Apply on Employer Site

Capital One · 4 weeks ago

Principal Associate, TRM Controls Review

McLean, VA

Full-time

Onsite

Senior Level, Lead/Staff

$117K/yr - $134K/yr

3+ years exp

Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. This position will play a key role in the organization’s second line of defense independent controls review program by providing technical expertise in assessing the overall effectiveness of the company’s technology controls environment.

Financial Services

Comp. & Benefits

No H1B

Responsibilities

Perform independent controls review of the company’s cybersecurity and technology control environment

Perform assessments of first line control testing programs to determine sufficiency of processes and effectiveness of execution

Provide technical assessments of technology control design and effectiveness by performing independent testing

Draft assessments for senior management and other stakeholders, to include regulatory agencies and the Board of Directors, as required

Provide challenge, expertise and advice on enhancing the design, effectiveness, and maturity of the company’s technology controls and capabilities

Participate in management of the overall technology control inventory which defines the scope of the controls review program

Stay current on emerging cyber threats, technologies, controls, and potential implications for the company

Collaborate effectively with colleagues, stakeholders, and leaders across multiple organizations to achieve objectives

Coordinate program-related activities and deliverables to ensure effective collaboration within the team and across stakeholder groups

Qualification

CybersecurityTechnology controlsRisk managementNIST Cybersecurity FrameworkCOBIT v5CISMCISSPSoft skills

Required

Bachelor's degree or military experience

At least 3 years of experience testing technology controls based on established industry risk frameworks, including: the National Institute of Standards and Technology (NIST) Cybersecurity Framework, Control Objectives for Information and Related Technology (COBIT v5), Committee of Sponsoring Organizations (COSO), or Federal Risk and Authorization Management Program (FedRAMP)

At least 3 years of experience managing, consulting, auditing, or working in the fields of information security or information technology

At least 3 years of experience with cybersecurity and technology practices

Preferred

Professional security management certifications, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified in Risk and Information Systems Control (CRISC), Certified Cloud Security Professional (CCSP), AWS Cloud Practitioner Certification

Experience using automated testing tools