Principal Associate, Cyber Risk & Analysis - Enterprise Services Risk

Principal Associate, Cyber Risk & Analysis - Enterprise Services Risk

The Enterprise Services Risk organization is expanding with a focus on attracting innovative, pioneering, collaborative, and highly skilled professionals. We operate at the forefront of risk management, providing support for novel and developing technologies, as well as critical business strategies. Diverse perspectives and experiences are valued as we work to redefine the financial sector.

As a Principal Associate, Identity and Access Management (IAM) Risk Guide, you will serve as the dedicated risk conscience and strategic advisor for Capital One's Cyber Identity and Access Management (IAM) team, within our Enterprise Services Risk (ESR) Tech and Product Risk office. This high-impact role is crucial for managing the inherent risks of our expanding cyber and technology footprint. You will collaborate closely with IAM and the wider ESR team to establish and govern risk management by leveraging best practices and proactively contributing to well-managed outcomes that directly inform and enable the decisions of our IAM Accountable Executive.

• Govern and support risk objects (risks, issues) throughout their lifecycle
• Act as a trusted advisor, leading and driving effective risk conversations with IAM teams
• Drive the identification and treatment of risks within IAM teams, inform decisions of IAM Accountable Executives
• Lead, facilitate, and contribute to discussions to identify, assess, manage, and report key risk related issues
• Operate a continuous improvement approach by reviewing and challenging IAM related risk objects
• Be an approachable and effective partner in developing fit-for-purpose solutions, with the ability to flex where appropriate

• Partner with our extended team of Risk Guides to remove complexity and improve efficiency
• Deliver IAM risk advice, challenge, and support to our IAM stakeholders
• Ensure key messages are understood and actions are underway, providing risk input, context, and challenge through appropriate and timely reporting and governance actions

• Maintain an up-to-date and in-depth industry and technical expertise in relevant areas of risk

• High School Diploma, GED or Equivalent Certification
• At least 3 years of experience in Risk Management, Process Management, Project Management, or a combination of these
• At least 3 years of experience supporting, partnering, and interacting with internal or external business clients

• Bachelor's Degree or Military Experience
• At least 4 years of experience in risk management or cyber risk management
• At least 5 years of experience in project, program, or portfolio management
• At least 1 year of Financial Services industry experience
• Risk Certifications (CRISC, CISM, CRCM, CIPP, ABA Risk Management Certification)
• Experience in Cyber Security Risk Management
• Experience in operational IAM management and governance
• Holds one or more of the following certifications: any security, technology, risk, project management, and/or audit certifications (e.g., CompTIA Security+, CompTIA Tech+, CompTIA Network+, CompTIA A+, CompTIA Project+, Systems Security Certified Practitioner (SSCP), Certified Associate in Project Management (CAPM), ISACA Certified in Risk and Information Systems Control (CRISC), ISACA IT Audit Fundamentals Certificate, technology vendor certifications (e.g., AWS, Microsoft, Google))
• Ability to navigate a complex, dynamic organization and prioritize deliverables in an multi-national, expanding business environment
• Excellent problem-solving, analytical and critical thinking skills to effectively respond to shifting priorities, demands and timelines
• Prioritize and execute tasks and coordinate with cross-functional teams
• Strong communication and relationship building skills, customer focus, and ability to collaborate and influence across teams to deliver
• Experience with the three lines of defense model and risk reporting

At this time, Capital One will not sponsor a new applicant for employment authorization for this position.

The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note…