Sr. Manager, Cloud Technology Risk Oversight - Cyber Risk Management

    • McLean, VA

McLean 1 (19050), United States of America, McLean, Virginia

At Capital One, we're building a leading information-based technology company. Still founder-led by Chairman and Chief Executive Officer Richard Fairbank, Capital One is on a mission to help our customers succeed by bringing ingenuity, simplicity, and humanity to banking. We measure our efforts by the success our customers enjoy and the advocacy they exhibit. We are succeeding because they are succeeding.

Guided by our shared values, we thrive in an environment where collaboration and openness are valued. We believe that innovation is powered by perspective and that teamwork and respect for each other lead to superior results. We elevate each other and obsess about doing the right thing. Our associates serve with humility and a deep respect for their responsibility in helping our customers achieve their goals and realize their dreams. Together, we are on a quest to change banking for good.

Sr. Manager, Cloud Technology Risk Oversight - Cyber Risk Management

Cyber Risk Management (Cyber RM) is a growing organization focused on providing expert advice, credible challenge, and effective oversight of information security and technology activities to identify, assess, control, and manage cyber and technology risk throughout the company. This organization plays a critical role in helping to ensure that the company's risk-taking entities are aware of the risks inherent in their activities and decisions, the impact of their actions on the company at an enterprise level, and opportunities to reduce, mitigate, or avoid risks altogether. Associates within the Cyber Risk Management organization are highly-skilled information security, cyber, technology, or risk management professionals who have a wealth of experience and a demonstrated ability to provide value-added recommendations and deliver high-impact results in their areas of expertise.

This position - Senior Manager, Cloud Technology Risk Oversight -will play a key role in assessing, challenging and advising on infrastructure, platform, and software services in the cloud and display a strong understanding of industry best practices in Cloud practices including governance, engineering, architecture and networking. As part of the second line of defense, you will collaborate closely with associates in Cyber, Technology, the Lines of Business, and other risk management offices. You will help develop and further build our 2nd line oversight and credible challenge program for cloud. You will perform and support evaluations of the Capital One's cloud governance, engineering, architecture and networking, controls and practices and offer independent advice and recommendations regarding ways to further mature the firm's cyber and technology risk management capabilities. In addition, you will contribute to the identification and analysis of new or emerging cybersecurity and technology risks to the enterprise, and aid in integrating cloud engineering practices with other risk management programs across the enterprise.

As a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately.

Essential Functions (Responsibilities):

  • Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy.
  • Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities
  • Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options
  • Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders
  • Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services
  • Demonstrate strong analytical, problem-solving, and decision-making skills
  • Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers
  • Define, structure and plan work independently
  • Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance.
  • Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions
  • Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies
  • Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies


Basic Qualifications:
  • Bachelor's Degree or military experience
  • At least 5 years of experience managing, consulting, auditing, or working in the fields of information security or information technology
  • At least 3 years experience with Public Cloud implementations
  • Professional certification: AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP)


Preferred Qualifications:
  • Master's Degree in Computer Science or in an Engineering discipline
  • Demonstrated technical knowledge of cloud-native architecture, microservice architecture, and DevOps/CI/CD principles
  • AWS Certified Professional Architect or other equivalent AWS certification CCSP, CCSK, or equivalent certification
  • Experience with containerized workloads including EKS, ECS, Kubernetes, container-as-a-service
  • Experience with Information Security at the policy, architecture or implementation level
  • Experience with identifying and communicating key risks related to cloud native implementations and architectures
  • Experience applying control frameworks such as CSA-CSM, CIS, and FedRAMP


At this time, Capital One will not sponsor a new applicant for employment authorization for this position.

Capital One is a nationally recognized and high-tech business banking company, offering better customized consumer and commercial lending and deposit financial services.

Capital One Company Image


Back to top