Capital One: Manager, Third Party Risk

7900 Westpark Drive (12131), United States of America, McLean, VirginiaManager, Third Party RiskThe Information Assurance Third Party Management (IA TPM) program defines the framework and conducts the assessments that enable the business to protect sensitive Capital One information and confirms the third party’s ability to provide continual services.

The associate in this role will provide leadership and oversight for the IA TPM assessment function and supporting team of assessors.

IA TPM assessors partner with the line of business Third Party Manager and IA TPM team to gain insight into the inherent cyber risk of the third party engagement to inform the evaluation they perform to establish the effectiveness of the third party’s environment and deliver a quality assessment report.

This enables effective risk management in alignment with business tolerance and industry requirements.You will:Manage a team of assessors performing assessments of Capital One third partiesManage relationship with external assessment firm in coordinating assessment activityConduct training of internal and external assessors on program updatesMaintain oversight of the assessment pipelineExecute kick-off, planning and scoping activities for IA TPM risk assessmentsPerform gap analysis of Third Parties control environment against Capital One control expectationsWrite reports including executive summaries and work papers detailing the assessment work completed, evidence reviewed, and identified gapsLead the Quality Check (QC) process on assessment reportsCommunicate final reports to stakeholders including Third Party Managers and accountable ExecutivesTravel 10-20%, which may include offshore locations, to perform multi day assessmentsMaintain a thorough understanding of the program controls, intent, and test procedures and provide input to ensure content is current and relevant to the technology environment and threat landscapePartner across the IA TPM community to recommend and drive program revisions/enhancementsSupport the annual review/update of the assessment program with stakeholdersSupporting initiatives to drive quality assessment reporting by reviewing the assessment results (work papers and executive summaries) provided by IA TPM assessors of Capital One’s third parties.About You:You are an inspiring and motivating people leaderYou are able to analyze information and dataYou demonstrate strong subject matter expertise and sound judgement to align appropriate risk levelYou can conduct an assessment in a collaborative manner to effectively assess controls while maintaining business relationshipsYou can quickly analyze information security controls, ensure clearly written assessments, and provide constructive action items to assessorsYou can develop and communicate quality recommendations to assessorsYou have an ability to work with diverse contacts throughout the world to achieve resultsYou are able to communicate technical issues to non-technical peopleYou demonstrate strong problem-solving and conceptual thinking abilitiesBasic Qualifications:High School Diploma, GED, or equivalent certificationAt least 5 years of experience conducting Information Security Risk Assessments or Information Security AuditsAt least 3 years of experience in Business Continuity or Risk ManagementAt least 3 years of experience in managing third party vendorsAt least 2 years of people management experiencePreferred Qualifications:Bachelor’s DegreeActive CISSP and CISA certification3+ years of experience in Payment Card Industry Data Security (PCI DSS), National Institute of Standards and Technology (NIST), International Organization for Standardization (ISO), Physical Security, or IT Operations Management2+ years of experience with Cloud technologies (AWS, Azure, or Google Cloud Platform)3+ years experience at a Financial InstitutionAt this time, Capital One will not sponsor a new applicant for employment authorization for this position.