Capital One Sr. Risk Specialist, Cyber Security Risk, Controls Validation in McLean, Virginia

McLean 1 (19050), United States of America, McLean, Virginia

At Capital One, we’re building a leading information-based technology company. Still founder-led by Chairman and Chief Executive Officer Richard Fairbank, Capital One is on a mission to help our customers succeed by bringing ingenuity, simplicity, and humanity to banking. We measure our efforts by the success our customers enjoy and the advocacy they exhibit. We are succeeding because they are succeeding.

Guided by our shared values, we thrive in an environment where collaboration and openness are valued. We believe that innovation is powered by perspective and that teamwork and respect for each other lead to superior results. We elevate each other and obsess about doing the right thing. Our associates serve with humility and a deep respect for their responsibility in helping our customers achieve their goals and realize their dreams. Together, we are on a quest to change banking for good.

Sr. Risk Specialist, Cyber Security Risk, Controls Validation

Sr. Associate - Cyber Security

Job Description: Sr. Associate, Cyber Risk Management

Cyber Risk Management, a component of Enterprise and Operational Risk Management (EORM) within Capital One,

is a growing organization focused on providing expert advice, credible challenge, and effective oversight of

information security and technology activities to identify, assess, control, and manage cyber risk throughout the

company. This organization plays a critical role in helping to ensure that the company’s risk taking entities are aware

of the risks inherent in their activities and decisions, the impact of their actions on the company at an enterprise level,

and opportunities to reduce, mitigate, or avoid risks altogether. Associates within the Cyber Risk Management

organization are highly-skilled information security, cyber, technology, or risk management professionals who have a

wealth of experience and a demonstrated ability to provide value-added recommendations and deliver high-impact

results in their areas of expertise.

This position – Sr. Associate, Horizontal Risk – will play a key role in the organization’s independent controls

validation program by developing and executing tests of technical cybersecurity controls with the objective of

identifying security gaps, preparing independent assessments of controls effectiveness, and drafting reports for

senior management. As part of the second line of defense, you will collaborate closely with associates in Cyber to

perform and support evaluations of the effectiveness of the firm’s cybersecurity controls infrastructure and offer

independent advice and recommendations regarding ways to further mature the firm’s cybersecurity and risk

management capabilities.

As a member of a growing organization, you will have the opportunity to shape and further refine your portfolio

commensurate with the priorities of the organization and the firm. The demands and high-visibility nature of this

position requires an expert with a proven ability to work independently in a fast-paced environment and who can

begin contributing immediately.

Essential Functions (Responsibilities):

● Execute testing of technical cybersecurity controls

● Operate technology tools to simulate cybersecurity attacks and exploit attempts to assess the efficacy of

cybersecurity controls and tools

● Draft findings and recommendations based on the results of controls testing, and track and drive

remediation activities based on these findings

● Draft assessments for senior management and other stakeholders, to include regulatory agencies and the

Board of Directors, as required

● Stay current on emerging cyber threats, controls, and potential implications for the firm

● Collaborate effectively with colleagues, stakeholders, and leaders across multiple organizations to achieve


Basic Qualifications:

● A bachelor’s degree or military experience

● At least 2 years of experience working with the principles of Computer Network Exploitation (CNE) offensive cyber operations,

adversarial cyber Tools, Techniques, and Procedures (TTPs)

● At least 2 years of experience with using established industry risk frameworks: the NIST Cybersecurity Framework OR COBIT v5, COSO

● At least 2 years of experience testing or operating technical Cybersecurity controls

● At least 2 years of experience testing controls

Preferred Qualifications:

● At least 2 years of experience with Cybersecurity testing tools

● Professional security management certifications, such as a Certified Information Systems Security

Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information

Systems Control (CRISC), or Certified Ethical Hacker (CEH)

● Excellent verbal and written communication skills

● Ability to communicate clearly and to interact effectively at multiple levels of the organization, and to

influence as warranted and appropriate

● Passion and expertise in cybersecurity, with an ability to be confident, respectful, and articulate when

registering dissenting or unpopular opinions

● Ability to manage multiple projects while maintaining superior results

● Ability to work cross-functionally and individually

● Execution oriented and a self-motivator

At this time, Capital One will not sponsor a new applicant for employment authorization for this position.