Director, Technology & Data Risk Management

Capital One•McLean, VA

1d•$244,700 - $335,100

About The Position

Director, Technology & Data Risk Management Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, software quality, and data management. Technology & Data Risk Management (TDRM) is a small organization that packs a big punch. The ~200 professionals in TDRM are trusted experts who oversee ~14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk, and data management risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. For years, the cybersecurity community has debated whether the CISO should report to the CIO or not. In regulated financial services, the answer is: both. The first-line CISO has operational responsibilities and reports to the CIO. The second-line Chief Tech Risk Officer (CTRO) and the Tech & Data Risk Management (TRM) organization have broader responsibilities for cybersecurity but also reliability, software quality, resilience, and the risk of failing to manage our data. The CTRO is independent and oversees the work of the CISO, the CIO/CTO, and the Chief Data Officer. The CTRO reports to the Chief Risk Officer, who reports directly to the CEO. Our business leaders must make technology decisions constantly. TDRM makes sure they have the tech and data risk information they need to make good decisions. Associates within TDRM are highly skilled information security, cybersecurity, site reliability engineering, technology, data analyst, data scientist, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. Summary: The Director, Technology & Data Risk Management will play a key role in the organization’s second line of defense independent controls review program by providing technical expertise in assessing the overall effectiveness of the company’s technology (including both cybersecurity and technology) and data management controls environment. This position will lead evaluations of first line monitoring and testing results, direct the performance of independent testing of first line technology controls to independently evaluate control design and operating effectiveness, and draft reports for senior management. As part of the second line of defense, you will collaborate closely with associates in the first line cyber and broader technology organization, as well as risk management offices in the various lines of business, to perform and support evaluations of the effectiveness of the company’s technology controls infrastructure, and offer independent advice and recommendations regarding ways to further mature the company’s technology risk management capabilities. You will have the opportunity to lead second line of defense efforts to integrate technology and data management controls related to Discover specific to providing challenge on first line testing efforts as well as control rationalization.

Requirements

Superb communication skills that include active listening and executive presentation skills
Proven critical analytical behavior, including and the ability to express a point of view supported by data (with both technical and non-technical audiences)
Expertise in technology, cybersecurity and data management domains, with an ability to identify risks, assess controls and to propose recommendations for enhancing the tech and data control environment
Excellent influencing skills across all levels of the organization, tailoring the style and content to meet the needs of the audience
The ability to understand the materiality of feedback from stakeholders, knowing when to act and when to listen, including driving discussions to find resolution where required.
A Track record of providing strategic direction to teams, peers, and stakeholders to drive results, solve problems, and influence outcomes
Bachelor's Degree or military experience
At least 9 years of experience in technology, audit, information technology or risk management
At least 5 years of supervisory or leadership experience
At least 3 years of experience in the financial services industry

Nice To Haves

Masters degree in Cybersecurity, Data Analytics, or Information Technology
Professional security management certifications, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA)Experience with Python, SQL, and/or advanced excel functions (Pivot tables, VLOOKUP, etc.)
Experience with using or auditing GenAI technology
One or more of the following professional certifications: AWS Solutions Architect - Associate, AWS Solutions Architect - Professional, AWS Certified Security Specialty, AWS Developer - Associate, AWS Devops Engineer Professional, ISC2 Certified Cloud Security Professional (CCSP), or similar cloud security certifications

Responsibilities

Direct independent controls reviews of cybersecurity, data management and technology control environments for both legacy Capital One and Discover
Lead integration efforts related to the assessment of Discover’s technology and data management controls
Perform detailed reviews of team’s assessments of first line control testing programs to determine sufficiency of processes and effectiveness of execution
Help with crafting the strategic vision of the team, including how to use GenAI to increase team efficiency and effectiveness
Perform detailed reviews of team’s assessments of first line’s evaluation of mapping to industry requirements or frameworks in cybersecurity
Provide technical assessments of technology and data management control design and effectiveness by advising on/performing independent testing when necessary
Develop presentations for senior management and other stakeholders, to include regulatory agencies and the Board of Directors, as required
Provide challenge, expertise and advice on enhancing the design, effectiveness, and maturity of the company’s technology and data management controls and capabilities
Mentor and develop associates to meet their professional development goals
Collaborate effectively with colleagues, stakeholders, and leaders across multiple organizations to achieve objectives
Coordinate program-related activities and deliverables to ensure effective collaboration within the team and across stakeholder groups
Collaborate effectively and build trusted relationships with colleagues, stakeholders, and leaders across multiple organizations to achieve objectives
Communicate in a compelling manner to any audience, including internal and external stakeholders

Benefits

Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being.
Learn more at the Capital One Careers website.
Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume