Capital One Director - Cyber Governance in Tysons Corner, Virginia

7900 Westpark Drive (12131), United States of America, Tysons, Virginia

At Capital One, we’re building a leading information-based technology company. Still founder-led by Chairman and Chief Executive Officer Richard Fairbank, Capital One is on a mission to help our customers succeed by bringing ingenuity, simplicity, and humanity to banking. We measure our efforts by the success our customers enjoy and the advocacy they exhibit. We are succeeding because they are succeeding.

Guided by our shared values, we thrive in an environment where collaboration and openness are valued. We believe that innovation is powered by perspective and that teamwork and respect for each other lead to superior results. We elevate each other and obsess about doing the right thing. Our associates serve with humility and a deep respect for their responsibility in helping our customers achieve their goals and realize their dreams. Together, we are on a quest to change banking for good.

Director - Cyber Governance

Cyber Assurance is focused on managing cyber risk and controls for the enterprise. As Director, Cyber Governance, you will have first line of defense responsibilities for Cyber Policies and Standards, Issue and Exception Management, and Cyber Capability Assessments. You will need to understand evolving cyber laws and regulations and align internal practices accordingly. You will identify, manage and remediate non-adherence to requirements and you will evaluate current cyber capabilities with industry standards (i.e., NIST 800-53).

Associates within the Cyber Assurance are highly-skilled information security, cyber, technology, or risk management professionals who have a wealth of experience and a demonstrated ability to lead and identify appropriate controls, process that ensure a well-managed organization, and understand cyber best-practices.

This position will provide program management, reports, and communications to internal/external governance processes for the Cyber organization, monitor key risk indicators (KRI) and key performance indicators (KPI) for the organization, compile and analyze cyber security reporting, compile and coordinate materials for the Board and other governing bodies, and serve as the organization’s focal point for cyber governance processes (to include assessments, risks, control objectives, test plans, risk identification). The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment who can begin contributing immediately.

Essential Functions (Responsibilities):

  • Provide program management for governance processes for the Cyber organization to promote a well-managed organization

  • Serve as the organization’s focal point for governance committees and forums and participate in, or help prepare executives for participation in, such engagements

  • Develop and monitor internal KRIs and KPIs for the Cyber organization and monitor and measure progress against the indicators

  • Compile, organize, and analyze all cyber risk and controls in the system of record, and monitor for compliance with established requirements or remediation timelines

  • Assist in drafting and overseeing coordination of reports for the Board and other internal or external bodies

Basic Qualifications:

  • Bachelor's degree or military experience

  • At least 8 years of experience with audit and compliance

  • At least 8 years of experience with a documented risk framework

  • At least 8 years of experience with risk identification

  • At least 8 years of experience with risk management

Preferred Qualifications:

  • Master's degree

  • Experience implementing NIST CSF or ISO 2700

  • Experience managing multiple high-visibility and high-impact projects while maintaining superior results

  • Execution oriented and a self-motivator

  • Superior verbal and written communication skills

  • Demonstrated clear communication skills and interacting effectively at all levels of the organizations, and to influence senior management and executives

  • Deep expertise with producing and analyzing risk metrics and communicating the implications of the data to executives and other stakeholders throughout the enterprise

  • Passion and expertise in cybersecurity and technology

  • Experience with NIST Cybersecurity Framework or other NIST Special Publications

  • Confident, respectful, and articulate when registering dissenting opinions with colleagues and senior management

  • Professional security management certifications, such as a Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM)

  • Professional Project Management or AGILE certifications

At this time, Capital One will not sponsor a new applicant for employment authorization for this position.