Apply on Employer Site

Capital One · 2 months ago

Director, Information Security Officer

Plano, TX

Full-time

Onsite

Director/Executive

$264K/yr - $301K/yr

7+ years exp

Capital One is a leading financial services company focused on cybersecurity. As the Director, Information Security Officer, you will lead end-to-end security for strategic projects, collaborating with business and technology partners to manage risks and drive innovation while ensuring the security of data and systems.

BankingCredit CardsFinanceFinancial Services

Comp. & Benefits

No H1B

Responsibilities

Be a leader at a premiere technology and financial services company

Be responsible for delivery of end to end security for strategic projects, including but not limited to mergers and acquisitions

Deliver divisional cyber strategy integration and execution, identification and management of risk for top business initiatives and technology platforms, threat and vulnerability management, incident management, supply chain cyber risk management, cyber risk oversight and reporting

Deliver Cyber agenda and integration of Information Security within business objectives for line of business area

Serve as the central point of contact for your line of business technology executives into Capital One’s Cyber risk management priorities

Educate and influence executive leadership and associates to effectively leverage security capabilities and solutions to mitigate risks and emerging threats

Provide security expertise on prioritizing and managing information security risks and initiatives

Escalate and manage cyber security risk

Provide regular updates to executive leadership with your line of business on the overall information security health and risk environment

Work with business leadership to anticipate their objectives and needs to better serve them

Be an advocate for security, business and digital innovation. Instills a culture that works toward the highest standards in cyber (safeguard the business) while ensuring that business requirements are understood and adhered to (enabling the business)

Plays a key leadership role within Cyber’s community of leaders, drives innovation activity as an outcome; partner extensively with other Cyber and Technology organizations to derive solutions enabling industry leading products

Build relationships and influence with risk management functions across lines of defense

Become knowledgeable and advise on Capital One’s Cyber’s services, policies, procedures and standards

Staying current on the changing regulatory environment and understanding the impacts to the organization

Qualification

Information SecurityCybersecurity Risk ManagementCloud Security AWSCloud Security GCPCloud Security AzureSecurity Risk AssessmentsIncident ResponseVulnerability ManagementSecurity AutomationCompliance FrameworksE-commerce SecurityData-Driven Decision MakingLeadershipCommunication SkillsTeam CollaborationProblem SolvingAdaptabilityIntegrity

Required

Bachelor's degree

At least 7 years of experience in Information Security

At least 5 years of experience in people management

At least 5 years of experience with cyber policies, standards, and procedures

At least 5 years of experience in securing public cloud environments and services (AWS, GCP, Azure)

You are a demonstrated leader with team-oriented interpersonal skills and the ability to interface effectively with a broad range of people and roles, including business executives, technology leaders, and enterprise suppliers

You have expertise securing large-scale e-commerce platforms, with deep understanding of payments systems, customer data protection across high transaction environments ensuring protection of user data across internal and partner ecosystems

You are a focused individual who thrives in a fast-paced, dynamic, and collaborative team environment

You have a deep passion for securing forward leaning, modern computing platforms

You have intuitive knowledge and experience with Offensive and Defensive Security techniques

You are comfortable with technologies and innovation including, Generative AI, Data Lakes, Cloud Services, Containers, Microservices, Serverless, APIs, DevOps, Encryption and Zero Trust

You have a strong desire to continually learn about new technologies

You enjoy leveraging your engineering experience to problem solve and continually learn new technology concepts to solve issues

You display strong judgment, data/risk based decisioning, leadership, integrity, and communication skills

You are able to tailor communications and analysis to the intended audience

You have a passion and expertise in cybersecurity, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions

You maintain calmness and clarity of thought under pressure and ability to maintain confidentiality

You are able to work well under minimal supervision

You have a deep understanding of strategic business objectives and the ability to drive results toward those objectives

You have the ability to describe the risks of a security exposure or vulnerability in business-impact terms

Preferred

Masters degree or PhD in Computer Science, Information Systems, or Engineering

10+ years experience in technology and cybersecurity risk

7+ years experience in leading applications security, vulnerability management and incident response

7+ years experience performing security risk assessments

5+ years experience in security automation and integrating security into software development pipelines

5+ years experience working with industry frameworks and compliance requirements (NIST CSF, FFIEC CAT, CIS RAM, FAIR, PCI DSS)

2+ years experience with information technology audit or compliance management

2+ years in payment security including securing digital payments and payment cryptography

2+ years experience utilizing agile methodologies within DevOps environments

Industry-recognized professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), AWS Certified Solutions Architect, Certified Information Security Manager (CISM)

4+ years experience in the e-commerce industry

4+ years experience in a regulated environment

2+ years experience in financial services industry

2+ years of experience in security integration for Mergers and Acquisitions