Principal Risk Associate | Retail Bank Tech jobs in United States
cer-icon
Apply on Employer Site
company-logo

Capital One · 15 hours ago

Principal Risk Associate | Retail Bank Tech

positionMcLean, VA
timeFull-time
remoteOnsite
senioritySenior Level, Lead/Staff
money$131K/yr - $150K/yr
date4+ years exp

Capital One is a leading financial services company, and they are seeking a Principal Risk Associate to join their Tech, Cyber, Data, and Resiliency (TCDR) team. The role involves proactively identifying, measuring, and mitigating complex TCDR risks while fostering innovation and collaboration across various teams.

BankingCredit CardsFinanceFinancial Services
check
Comp. & BenefitsbadNo H1Bnote

Responsibilities

Serve as the go-to Tech Risk Partner for assigned engineering and technology teams, providing a "white glove service" approach to ensure all necessary risk management support, guidance, and resources are provided promptly
Proactively work with technical teams to develop and execute clear pathways to achieve compliance, drafting audit responses and reducing regulatory exposure and control failures
Ensure all TCDR governance questions, requirements, and compliance checks are addressed and integrated into new service intake processes, preventing downstream risk and redesign efforts
Participate in Material Tech Change (MTC) reviews to proactively identify and vet potential risk scenarios, assess threat models, and ensure controls are updated to reflect the planned changes to the technology environment
Support RCSA with facilitating cross-functional risk workshops to identify and evaluate inherent risks and control effectiveness, documenting clear conclusions and insights across these technical domains
Conduct thorough control analysis to identify design gaps, missing documentation, or outdated controls, partnering with business leaders to perform risk leveling and ensure appropriate control coverage
Prepare high-quality executive reports that summarize the Tech, Cyber, Data, and Resiliency point of view on technology risks derived from the RCSA process
Foster collaborative relationships with stakeholders across the Second Line and Third-Party Risk Management to ensure risk alignment
Monitor the progress of remediation activities, following up on outstanding control actions or delays to ensure timely risk mitigation
Support control dissertation by managing spreadsheets with up-to-date RCSA materials and comprehensive summaries
Subject Matter Expert for metrics in four categories: Compliance, Resiliency, Release Management, and Stability
Develop and maintain a living standard spreadsheet detailing current metrics, defined metric thresholds, non-compliance triggers, and the associated risk of non-compliance for all four categories
Establish and execute a daily process to report on non-compliant metrics to business partners and engaging engineers
Contribute to the monthly executive deck by explaining the drivers for non-compliance and proposing the path to achieving compliance
Provide detailed quarterly reporting on non-compliant metrics for executive governance forums
Monitor the progress of remediation activities and follow up on outstanding controls actions or delays
Immediately investigate and validate the reported critical incidents and the impact caused by the incident
Document all steps taken, the root cause theory, final resolution/workaround, and the lesson learned to prevent it from occurring again
Feed trend data from repeated technology outage incidents back into the Risk and Control Self-Assessment (RCSA) program to update control narratives or increase the criticality rating of the related control

Qualification

Cyber Risk AnalysisRisk ManagementComplianceAuditControl TestingTechnology RiskBusiness ContinuityRisk Metrics ManagementRegulatory GovernanceStakeholder ManagementAnalytical SkillsCritical Incident ManagementContinuous ImprovementTechnical ExpertiseExecutive ReportingControl AnalysisRisk WorkshopsTrend AnalysisLessons Learned DocumentationNon-compliance ReportingMetric Thresholds ManagementClient RelationshipsConsulting ExperienceRisk LevelingControl CoverageIncident InvestigationCommunication SkillsProblem SolvingTeam CollaborationReporting Skills

Required

At least 3 years of Cyber & Tech Risk Analysis experience
At least 3 years of experience in Risk Management, Compliance, Audit, or Control Testing

Preferred

4+ years of experience in a dedicated role focused on Technology Risk, Cyber Risk, or Business Continuity
2+ years of consulting experience with client and stakeholder relationships
Excellent written and verbal communication skills, including experience presenting complex risk topics to executive audiences
Relevant professional certification (e.g., CRISC, CISA, or other risk/audit certifications)

Benefits

Performance based incentive compensation
Cash bonus(es)
Long term incentives (LTI)
Comprehensive, competitive, and inclusive set of health, financial and other benefits

Company

Capital One

twittertwittertwitter
Glassdoor3.9
company-logo
Capital One is a financial services company that provides banking, credit card, auto loan, savings, and commercial banking services.
dateFounded in 1994
location
Mclean, Virginia, USA
people-size10001+ employees
web-link
http://www.capitalone.com

Funding

Current Stage
Public Company
Total Funding
$5.45B
Key Investors
Berkshire Hathaway
2025-09-11Post Ipo Debt· $2.75B
2025-01-30Post Ipo Debt· $1.75B
2023-05-15Post Ipo Equity· $954M

Leadership Team

leader-logo
Lo Li
CTO, Managing Vice President Retail Bank
linkedin
leader-logo
Daniel Arellano
Senior Vice President, Business Cards and Payments
linkedin

Recent News

Yahoo Finance
JPMorgan, Capital One Shares Sink on Trump’s Credit-Card Threat
2026-01-13
Investing.com
Financial stocks fall as Trump’s credit card rate cap plan rattles investors
2026-01-13
Yahoo Finance
Why Shares of Capital One Are Sinking Today
2026-01-13
Company data provided by crunchbase