Director, Technology & Data Risk Management
Capital One, Chicago, Illinois, United States, 60290
The Director, Technology & Data Risk Management will play a key role in the organization’s second line of defense independent controls review program by providing technical expertise in assessing the overall effectiveness of the company’s technology (including both cybersecurity and technology) and data management controls environment. This position will lead evaluations of first line monitoring and testing results, direct the performance of independent testing of first line technology controls to independently evaluate control design and operating effectiveness, and draft reports for senior management.
As part of the second line of defense, you will collaborate closely with associates in the first line cyber and broader technology organization, as well as risk management offices in the various lines of business, to perform and support evaluations of the effectiveness of the company’s technology controls infrastructure, and offer independent advice and recommendations regarding ways to further mature the company’s technology risk management capabilities. * Direct independent controls reviews of cybersecurity, data management and technology control environments for both legacy Capital One and Discover* Lead integration efforts related to the assessment of Discover’s technology and data management controls* Perform detailed reviews of team’s assessments of first line control testing programs to determine sufficiency of processes and effectiveness of execution* Help with crafting the strategic vision of the team, including how to use GenAI to increase team efficiency and effectiveness* Perform detailed reviews of team’s assessments of first line’s evaluation of mapping to industry requirements or frameworks in cybersecurity* Provide technical assessments of technology and data management control design and effectiveness by advising on/performing independent testing when necessary* Develop presentations for senior management and other stakeholders, to include regulatory agencies and the Board of Directors, as required* Provide challenge, expertise and advice on enhancing the design, effectiveness, and maturity of the company’s technology and data management controls and capabilities* Mentor and develop associates to meet their professional development goals* Collaborate effectively with colleagues, stakeholders, and leaders across multiple organizations to achieve objectives* Coordinate program-related activities and deliverables to ensure effective collaboration within the team and across stakeholder groups* Collaborate effectively and build trusted relationships with colleagues, stakeholders, and leaders across multiple organizations to achieve objectives* Communicate in a compelling manner to any audience, including internal and external stakeholders* Superb communication skills that include active listening and executive presentation skills* Proven critical analytical behavior, including and the ability to express a point of view supported by data (with both technical and non-technical audiences)* Expertise in technology, cybersecurity and data management domains, with an ability to identify risks, assess controls and to propose recommendations for enhancing the tech and data control environment* Excellent influencing skills across all levels of the organization, tailoring the style and content to meet the needs of the audience* The ability to understand the materiality of feedback from stakeholders, knowing when to act and when to listen, including driving discussions to find resolution where required.* A Track record of providing strategic direction to teams, peers, and stakeholders to drive results, solve problems, and influence outcomes* Bachelor's Degree or military experience* At least 9 years of experience in technology, audit, information technology or risk management* At least 5 years of supervisory or leadership experience* At least 3 years of experience in the financial services industry* Masters degree in Cybersecurity, Data Analytics, or Information Technology* Professional security management certifications, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA)Experience with Python, SQL, and/or advanced excel functions (Pivot tables, VLOOKUP, etc.)* Experience with using or auditing GenAI technology* One or more of the following professional certifications: AWS Solutions Architect - Associate, AWS Solutions Architect - Professional, AWS Certified Security Specialty, AWS Developer - Associate, AWS Devops Engineer Professional, ISC2 Certified Cloud Security Professional (CCSP), or similar cloud security certificationsCapital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. #J-18808-Ljbffr
As part of the second line of defense, you will collaborate closely with associates in the first line cyber and broader technology organization, as well as risk management offices in the various lines of business, to perform and support evaluations of the effectiveness of the company’s technology controls infrastructure, and offer independent advice and recommendations regarding ways to further mature the company’s technology risk management capabilities. * Direct independent controls reviews of cybersecurity, data management and technology control environments for both legacy Capital One and Discover* Lead integration efforts related to the assessment of Discover’s technology and data management controls* Perform detailed reviews of team’s assessments of first line control testing programs to determine sufficiency of processes and effectiveness of execution* Help with crafting the strategic vision of the team, including how to use GenAI to increase team efficiency and effectiveness* Perform detailed reviews of team’s assessments of first line’s evaluation of mapping to industry requirements or frameworks in cybersecurity* Provide technical assessments of technology and data management control design and effectiveness by advising on/performing independent testing when necessary* Develop presentations for senior management and other stakeholders, to include regulatory agencies and the Board of Directors, as required* Provide challenge, expertise and advice on enhancing the design, effectiveness, and maturity of the company’s technology and data management controls and capabilities* Mentor and develop associates to meet their professional development goals* Collaborate effectively with colleagues, stakeholders, and leaders across multiple organizations to achieve objectives* Coordinate program-related activities and deliverables to ensure effective collaboration within the team and across stakeholder groups* Collaborate effectively and build trusted relationships with colleagues, stakeholders, and leaders across multiple organizations to achieve objectives* Communicate in a compelling manner to any audience, including internal and external stakeholders* Superb communication skills that include active listening and executive presentation skills* Proven critical analytical behavior, including and the ability to express a point of view supported by data (with both technical and non-technical audiences)* Expertise in technology, cybersecurity and data management domains, with an ability to identify risks, assess controls and to propose recommendations for enhancing the tech and data control environment* Excellent influencing skills across all levels of the organization, tailoring the style and content to meet the needs of the audience* The ability to understand the materiality of feedback from stakeholders, knowing when to act and when to listen, including driving discussions to find resolution where required.* A Track record of providing strategic direction to teams, peers, and stakeholders to drive results, solve problems, and influence outcomes* Bachelor's Degree or military experience* At least 9 years of experience in technology, audit, information technology or risk management* At least 5 years of supervisory or leadership experience* At least 3 years of experience in the financial services industry* Masters degree in Cybersecurity, Data Analytics, or Information Technology* Professional security management certifications, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA)Experience with Python, SQL, and/or advanced excel functions (Pivot tables, VLOOKUP, etc.)* Experience with using or auditing GenAI technology* One or more of the following professional certifications: AWS Solutions Architect - Associate, AWS Solutions Architect - Professional, AWS Certified Security Specialty, AWS Developer - Associate, AWS Devops Engineer Professional, ISC2 Certified Cloud Security Professional (CCSP), or similar cloud security certificationsCapital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. #J-18808-Ljbffr