Principal Cyber Risk Analyst

7900 Westpark Drive (12131), United States of America, Tysons, Virginia

At Capital One, we're building a leading information-based technology company. Still founder-led by Chairman and Chief Executive Officer Richard Fairbank, Capital One is on a mission to help our customers succeed by bringing ingenuity, simplicity, and humanity to banking. We measure our efforts by the success our customers enjoy and the advocacy they exhibit. We are succeeding because they are succeeding.

Guided by our shared values, we thrive in an environment where collaboration and openness are valued. We believe that innovation is powered by perspective and that teamwork and respect for each other lead to superior results. We elevate each other and obsess about doing the right thing. Our associates serve with humility and a deep respect for their responsibility in helping our customers achieve their goals and realize their dreams. Together, we are on a quest to change banking for good.

Principal Cyber Risk Analyst

The Cyber Risk Management Framework is the overarching program that leads and directs activities to enable an enterprise risk-based view of Cyber initiatives through a single user interface which measures the firm's cyber security risk posture. The Framework is comprised of multiple efforts to bring together baseline, future state, and quantitative metrics associated with each of Cyber's program initiatives.

As a Principal Cyber Risk Analyst for the Cyber Risk Framework program at Capital One, you will have a unique vantage point of cyber risk analytics that centralize data used across the enterprise. Cyber Risk Management Framework will depend on you to solve complex problems that directly impact the success of Capital One. You will take on important and exciting responsibility from day one, working directly with the most senior Cyber leadership. You should display passion, energy and enthusiasm in your daily activities, and demonstrate the ability to motivate team members through your leadership.

Basic Qualifications:

  • Bachelor's Degree or Military experience
  • At least 4 years of information security risk management experience
  • At least 2 years of experience doing NIST Cyber Security Framework assessments
  • CompTIA Security+ Certification


Preferred Qualifications:
  • Master's Degree in Statistics, or Economics, or Mathematics, or Information Security
  • 3+ years of experience in financial services industry
  • Certified Risk and Information Systems Control (CRISC), or Certified Information Systems Auditor (CISA), or Certified Regulatory Compliance Manager (CRCM)
  • 6+ years of information security risk management experience
  • 1+ year of experience developing or validating statistical or cyber threat models


In this position, the Principal Cyber Risk Analyst will:
  • Have a thorough understanding of the factors that go into creating a comprehensive risk exposure picture to help companies close gaps and improve internal security measures
  • Leverage extensive knowledge on data points that cyber risk modeling platforms consider, such as technical vulnerabilities, misconfigurations, malicious indicators, remediation processes and response times
  • Understand technology and operational risks to the Information Technology Services organization as well as related laws, regulations, and industry standards
  • Assess and recommend policies, standards, procedures, controls, and security solutions to assure the confidentiality, integrity, and availability of the information technology environment.
  • Develop aggregate models that evaluate the organization's cyber risk based on technical and behavioral risk data sets, covering people, processes, technology, and attacker motivations
  • Join and explore relationships in disparate data sets, apply advanced analytics capabilities to derive insights from a combination of unstructured, semi-structured, and structured data
  • Work with business owners and cyber engineering teams to help promote effective management of identified risks in accordance with the Cyber Risk Management Framework program


At this time, Capital One will not sponsor a new applicant for employment authorization for this position.


Back to top