At Capital One, we're building a leading information-based technology company. Still founder-led by Chairman and Chief Executive Officer Richard Fairbank, Capital One is on a mission to help our customers succeed by bringing ingenuity, simplicity, and humanity to banking. We measure our efforts by the success our customers enjoy and the advocacy they exhibit. We are succeeding because they are succeeding.

Guided by our shared values, we thrive in an environment where collaboration and openness are valued. We believe that innovation is powered by perspective and that teamwork and respect for each other lead to superior results. We elevate each other and obsess about doing the right thing. Our associates serve with humility and a deep respect for their responsibility in helping our customers achieve their goals and realize their dreams. Together, we are on a quest to change banking for good.

Cyber External Client Response

Cyber External Client Response, a component of Cyber within Capital One, is focused on risk and control management, capabilities assessments, API due diligence and compliance to cyber policies to address client oversight. The organization is responsible for supporting the governance activities to identify, assess, control, and manage cyber risk for services being contemplated for externalization by the Capital One organization.

Associates within Cyber External Client Response are highly-skilled information security, cyber, technology, or risk management professionals who have a wealth of experience and a demonstrated ability to self motivate in unknown environments while supporting appropriate control processes, and change management that ensure a well-managed organization.

This position will serve as the focal point for driving assessment responses, deal coordination and developing frameworks for managing Cyber risk. This position will serve as a focal point for understanding risk and developing risk management strategies to identify and mitigate risk for API and Product externalization. The demands and high-visibility nature of this position require an expert with a proven ability to work independently in a fast-paced environment who can begin contributing immediately.

Responsibilities:

• Engage and understand third party assessments and processes for the Cyber organization to promote a professional response to client requests

• Serve as the organization's focal point for identified risk of partnership deals and help prepare executives for participation in such engagements

• Document and define cyber risks and controls in the system of record and support monitoring for compliance with established requirements or remediation timelines

• Assist in drafting, scoping, and overseeing coordination of reports, or independent testing results for external consumption, or other internal or external bodies as appropriate

• Engage with business customers looking to progress the completion of independent control programs where Cyber is a key component function

Basic Qualifications:

• At least 6 years of experience managing, consulting, or auditing, in one of the following fields: Information Security, Cyber, or Risk Management

• At least 3 years of experience developing and managing internal governance processes and procedures

• At least 2 years of experience drafting cybersecurity or IT-related reports or analytic assessments for senior executives or Board committees

• At least 2 years of experience developing, analyzing, and reporting on cyber or IT risk metrics

• At least 1 year of experience drafting or monitoring technology controls

Preferred Qualifications:

• Bachelor's Degree or military experience

• Experience managing multiple high-visibility and high-impact projects while maintaining superior results

• Execution oriented and a self-motivator

• Superior verbal and written communication skills

• Demonstrates clear communication skills and interacts effectively at all levels of the organization and influences senior management and executives

• Deep expertise with producing and analyzing risk metrics and communicating the implications of the data to executives and other stakeholders throughout the enterprise

• Passion and expertise in cybersecurity and technology

• Confident, respectful, and articulate when registering dissenting opinions with colleagues and senior management

• Professional security management certifications, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) and CompTIA Advanced Security Practitioner (CASP)

At this time, Capital One will not sponsor a new applicant for employment authorization for this position.

Capital One is an equal opportunity employer committed to diversity in the workplace. Capital One promotes a drug-free workplace.

All qualified applicants will receive consideration for employment without regard to gender, race, color, religion, national origin, sexual orientation, protected veteran status, or disability status.

Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections 4901-4920; Newark, New Jersey Ordinance 12-1630; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries.