Third-Party Cyber Risk Manager
HumanaSalary not specified
Not SpecifiedCompensation
Mid-level (3 to 4 years), Senior (5 to 8 years)Experience Level
Full TimeJob Type
UnknownVisa
Financial Services, CybersecurityIndustries
Requirements
- High school diploma, GED, or equivalent certification
- At least 4 years of Cybersecurity experience
- At least 2 years of Third Party Risk Management or Risk Management experience
- At least 2 years of management experience
- Experience evaluating and analyzing technology and cybersecurity risks
- Experience managing cyber related Third Party monitoring and governance processes
- Knowledge of procedure-based controls of a cybersecurity program including qualitative risk analysis steps, vulnerability and patch management, threat modeling, Identity and Access Management (IAM), cybersecurity frameworks (NIST CSF, PCI-DSS and CIS)
- Knowledge of Incident Management Respond and Recover functions from a cyber resiliency perspective
- Excellent technical writing skills
- Advanced communication skills
- Preferred Qualifications
- Bachelor’s Degree
- 6+ years in cybersecurity
- 4+ years in Third Party Risk Management
- 2+ years of experience with establishing Third Party Connections, API, SFTP, and VPN
- 2+ years of experience assessing security for cloud platforms, SaaS, PaaS, and IaaS
- 2+ years of experience in network, OS, and Database security administration
- 2+ years managing Third Party monitoring solutions
- CISM Certification
- CISSP Certification
Responsibilities
- Effectively challenge the status quo across the organization to ensure the appropriate management of personnel and Cybersecurity and Third Party risks
- Actively participate in ensuring the security of Third Party systems and applications, including Third Party Cybersecurity framework, program optimization, vulnerability remediation, metrics reporting, performance analysis and mitigation of cyber and Third Party risk
- Perform duties related to projects, compliance, metrics, assurance, vulnerabilities, or threats using high-level critical thinking
- Compile professional security assessment reports, slides, and lead discussions to effectively communicate the risks and remediation options to partners
- Manage a cybersecurity team that focuses on Third Party cyber risk activities as it relates to Third Party monitoring, vulnerability monitoring and reach out efforts, framework and contract requirements
- Work cross-functionally within Cybersecurity to review identified Third Party vulnerabilities and vulnerabilities in deployment of Third Party solutions to determine severity, impact, and recommend risk-based options for remediation
- Actively collaborate with business partners, application architects and partner security and risk teams to research and build security solutions aligned to business goals
- Learn advanced cybersecurity concepts including new and modern threat exploitation techniques of threat actors
- Achieve team commitments (and influence others to do the same) by using informal leadership & advanced communication skills
- Actively manage and escalate risk and customer-impacting issues within the day-to-day role to management
- Mentor novices by providing learning tasks as well as work related tasks, direct the work of advanced beginners, and help them continue to grow
- Communicate effectively and promptly every day and lead cybersecurity discussions at Capital One
- Provide oversight into security programs impacting decisions and guide team to achieve key results for the assigned security assessment tasks
Skills
Cybersecurity Risk Analysis
Third Party Risk Management
NIST CSF
PCI-DSS
CIS
Vulnerability Management
Patch Management
Threat Modeling
Identity and Access Management
IAM
Incident Management
Risk Assessment
Metrics Reporting
Capital One
Offers diverse financial products and services
About Capital One
Capital One provides a variety of financial services aimed at making banking accessible and easy for everyone. The company offers products such as credit cards, savings accounts, car loans, and business checking accounts, catering to both individual consumers and small businesses primarily in the United States. Capital One's approach includes user-friendly banking solutions with no fees or minimums for checking accounts, allowing customers to manage their finances more effectively. They generate revenue through interest on loans, credit card fees, and investment banking services. What sets Capital One apart from its competitors is its strong commitment to financial inclusion and literacy, demonstrated through community partnerships and educational initiatives, such as collaborations with Khan Academy. The company's goal is to create a more inclusive financial system and empower customers with the knowledge and tools they need to make informed financial decisions.
McLean, VirginiaHeadquarters
2014Year Founded
$15.9MTotal Funding
IPOCompany Stage
Fintech, Financial ServicesIndustries
10,001+Employees
Benefits
Medical, Dental, & Vision coverage
Onsite Health Centers
Prescription saving with network of local pharmacies
Stock Purchase Plan
Education Assistance
401(k)
Flexible Spending Accounts
Life and Disability insurance
Generous paid time off + corporate & floating holidays
Registered dieticians on site, cooking classes and free virtual fitness classes
Employee Assistance Program
Risks
Increased competition in subscription management tools may dilute Capital One's advantage.
Over-reliance on partnerships could expose Capital One to technological risks.
Departure of key personnel like Joe Rodriguez may affect risk management continuity.
Differentiation
Capital One offers user-friendly banking with no fees or minimums for checking accounts.
The company partners with Khan Academy to provide financial literacy education.
Capital One is the first major U.S. bank to offer subscription management tools.
Upsides
Capital One's mobile app is a model for secure, user-friendly digital banking.
Data sharing with Worldpay enhances payment security and fraud prevention.
Partnerships with fintechs like Minna Technologies improve customer experience.
Related Jobs
RemoteRemoteCybersecurity TPRM & Trust Manager
MarqetaSalary not specified
Full Time
Senior (5 to 8 years), Expert & Leadership (9+ years)
RemoteSenior Risk Analyst - Enterprise Risk Management
DeelSalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteSr. IT & Cyber Operations Analyst (Remote)
CrowdstrikeSalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteSecurity Program Manager
OpenAISalary not specified
- Full Time
- Senior (5 to 8 years), Expert & Leadership (9+ years)
RemoteActuary, Risk and Compliance
HumanaSalary not specified