Website Capital One
The Director of UK Governance & Risk will lead teams to assess, monitor and report on cyber risk, controls and cyber maturity in the UK and will also be a force for shaping programs across the global Capital One enterprise. Governance & Risk work is essential for meeting requirements from senior leadership, the board, and regulators.
- Monitor the evolution of cyber best practices and use this knowledge to calibrate Capital One’s maturity framework in an ongoing manner and ensuring the control suite aligns with risk appetite
- Coordinate and ensure success of specialised assessments on behalf of the enterprise to ensure compliance with domestic and international regulatory requirements.
- Collaborate with stakeholders, executives and business partners to understand their perspectives, the implementation of current cyber capabilities, plans for improvement and road map initiatives, and facilitate next steps towards meeting analysis and target state maturity timelines.
- Understand best practices from multiple cybersecurity frameworks, standards, and models (e.g. NIST CSF, PCI DSS, FFIEC Handbooks, NIST 800-53, CERT-RMM) and articulate how these best practices can be applied within the Capital One environment.
- Oversee day to day operations of the risk, control, maturity, external assurance programs; engage with senior leaders to ensure commitment for program processes and improvements; build a program strategy, and budget to meet cyber objectives.
- Oversee multiple project teams of cyber governance and risk professionals (comprising both internal associates and external contractors) conducting assessments to measure and report on the maturity and effectiveness of enterprise cyber capabilities globally.
- Manage a team and contribute to building a strong culture of inclusiveness and belonging among Capital One’s teams; foster associate development through goal setting and support appropriate training to maintain a skilled staff.
- Track record of leading strong, technically capable teams to success
- Experience in the IT Software Development Life Cycle
- Performed assessments supporting NIST frameworks, PCI DSS, or industry best practice in external assurance
- Experience of working in an Agile environment
- Led the evaluation of cybersecurity capabilities through a maturity assessment lens or through controls testing processes
- Worked in the financial sector and have a clear understanding of the regulatory environment
- Demonstrate experience of supporting, partnering, and interacting with internal business partners
- Strong experience in information security, controls evaluation and risk management
- Strong experience of working with Cyber Security Frameworks (NIST CSF, NIST-800-53, CERT-RMM, PCI DSS, ISO 27001)
Company: Capital One
Vacancy Type: Full Time
Job Location: London, England, United Kingdom
Application Deadline: N/A