Cyber Governance and Risk Management, Cyber Tool Assessor - Principal Associate

Posted Yesterday
Be an Early Applicant
3 Locations
Hybrid
119K-164K Annually
Mid level
Fintech • Machine Learning • Payments • Software • Financial Services
Change everything. Starting with your career.
The Role
Assess and evaluate cybersecurity tools and configurations to identify risks and gaps, recommend mitigations, and support continuous improvement. Collaborate with engineering, product, and risk teams to communicate findings, lead enterprise risk reduction efforts, and apply risk frameworks, monitoring artifacts, and compliance methodologies to strengthen the organizations security posture.
Summary Generated by Built In
Cyber Governance and Risk Management, Cyber Tool Assessor - Principal Associate
Security is essential to what we do at Capital One, from protecting customer data to the associate experience. As a Cyber Risk Manager within the Governance and Risk division, you see security as an innovation enabler and differentiator, not a step in the compliance process. You thrive working with business and technology partners to achieve goals and objectives in a secure manner. You're constantly looking for ways to leverage modern technology architectures. You enjoy solving tough cybersecurity problems in an iterative, team environment.
You are pragmatic and practical in your understanding of software development and IT operations, and have experience with industry risk frameworks and models. You possess a technical understanding of software engineering best practices, cloud infrastructure, security scanning and detection tools, and tool configuration management. This knowledge will help you collaborate and innovate with customers and colleagues to enhance our technology risk posture.
At Capital One, you will be a vital contributing member to a cybersecurity tool evaluation team, responsible for identifying gaps and seams in our cybersecurity posture and will be responsible for supporting the identification of solutions to address them. In this role, you will leverage your technical and evaluative experience to identify, understand, capture, and communicate security risks, and leverage other experts to inform your efforts and escalate when necessary. In this capacity, you will work with cybersecurity solution and delivery teams and interface closely with them as well as our partners in Enterprise Services Risk and Tech Risk Management to seek input, socialize identified issues and proposed solutions, and facilitate agreement on evaluation results.
Responsibilities:
  • Serve as an Information Security Risk Management subject matter expert and advise on best practices in risk reduction through the configuration of cybersecurity tools and platforms.
  • Leverage capability, risk, and/or threat classification frameworks and standardization methodologies to facilitate evaluations of cybersecurity tool effectiveness.
  • Through the periodic re-evaluation of cybersecurity tools and suites, support the implementation and execution of a continuous improvement program, inclusive of risk and issue identification, corrective action implementation, and results validation.
  • Articulate operations, compliance, and cybersecurity objectives for engineering and products to inform prioritized risk reduction.
  • Effectively communicate the impact of identified operational, compliance, process, control, and tooling gaps and potential remediation courses of action to multiple audiences, including leadership, to support the enhancement of their cybersecurity postures.
  • Lead solutioning for, and manage activities in response to, large-scale enterprise risk reduction efforts.

Basic Qualifications:
  • High School Diploma, GED, or equivalent certification
  • At least 3 years of experience in cybersecurity
  • At least 1 year of experience with technology or cybersecurity risk management frameworks

Preferred Qualifications:
  • Bachelor's Degree
  • 3+ years of experience in operational compliance or IT audit
  • 4+ years of experience with cyber tooling and operations
  • 3+ years of experience with monitoring, gathering, and assessing artifacts as part of continuous security monitoring such as: C&A, POA&M, NIST 800-37, MITRE ATT&CK or MITRE D3FEND
  • 1+ years of experience utilizing Agile methodologies
  • Cybersecurity certifications such as: Security +, CRISC, CISSP, CISM, CSA, AWS Cloud Practitioner, or AWS Certified Solutions Architect Associate Certification

At this time, Capital One will not sponsor a new applicant for employment authorization, or offer any immigration related support for this position (i.e. H1B, F-1 OPT, F-1 STEM OPT, F-1 CPT, J-1, TN, E-2, E-3, L-1 and O-1, or any EADs or other forms of work authorization that require immigration support from an employer).
The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked.
McLean, VA: $131,300 - $149,800 for Prin Assoc, Cyber Risk & Analysis
New York, NY: $143,200 - $163,500 for Prin Assoc, Cyber Risk & Analysis
Richmond, VA: $119,400 - $136,200 for Prin Assoc, Cyber Risk & Analysis
Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter.
This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan.
Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level.
This role is expected to accept applications for a minimum of 5 business days.
No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections 4901-4920; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries.
If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1-800-304-9102 or via email at [email protected] . All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations.
For technical support or questions about Capital One's recruiting process, please send an email to [email protected]
Capital One does not provide, endorse nor guarantee and is not liable for third-party products, services, educational tools or other information available through this site.
Capital One Financial is made up of several different entities. Please note that any position posted in Canada is for Capital One Canada, any position posted in the United Kingdom is for Capital One Europe and any position posted in the Philippines is for Capital One Philippines Service Corp. (COPSSC).

Skills Required

  • High School Diploma, GED, or equivalent certification
  • At least 3 years of experience in cybersecurity
  • At least 1 year of experience with technology or cybersecurity risk management frameworks
  • Experience with industry risk frameworks and models
  • Technical understanding of software engineering best practices
  • Technical understanding of cloud infrastructure
  • Technical understanding of security scanning and detection tools
  • Technical understanding of tool configuration management
  • Bachelor's Degree
  • 3+ years of experience in operational compliance or IT audit
  • 4+ years of experience with cyber tooling and operations
  • 3+ years of experience with monitoring, gathering, and assessing artifacts (e.g., C&A, POA&M, NIST 800-37, MITRE ATT&CK, MITRE D3FEND)
  • 1+ years of experience utilizing Agile methodologies
  • Cybersecurity certifications such as Security+, CRISC, CISSP, CISM, CSA, AWS Cloud Practitioner, or AWS Certified Solutions Architect Associate

What the Team is Saying

Ryan Page
Kristen Cornelsen
Natalia Bachmann
Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: McLean, VA
55,000 Employees
Year Founded: 1994

What We Do

At Capital One, we think and work like a tech company, using our digital fluency to transform everything about the customer experience. We’re bending data to our will, and turning a stodgy industry on its head. That’s reflected in our ranking as the number one business technology innovator in the U.S. in the 2016 InformationWeek Elite 100.

Why Work With Us

Here’s another question: What are you looking for? A place where curiosity is the starting point? Where data leads to human insights? Where humanity drives product development? We’re bringing breakthrough products and services to consumers, small businesses, and commercial clients. And each new idea makes life better for millions of people.

Gallery

Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery

Capital One Teams

Team
Technological Innovation at Capital One
About our Teams

Capital One Offices

Hybrid Workspace

Employees engage in a combination of remote and on-site work.

Typical time on-site: Not Specified
Company Office Image
HQMcLean, VA
MX
Atlanta, GA
Bengaluru, Karnataka
Company Office Image
Boston, MA
Company Office Image
Chicago, IL
Company Office Image
London, GB
Company Office Image
New York, NY
Company Office Image
Nottingham, GB
Company Office Image
Philadelphia, PA
Company Office Image
Plano, TX
Company Office Image
Richmond, VA
Company Office Image
San Francisco, CA
Toronto, ON
Learn more

Similar Jobs

Capital One Logo Capital One

Principal Associate, Product Design - Design Systems

Fintech • Machine Learning • Payments • Software • Financial Services
Hybrid
4 Locations
55000 Employees
119K-164K Annually

Capital One Logo Capital One

Senior Tax Associate, Indirect Tax

Fintech • Machine Learning • Payments • Software • Financial Services
Hybrid
McLean, VA, USA
55000 Employees
97K-110K Annually

Capital One Logo Capital One

Applied Researcher II (AI Foundations, LLM Core and Agentic AI)

Fintech • Machine Learning • Payments • Software • Financial Services
Hybrid
4 Locations
55000 Employees
263K-327K Annually

Capital One Logo Capital One

Artificial Intelligence Engineer

Fintech • Machine Learning • Payments • Software • Financial Services
Hybrid
4 Locations
55000 Employees
197K-246K Annually

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account