This job has closed.

Capital One · 1 day ago

Principal Associate, TDRM Controls Review

Richmond, VA

Full-time

Onsite

Mid, Senior Level

$121K/yr - $138K/yr

3+ years exp

Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. The Principal Associate, TDRM Controls Review will provide technical expertise in assessing the effectiveness of the company’s technology controls environment and collaborate with various lines of business to enhance technology risk management capabilities.

BankingCredit CardsFinanceFinancial Services

Comp. & Benefits

No H1B

Responsibilities

Perform independent controls review of the company’s cybersecurity and technology control environment

Perform assessments of first line control testing programs to determine sufficiency of processes and effectiveness of execution

Provide technical assessments of technology control design and effectiveness by performing independent testing

Draft assessments for senior management and other stakeholders, to include regulatory agencies and the Board of Directors, as required

Provide challenge, expertise and advice on enhancing the design, effectiveness, and maturity of the company’s technology controls and capabilities

Participate in management of the overall technology control inventory which defines the scope of the controls review program

Stay current on emerging cyber threats, technologies, controls, and potential implications for the company

Collaborate effectively with colleagues, stakeholders, and leaders across multiple organizations to achieve objectives

Coordinate program-related activities and deliverables to ensure effective collaboration within the team and across stakeholder groups

Qualification

NIST Cybersecurity FrameworkCOBIT v5COSOFedRAMPInformation SecurityCybersecurity PracticesTechnical AssessmentsAutomated Testing ToolsCISSPCISMCRISCCCSPAWS Cloud Practitioner

Required

Bachelor's degree or military experience

At least 3 years of experience testing technology controls based on established industry risk frameworks, including: the National Institute of Standards and Technology (NIST) Cybersecurity Framework, Control Objectives for Information and Related Technology (COBIT v5), Committee of Sponsoring Organizations (COSO), or Federal Risk and Authorization Management Program (FedRAMP)

At least 3 years of experience managing, consulting, auditing, or working in the fields of information security or information technology

At least 3 years of experience with cybersecurity and technology practices

Preferred

Professional security management certifications, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified in Risk and Information Systems Control (CRISC), Certified Cloud Security Professional (CCSP), AWS Cloud Practitioner Certification

Experience using automated testing tools