Principal Associate, Cybersecurity Intelligence Analysis and Reporting

7900 Westpark Drive (12131), United States of America, Tysons, Virginia

At Capital One, we're building a leading information-based technology company. Still founder-led by Chairman and Chief Executive Officer Richard Fairbank, Capital One is on a mission to help our customers succeed by bringing ingenuity, simplicity, and humanity to banking. We measure our efforts by the success our customers enjoy and the advocacy they exhibit. We are succeeding because they are succeeding.

Guided by our shared values, we thrive in an environment where collaboration and openness are valued. We believe that innovation is powered by perspective and that teamwork and respect for each other lead to superior results. We elevate each other and obsess about doing the right thing. Our associates serve with humility and a deep respect for their responsibility in helping our customers achieve their goals and realize their dreams. Together, we are on a quest to change banking for good.

Principal Associate, Cybersecurity Intelligence Analysis and Reporting

Capital One performs cybersecurity oversight for third parties to ensure contracted or third parties being assessed as part of onboarding processes maintain cybersecurity governance, controls, monitoring, and respond adequately to protect shared data. Capital One's Information Assurance Third Party Management (IA TPM) function is building a small team of cyber intelligence analysts to review intelligence related to its contracted third parties and then triage the information using a risk-based model for possible follow-up with our third parties. This new team will review intelligence gathered from multiple internal and external tools, assess the information for potential cybersecurity concerns, and prepare reports for the third party managers to engage with the third party.

Can you

  • Evaluate cybersecurity related intelligence data following a risk-based model to determine and report on matters that need follow-up with the third party?
  • Interpret cybersecurity requirements and reasonably apply them to specific situations?
  • Be agile to quickly perform work when indicators are alerting to critical risks?
  • Articulate intelligence and risk to key stakeholders and customers driving understanding and influence action?
  • Analyze large data sets to identify trends, outliers, and items for further investigation?


If so, then this may be the role for you! Our IA TPM is at the leading edge of supply chain risk management oversight practices in the financial sector. Let's make a difference together!

Responsibilities
  • Maintain a thorough knowledge of the Capital One Information Security Policy and Standards, and Information Assurance Third Party Management Procedure.
  • Learn how to review and gather intelligence from multiple externally-hosted tools that may change from time to time.
  • Review alerts and large data sets from multiple externally-hosted tools and analyze and triage this to align a predefined risk-based model to identify risk areas of concern or further discussion.
  • Using the triaged data, prepare reports to articulate and inform the third party manager and key internal stakeholders on risk matters in order to inform decision making and to potentially take to the third party for reaction and follow-up.
  • Drive and influence action leading to the mitigation of risk and the facilitation of safe, secure supplier engagements.


Basic Qualifications
  • A Bachelor's Degree or military experience
  • At least 4 years of experience in cybersecurity advisory, or cyber architecture, or cyber third party risk management oversight

Preferred Qualifications
  • 2+ years of experience or familiarity with industry standards or assessment methods (PCI DSS, or SIG/AUP, or FedRAMP, or SOC2 Type 2, or NIST 800-53, or NIST-CSF)
  • 2+ years of cybersecurity experience at a Financial Institution
  • Familiarity with cybersecurity scan vendors (Security Scorecard, or Risk Recon, or BitSight)
  • Relevant certification (CISSP, or CISA, or CRISC, or CTPRP)


At this time, Capital One will not sponsor a new applicant for employment authorization for this position.


Back to top