk Specialist - Technology Risk, Controls Validation in McLean, Virginia

McLean 1 (19050), United States of America, McLean, Virginia

At Capital One, we’re building a leading information-based technology company. Still founder-led by Chairman and Chief Executive Officer Richard Fairbank, Capital One is on a mission to help our customers succeed by bringing ingenuity, simplicity, and humanity to banking. We measure our efforts by the success our customers enjoy and the advocacy they exhibit. We are succeeding because they are succeeding.

Guided by our shared values, we thrive in an environment where collaboration and openness are valued. We believe that innovation is powered by perspective and that teamwork and respect for each other lead to superior results. We elevate each other and obsess about doing the right thing. Our associates serve with humility and a deep respect for their responsibility in helping our customers achieve their goals and realize their dreams. Together, we are on a quest to change banking for good.

Principal Risk Specialist - Technology Risk, Controls Validation

Cyber Risk Management, a component of Enterprise and Operational Risk Management (EORM) within Capital One,

is a growing organization focused on providing expert advice, credible challenge, and effective oversight of

information security and technology activities to identify, assess, control, and manage cyber risk throughout the

company. This organization plays a critical role in helping to ensure that the company’s risk taking entities are aware

of the risks inherent in their activities and decisions, the impact of their actions on the company at an enterprise level,

and opportunities to reduce, mitigate, or avoid risks altogether. Associates within the Cyber Risk Management

organization are highly-skilled information security, cyber, technology, or risk management professionals who have a

wealth of experience and a demonstrated ability to provide value-added recommendations and deliver high-impact

results in their areas of expertise.

This position – Principal Associate, Horizontal Risk – will play a key role in the organization’s independent controls

validation program by developing and executing control validation, preparing independent assessments of controls

effectiveness and drafting reports for senior management. As part of the second line of defense, you will collaborate

closely with associates in Technology, the Lines of Business, and other risk management offices throughout the firm

to perform and support evaluations of the effectiveness of the firm’s technology controls infrastructure, and offer

independent advice and recommendations regarding ways to further mature the firm’s technology and risk

management capabilities.

As a member of a growing organization, you will have the opportunity to shape and further refine your portfolio

commensurate with the priorities of the organization and the firm. The demands and high-visibility nature of this

position requires an expert with a proven ability to work independently in a fast-paced environment and who can

begin contributing immediately.

Essential Functions (Responsibilities):

● Develop and execute test plans for controls validation of the firm’s complex technology controls

environment, and provide expertise and advice on enhancing the design, effectiveness, and maturity of the

firm’s technology capabilities

● Provide assessments of technology controls design and operating effectiveness, including the extent to

which the controls address applicable risks and regulatory requirements

● Draft assessments for senior management and other stakeholders, to include regulatory agencies and the

Board of Directors, as required

● Stay current on emerging technology threats, trends, controls, and potential implications for the firm

● Collaborate effectively with colleagues across multiple organizations to achieve objectives

● Coordinate program-related activities and deliverables to ensure effective collaboration within the team and

across stakeholder groups

Basic Qualifications:

● A bachelor’s degree or military experience

● At least 3 years of experience in performing controls validation assessments or control testing functions

based on established industry risk frameworks: the NIST Cybersecurity Framework OR COBIT v5,


● At least 3 years of experience auditing or working in the fields of information technology or risk management

● At least 2 years of experience working with information technology-related regulatory requirements

Preferred Qualifications:

● Professional security management certifications, such as a Certified Information Systems Security

Professional (CISSP), Certified Information Security Manager (CISM), or Certified in Risk and Information

Systems Control (CRISC)

● Excellent verbal and written communication skills

● Ability to communicate clearly and to interact effectively at multiple levels of the organization, and to

influence as warranted and appropriate

● Passion and expertise in information technology, with an ability to be confident, respectful, and articulate

when registering dissenting or unpopular opinions

● Ability to manage multiple projects while maintaining superior results

At this time, Capital One will not sponsor a new applicant for employment authorization for this position.