Sr. Compliance Auditor need for well-established California bank that has been in operation for over 100 years This Jobot Job is hosted by: Joseph Calabrese Are you a fit? Easy Apply now by clicking the "Apply" button and sending us your resume. Salary: $120,000 - $160,000 per year A bit about us: Sr. Compliance Auditor need for well-established California bank that has been in operation for over 100 years Why join us? Strong benefits (M,D,V, and 401k) Profit sharing contribution Flexible work environment Extra paycheck at Christmas Job Details Required Knowledge: Banking knowledge -Branch Banking Operations, Lending Operations, compliance-related policy and procedures Knowledge of risk management principles and practices in banks Understanding of IIA standards for the Professional Practice of Internal Auditing, COSO, risk assessment practices, and audit principles Sound judgment, integrity and commitment to ethical behavior Ability to maintain confidentiality and treat sensitive information with discretion Excellent interpersonal and communication skills Highly proficient with MS Office products Strong analytical skills, logical reasoning and problem-solving skills Ability to work independently, with limited direction and guidance Detail oriented, accurate, and organized Ability to effectively manage multiple projects simultaneously Flexible and able to adapt quickly to changing work environments / priorities and tight deadlines Strong business acumen in risk and controls Education and Experience BS or BA Degree required, preferred majors in Accounting, Business Administration, Finance, or Economics or equivalent work experience required. Five or more years of compliance related experience within a bank compliance/BSA group, a bank internal audit compliance group or regulatory agency required. Regional banking experience is strongly preferred. Strong working knowledge of both Federal and California State consumer protection and public-interest compliance laws and regulations including Regulation Z, Regulation X, Regulation DD, Regulation E, Flood, Fair Lending, CRA, Privacy as well as BSA/AML/OFAC requirements and applicable commercial compliance laws and regulations. Certified Regulatory Compliance Manager (CRCM), Certified Anti-Money Laundering Specialist (CAMS), Certified Internal Auditor (CIA), Certified Information Security Auditor (CISA), or Certified Risk Management Assurance (CRMA) required. Experience with audit software is preferred. Supervisory experience preferred but not required. Data analytics a plus. Working knowledge of AuditBoard, Jack Henry (Silverlake/Xperience), COGNOS a plus. Interested in hearing more? Easy Apply now by clicking the "Apply" button. Jobot is an Equal Opportunity Employer. We provide an inclusive work environment that celebrates diversity and all qualified candidates receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, age (40 and over), disability, military status, genetic information or any other basis protected by applicable federal, state, or local laws. Jobot also prohibits harassment of applicants or employees based on any of these protected categories. It is Jobot's policy to comply with all applicable federal, state and local laws respecting consideration of unemployment status in making hiring decisions. Sometimes Jobot is required to perform background checks with your authorization. Jobot will consider qualified candidates with criminal histories in a manner consistent with any applicable federal, state, or local law regarding criminal backgrounds, including but not limited to the Los Angeles Fair Chance Initiative for Hiring and the San Francisco Fair Chance Ordinance. Information collected and processed as part of your Jobot candidate profile, and any job applications, resumes, or other information you choose to submit is subject to Jobot's Privacy Policy, as well as the Jobot California Worker Privacy Notice and Jobot Notice Regarding Automated Employment Decision Tools which are available at By applying for this job, you agree to receive calls, AI-generated calls, text messages, or emails from Jobot, and/or its agents and contracted partners. Frequency varies for text messages. Message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You can reply STOP to cancel and HELP for help. You can access our privacy policy here:
03/10/2026
Full time
Sr. Compliance Auditor need for well-established California bank that has been in operation for over 100 years This Jobot Job is hosted by: Joseph Calabrese Are you a fit? Easy Apply now by clicking the "Apply" button and sending us your resume. Salary: $120,000 - $160,000 per year A bit about us: Sr. Compliance Auditor need for well-established California bank that has been in operation for over 100 years Why join us? Strong benefits (M,D,V, and 401k) Profit sharing contribution Flexible work environment Extra paycheck at Christmas Job Details Required Knowledge: Banking knowledge -Branch Banking Operations, Lending Operations, compliance-related policy and procedures Knowledge of risk management principles and practices in banks Understanding of IIA standards for the Professional Practice of Internal Auditing, COSO, risk assessment practices, and audit principles Sound judgment, integrity and commitment to ethical behavior Ability to maintain confidentiality and treat sensitive information with discretion Excellent interpersonal and communication skills Highly proficient with MS Office products Strong analytical skills, logical reasoning and problem-solving skills Ability to work independently, with limited direction and guidance Detail oriented, accurate, and organized Ability to effectively manage multiple projects simultaneously Flexible and able to adapt quickly to changing work environments / priorities and tight deadlines Strong business acumen in risk and controls Education and Experience BS or BA Degree required, preferred majors in Accounting, Business Administration, Finance, or Economics or equivalent work experience required. Five or more years of compliance related experience within a bank compliance/BSA group, a bank internal audit compliance group or regulatory agency required. Regional banking experience is strongly preferred. Strong working knowledge of both Federal and California State consumer protection and public-interest compliance laws and regulations including Regulation Z, Regulation X, Regulation DD, Regulation E, Flood, Fair Lending, CRA, Privacy as well as BSA/AML/OFAC requirements and applicable commercial compliance laws and regulations. Certified Regulatory Compliance Manager (CRCM), Certified Anti-Money Laundering Specialist (CAMS), Certified Internal Auditor (CIA), Certified Information Security Auditor (CISA), or Certified Risk Management Assurance (CRMA) required. Experience with audit software is preferred. Supervisory experience preferred but not required. Data analytics a plus. Working knowledge of AuditBoard, Jack Henry (Silverlake/Xperience), COGNOS a plus. Interested in hearing more? Easy Apply now by clicking the "Apply" button. Jobot is an Equal Opportunity Employer. We provide an inclusive work environment that celebrates diversity and all qualified candidates receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, age (40 and over), disability, military status, genetic information or any other basis protected by applicable federal, state, or local laws. Jobot also prohibits harassment of applicants or employees based on any of these protected categories. It is Jobot's policy to comply with all applicable federal, state and local laws respecting consideration of unemployment status in making hiring decisions. Sometimes Jobot is required to perform background checks with your authorization. Jobot will consider qualified candidates with criminal histories in a manner consistent with any applicable federal, state, or local law regarding criminal backgrounds, including but not limited to the Los Angeles Fair Chance Initiative for Hiring and the San Francisco Fair Chance Ordinance. Information collected and processed as part of your Jobot candidate profile, and any job applications, resumes, or other information you choose to submit is subject to Jobot's Privacy Policy, as well as the Jobot California Worker Privacy Notice and Jobot Notice Regarding Automated Employment Decision Tools which are available at By applying for this job, you agree to receive calls, AI-generated calls, text messages, or emails from Jobot, and/or its agents and contracted partners. Frequency varies for text messages. Message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You can reply STOP to cancel and HELP for help. You can access our privacy policy here:
Category:: Professional Subscribe:: Department:: Information Technology Services - 02007 Locations:: Albany, NY Posted:: Sep 10, 2025 Closes:: Open Until Filled Type:: Full-time Ref. No.:: WF240297r Position ID:: 192683 About University at Albany: Established in 1844 and designated a University Center of the State University of New York in 1962, the University at Albany's broad mission of excellence in undergraduate and graduate education, research, and public service engages a diverse student body of more than 17,000 students in nine schools and colleges across three campuses. Located in Albany, New York, New York State's capital, the University is convenient to Boston, New York City, and the Adirondacks. Job Description: Information Technology Services (ITS), the central IT provider at the University at Albany, seeks applicants for a Desktop and Mobile Computing (D&MC) Senior Endpoint Management Specialist. ITS manages and supports nearly 7,000 university-owned faculty/staff, classroom, conference room, and research lab desktops and mobile devices. The D&MC Endpoint Management Specialist is a senior position that is key to continuous improvement and delivery of services in this large-scale operation. The D&MC Senior Endpoint Management Specialist is a subject matter expert in desktop and mobile computing and provides technical leadership within service teams. They address and resolve complex and non-standard requests and issues. They develop and maintain strong expertise in enterprise management applications and tools (i.e., Active Directory, MECM, AllSight, Jamf, etc.) and steer the selection and usage of each in achieving ITS' goals and adhering to ITS' principles and standards. The D&MC Senior Endpoint Management Specialist understands the importance of well-defined processes and promoting their adoption across large service teams to successfully manage the pace and volume of work required to support thousands of devices. The successful Senior Endpoint Management Specialist independently identifies process challenges and recommends and assists in implementing actionable improvements and solutions to the D&MC Manager. They monitor the flow of real-time work and act to address operational problems. Under the leadership and direction of the D&MC Manager, the Senior Endpoint Management Specialist is responsible for ensuring internal and customer-facing documentation is created, accurate, and updated regularly. They understand the value of documentation in promoting clarity and cohesion for large service teams. Primary Responsibilities: Enterprise management applications and tools (i.e., Active Directory, MECM, AllSight, Jamf, etc.) Ensure that all enterprise desktop and mobile device management applications and tools are maintained, and versions updated in a timely fashion and adhere to ITS standards, controls, security policies and procedures. Build and maintain advanced technical expertise in ITS' enterprise desktop and mobile device management applications and tools. Stay abreast of advances in the field and steer technical direction in D&MC, following ITS' architecture review protocols. Asset inventory maintenance, cyclical planning, budgeting, and related projects Develop and maintain a strong understanding of how the inventory data structure, operational processes to add/remove/update records, inventory dashboards and reports, and project workload planning all play a role in planning cyclic replacement of all D&MC assets. Regularly report on anomalies and potential problems in the asset inventories for all supported services and work to resolve. Maintain, provide reports and update replacement schedule and replacement cost fields in the asset inventories for all supported service areas to support budgeting and planning processes. Endpoints service standards, efficient operations and consistent user experiences Provide subject matter expertise, oversee and continuously evaluate hardware and software deployment and support processes, their effectiveness and recommend improvements. Determine and document the standard workstation and printer models and configurations for various use cases including fac/staff, classrooms, conference rooms, research labs; refresh standards, as needed. Oversee the internal and external documentation and maintain all approved desktop and mobile computing standards for the University. Regularly report on workstation hardware, operating systems, software, and printers at risk or outside of defined standards and work to resolve. Determine and document operating system versions used for deployments; determine and manage upgrade cycles. Provide day-to-day operational oversight of operations and service offerings Prepare technical diagrams, configuration logs, process maps, internal and external knowledge base articles, and other documentation, as needed. Provide subject matter expertise, technical support and collaborate across ITS teams and on projects to identify problems, devise creative solutions, and implement proposed recommendations. Other reasonable duties as assigned. Project Management Serve as Project Manager on D&MC projects. Actively participate, as needed, in ITS projects related to your service(s). Functional and Supervisory Relationships: Reports to: Manager of Desktop and Mobile Computing Services Supervises the following positions: None Interacts with: ITS staff; faculty and staff in academic, research, and business units; external vendors/contractors/consultants; peer institutions Job Requirements: Excellent interpersonal, oral, and written communication skills. Organize work, prioritize tasks, and manage multiple and changing priorities. Provide scheduled support and consultation outside normal business hours, including occasional evenings, holidays, or weekends, within reasonable professional obligation and expectation. Report to campus in-person on Mondays, Wednesdays, Fridays, and as needed. This position is eligible to telecommute on Tuesdays and Thursdays, following a probationary period and with supervisor approval. Requirements: Minimum Qualifications: A bachelor's degree from a college or university accredited by a U.S. Department of Education (DOE) or internationally recognized accrediting organization, or at least 6 years of full-time professional experience related to the role. Minimum of 3 years' experience building operating systems and application deployments in a large, complex environment. Minimum of 3 years' experience documenting deployment processes that can be replicated/implemented by field staff. Minimum of 3 years' experience supporting desktops and mobile devices, IT operations, or systems administration addressing and resolving issues escalated for higher level support. Applicants must demonstrate an ability to develop inclusive and equitable relationships within our diverse campus community Applicants must demonstrate an ability to support diversity, equity, access, inclusion, and belonging relative to their role Preferred Qualifications: Minimum of 3 years' experience using Microsoft Endpoint Configuration Manager (MECM); for operating system deployments, application packaging and deployment, and workstation security/patch management. Minimum of 3 years' experience using and maintaining active directory and group policy. Minimum of 3 years' experience developing and continuously maintaining technical documentation within a knowledge base repository. Experience configuring and managing a Microsoft mobile device management (MDM) system such as Microsoft Intune. Experience configuring and managing an Apple mobile device management (MDM) system such as Jamf Pro. Experience using PowerShell (or similar scripting language) to manage workstations, users, AD. Experience using and supporting workstations running Linux operating systems. Working Environment: Typical office environment Additional Information: Professional Rank and Salary Grade: Senior Programmer/Analyst, SL-4, $85,000-$95,000 Special Note: Visa sponsorship is not available for this position. If you currently need sponsorship or will need it in the future to maintain employment authorization, you do not meet eligibility requirements. Additionally, please note that UAlbany is not an E-Verify employer. The Jeanne Clery Disclosure of Campus Security Policy and Campus Crime Statistics Act, or Clery Act, mandates that all Title IV institutions, without exception, prepare, publish and distribute an Annual Security Report. This report consists of two basic parts: disclosure of the University's crime statistics for the past three years; and disclosures regarding the University's current campus security policies. The University at Albany's Annual Security Report is available in portable document format PDF by clicking this link Pursuant to NYS Labor Law 194-A, no State entity, as defined by the Law, is permitted to rely on, orally or in writing seek, request, or require in any form, that an applicant for employment provide his or her current wage, or salary history as a condition to be interviewed . click apply for full job details
01/14/2026
Full time
Category:: Professional Subscribe:: Department:: Information Technology Services - 02007 Locations:: Albany, NY Posted:: Sep 10, 2025 Closes:: Open Until Filled Type:: Full-time Ref. No.:: WF240297r Position ID:: 192683 About University at Albany: Established in 1844 and designated a University Center of the State University of New York in 1962, the University at Albany's broad mission of excellence in undergraduate and graduate education, research, and public service engages a diverse student body of more than 17,000 students in nine schools and colleges across three campuses. Located in Albany, New York, New York State's capital, the University is convenient to Boston, New York City, and the Adirondacks. Job Description: Information Technology Services (ITS), the central IT provider at the University at Albany, seeks applicants for a Desktop and Mobile Computing (D&MC) Senior Endpoint Management Specialist. ITS manages and supports nearly 7,000 university-owned faculty/staff, classroom, conference room, and research lab desktops and mobile devices. The D&MC Endpoint Management Specialist is a senior position that is key to continuous improvement and delivery of services in this large-scale operation. The D&MC Senior Endpoint Management Specialist is a subject matter expert in desktop and mobile computing and provides technical leadership within service teams. They address and resolve complex and non-standard requests and issues. They develop and maintain strong expertise in enterprise management applications and tools (i.e., Active Directory, MECM, AllSight, Jamf, etc.) and steer the selection and usage of each in achieving ITS' goals and adhering to ITS' principles and standards. The D&MC Senior Endpoint Management Specialist understands the importance of well-defined processes and promoting their adoption across large service teams to successfully manage the pace and volume of work required to support thousands of devices. The successful Senior Endpoint Management Specialist independently identifies process challenges and recommends and assists in implementing actionable improvements and solutions to the D&MC Manager. They monitor the flow of real-time work and act to address operational problems. Under the leadership and direction of the D&MC Manager, the Senior Endpoint Management Specialist is responsible for ensuring internal and customer-facing documentation is created, accurate, and updated regularly. They understand the value of documentation in promoting clarity and cohesion for large service teams. Primary Responsibilities: Enterprise management applications and tools (i.e., Active Directory, MECM, AllSight, Jamf, etc.) Ensure that all enterprise desktop and mobile device management applications and tools are maintained, and versions updated in a timely fashion and adhere to ITS standards, controls, security policies and procedures. Build and maintain advanced technical expertise in ITS' enterprise desktop and mobile device management applications and tools. Stay abreast of advances in the field and steer technical direction in D&MC, following ITS' architecture review protocols. Asset inventory maintenance, cyclical planning, budgeting, and related projects Develop and maintain a strong understanding of how the inventory data structure, operational processes to add/remove/update records, inventory dashboards and reports, and project workload planning all play a role in planning cyclic replacement of all D&MC assets. Regularly report on anomalies and potential problems in the asset inventories for all supported services and work to resolve. Maintain, provide reports and update replacement schedule and replacement cost fields in the asset inventories for all supported service areas to support budgeting and planning processes. Endpoints service standards, efficient operations and consistent user experiences Provide subject matter expertise, oversee and continuously evaluate hardware and software deployment and support processes, their effectiveness and recommend improvements. Determine and document the standard workstation and printer models and configurations for various use cases including fac/staff, classrooms, conference rooms, research labs; refresh standards, as needed. Oversee the internal and external documentation and maintain all approved desktop and mobile computing standards for the University. Regularly report on workstation hardware, operating systems, software, and printers at risk or outside of defined standards and work to resolve. Determine and document operating system versions used for deployments; determine and manage upgrade cycles. Provide day-to-day operational oversight of operations and service offerings Prepare technical diagrams, configuration logs, process maps, internal and external knowledge base articles, and other documentation, as needed. Provide subject matter expertise, technical support and collaborate across ITS teams and on projects to identify problems, devise creative solutions, and implement proposed recommendations. Other reasonable duties as assigned. Project Management Serve as Project Manager on D&MC projects. Actively participate, as needed, in ITS projects related to your service(s). Functional and Supervisory Relationships: Reports to: Manager of Desktop and Mobile Computing Services Supervises the following positions: None Interacts with: ITS staff; faculty and staff in academic, research, and business units; external vendors/contractors/consultants; peer institutions Job Requirements: Excellent interpersonal, oral, and written communication skills. Organize work, prioritize tasks, and manage multiple and changing priorities. Provide scheduled support and consultation outside normal business hours, including occasional evenings, holidays, or weekends, within reasonable professional obligation and expectation. Report to campus in-person on Mondays, Wednesdays, Fridays, and as needed. This position is eligible to telecommute on Tuesdays and Thursdays, following a probationary period and with supervisor approval. Requirements: Minimum Qualifications: A bachelor's degree from a college or university accredited by a U.S. Department of Education (DOE) or internationally recognized accrediting organization, or at least 6 years of full-time professional experience related to the role. Minimum of 3 years' experience building operating systems and application deployments in a large, complex environment. Minimum of 3 years' experience documenting deployment processes that can be replicated/implemented by field staff. Minimum of 3 years' experience supporting desktops and mobile devices, IT operations, or systems administration addressing and resolving issues escalated for higher level support. Applicants must demonstrate an ability to develop inclusive and equitable relationships within our diverse campus community Applicants must demonstrate an ability to support diversity, equity, access, inclusion, and belonging relative to their role Preferred Qualifications: Minimum of 3 years' experience using Microsoft Endpoint Configuration Manager (MECM); for operating system deployments, application packaging and deployment, and workstation security/patch management. Minimum of 3 years' experience using and maintaining active directory and group policy. Minimum of 3 years' experience developing and continuously maintaining technical documentation within a knowledge base repository. Experience configuring and managing a Microsoft mobile device management (MDM) system such as Microsoft Intune. Experience configuring and managing an Apple mobile device management (MDM) system such as Jamf Pro. Experience using PowerShell (or similar scripting language) to manage workstations, users, AD. Experience using and supporting workstations running Linux operating systems. Working Environment: Typical office environment Additional Information: Professional Rank and Salary Grade: Senior Programmer/Analyst, SL-4, $85,000-$95,000 Special Note: Visa sponsorship is not available for this position. If you currently need sponsorship or will need it in the future to maintain employment authorization, you do not meet eligibility requirements. Additionally, please note that UAlbany is not an E-Verify employer. The Jeanne Clery Disclosure of Campus Security Policy and Campus Crime Statistics Act, or Clery Act, mandates that all Title IV institutions, without exception, prepare, publish and distribute an Annual Security Report. This report consists of two basic parts: disclosure of the University's crime statistics for the past three years; and disclosures regarding the University's current campus security policies. The University at Albany's Annual Security Report is available in portable document format PDF by clicking this link Pursuant to NYS Labor Law 194-A, no State entity, as defined by the Law, is permitted to rely on, orally or in writing seek, request, or require in any form, that an applicant for employment provide his or her current wage, or salary history as a condition to be interviewed . click apply for full job details
Assistant Biosafety Officer, aBSO (5303C) - 83152 About Berkeley At the University of California, Berkeley, we are dedicated to fostering a community where everyone feels welcome and can thrive. Our culture of openness, freedom and belonging make it a special place for students, faculty and staff. As a world-leading institution, Berkeley is known for its academic and research excellence, public mission, diverse student body, and commitment to equity and social justice. Since our founding in 1868, we have driven innovation, creating global intellectual, economic and social value. We are looking for applicants who reflect California's diversity and want to be part of an inclusive, equity-focused community that views education as a matter of social justice. Please consider whether your values align with our Guiding Values and Principles , Principles of Community , and Strategic Plan . At UC Berkeley, we believe that learning is a fundamental part of working, and provide space for supportive colleague communities via numerous employee resource groups (staff organizations). Our goal is for everyone on the Berkeley campus to feel supported and equipped to realize their full potential. We actively support this by providing all of our full-time staff employees with at least 80 hours (10 days) of paid time per year to engage in professional development activities. Find out more about how you can grow your career at UC Berkeley. Departmental Overview The Office of Environment, Health & Safety's (EH&S) mission is to provide guidance and services to the campus community that promote health, safety, and environmental stewardship. EH&S is a highly dynamic, fast paced, committed organization focused on promoting workplace safety and environmental protection for the campus community. We are comprised of many scientific, technical, and administrative professionals, working in an evolving, learning, and sometimes challenging environment with a unified goal of supporting the University's mission of teaching, research and public service. EH&S strives to be an inclusive, service oriented, and operationally excellent organization and is seeking highly motivated individuals who want to learn, be creative, seek continuous competency development, and contribute to our mission. For more information, visit Position Summary The Assistant Biosafety Officer (aBSO) serves as a technical associate to the Campus Biosafety Officer, ensuring the safe use of campus biological agents, recombinant DNA and biohazards in accordance with NIH Guidelines and other applicable regulations. The aBSO reviews research, teaching, and biological use authorization (BUA) protocols and procedures for use in chemical safety and biosafety, and ensures compliance with federal, state, and university mandated laws, regulations and policies. They also monitor compliance by conducting initial and follow-up on-site inspections of laboratory research facilities that conduct biosafety research; and provides support to other research and laboratory safety programs. Application Review Date The First Review Date for this job is: 12/30/2025. For full consideration, please apply by 01/05/2026. This position is open until filled. Responsibilities Develops, implements and monitors biosafety compliance of biological research labs on campus that work with toxins and/or human or nonhuman blood, body fluids, tissues, cell or cell lines, recombinant DNA, plant and animal pathogens, and transgenic species, including but not limited to:Reviews Biological Use Authorizations (BUAs) and procedures to ensure compliance with CDC, NIH and other applicable university, state and federal regulations and requirements.Communicates with BUA holders regarding their BUA and regulatory training compliance status, monitors biosafety cabinet certification status, monitors Material Transfer Agreements, as well as other dynamic lab specific information.Designs new and / or recommends improvements to existing processes and procedures.Performs outreach and communication to organization within relevant field, and performs training to clients and colleagues.Supports Institutional Biosafety Committee (IBC).Serves as a technical associate to the Campus Biosafety Officer, ensuring the safe use of campus bioagents and biohazards via development of program improvements to ensure compliance with regulatory standards and guidelines.Performs technical work related to field(s) of expertise: Animal Research BiosafetyConducts biosafety inspections of animal research facilities, including vivaria and procedure rooms, to assess compliance with relevant regulations, and institutional policies.Identifies corrective actions and writes detailed inspection reports documenting findings, risks, and recommendations.Responsible for inspection follow-up, verifying implementation of corrective actions, and elevating issues to the Biosafety Officer (BSO) or appropriate leadership when needed.Assists in investigating biological or animal-related incidents, contributing to root cause analyses, documentation, and development of corrective and preventive action plans.Supports ongoing development and refinement of the animal biosafety program, including SOP creation, risk assessment tools, and training materials.Supports controlled substances program components in animal research to ensure proper authorization, secure storage, accurate recordkeeping, and compliant disposal.Provides guidance to animal researchers and husbandry staff on safe work practices, engineering controls, PPE, workflow optimization, and implementation of animal biosafety level (ABSL) requirements.Coordinates with veterinary, environmental health and safety, and research oversight groups to maintain a consistent, compliant, and risk-aware animal research environment.Reviews Animal Use Protocol (AUP) submissions for accuracy and completeness from a biosafety perspective, confirming alignment with hazard mitigation strategies, facility capabilities, and species-specific considerations; ensures timely communication of biosafety-related stipulations back to investigators.Serves as a liaison to the Institutional Animal Care and Use Committee (IACUC) by providing biosafety-specific expertise during protocol review cycles, attending designated meetings as needed, and helping interpret how biosafety requirements intersect with animal welfare standards. Supports cross-committee communication to strengthen oversight continuity and reduce gaps between biosafety and animal care expectations.Collaborates with ACUC administrative staff to track trends in protocol-related biosafety issues, contribute to committee and PI educational initiatives, and assist in developing process improvements that streamline the integration of biosafety considerations into the animal research review framework.Performs technical work related to field(s) of expertise: BiosafetyConducts biosafety inspections of laboratories that work with human, plant or animal pathogens and recombinant DNA, including defining corrective actions and writing reports.Responsible for inspection follow-up and recommending to BSO appropriate corrective actions and elevating as needed.Investigates biological incidents, which may result in writing regulatory incident reports, root cause analysis, and devising recommendations for corrective actions as needed.Conducts periodic audits of agent inventory to verify BUA accuracy.Provides guidance to researchers in the field or laboratory regarding safe work practice alternatives, such as safe sharp implementation or workflow design changes.Provides safety consultation and workplace hazard assessment based on need by campus clients.Investigates incidents, complaints, and assists with follow-up action items.Consults with researchers in their labs, and involves EH&S SMEs as needed to reduce hazards and support safer research operations.Adjusts methodologies to meet changing regulatory and scientific environment.May provide support to other EHS programs, including Lab Safety Program, Respiratory Protection Program, and Controlled Substances Program, and any other program per business needs.May work with the Office of Technology Licensing and EH&S Shipping Specialist on bio-related shipping requests to ensure compliance with DOT and IATA guidelines.Within specific field of biosafety, maintains knowledge/expertise on existing/proposed changes in all regulations; interprets and applies relevant laws, regulations, codes and standards, including making recommendations for work environment changes based on interpretations and principles of professional practices. (See Governing Laws and Regulations below)Completes and maintains compliance on campus/systemwide training requirements, as well as any training necessary per role.Staff development: Works on professional committees and assignments, participates in professional training and attends relevant conferences, and/or is mentored or coached on a formal or informal basis.Member of Designated Spill Response Team (Regular rotation, 24/7, every 6-8 weeks, or more frequently as needed.)Provide technical support to the Dedicated Spill Response Team (DSRT) program by serving as a "Designated Responder". Must be accessible via telephone and readily available to respond on-scene to emergencies (e.g., a chemical spill) during business hours . click apply for full job details
01/14/2026
Full time
Assistant Biosafety Officer, aBSO (5303C) - 83152 About Berkeley At the University of California, Berkeley, we are dedicated to fostering a community where everyone feels welcome and can thrive. Our culture of openness, freedom and belonging make it a special place for students, faculty and staff. As a world-leading institution, Berkeley is known for its academic and research excellence, public mission, diverse student body, and commitment to equity and social justice. Since our founding in 1868, we have driven innovation, creating global intellectual, economic and social value. We are looking for applicants who reflect California's diversity and want to be part of an inclusive, equity-focused community that views education as a matter of social justice. Please consider whether your values align with our Guiding Values and Principles , Principles of Community , and Strategic Plan . At UC Berkeley, we believe that learning is a fundamental part of working, and provide space for supportive colleague communities via numerous employee resource groups (staff organizations). Our goal is for everyone on the Berkeley campus to feel supported and equipped to realize their full potential. We actively support this by providing all of our full-time staff employees with at least 80 hours (10 days) of paid time per year to engage in professional development activities. Find out more about how you can grow your career at UC Berkeley. Departmental Overview The Office of Environment, Health & Safety's (EH&S) mission is to provide guidance and services to the campus community that promote health, safety, and environmental stewardship. EH&S is a highly dynamic, fast paced, committed organization focused on promoting workplace safety and environmental protection for the campus community. We are comprised of many scientific, technical, and administrative professionals, working in an evolving, learning, and sometimes challenging environment with a unified goal of supporting the University's mission of teaching, research and public service. EH&S strives to be an inclusive, service oriented, and operationally excellent organization and is seeking highly motivated individuals who want to learn, be creative, seek continuous competency development, and contribute to our mission. For more information, visit Position Summary The Assistant Biosafety Officer (aBSO) serves as a technical associate to the Campus Biosafety Officer, ensuring the safe use of campus biological agents, recombinant DNA and biohazards in accordance with NIH Guidelines and other applicable regulations. The aBSO reviews research, teaching, and biological use authorization (BUA) protocols and procedures for use in chemical safety and biosafety, and ensures compliance with federal, state, and university mandated laws, regulations and policies. They also monitor compliance by conducting initial and follow-up on-site inspections of laboratory research facilities that conduct biosafety research; and provides support to other research and laboratory safety programs. Application Review Date The First Review Date for this job is: 12/30/2025. For full consideration, please apply by 01/05/2026. This position is open until filled. Responsibilities Develops, implements and monitors biosafety compliance of biological research labs on campus that work with toxins and/or human or nonhuman blood, body fluids, tissues, cell or cell lines, recombinant DNA, plant and animal pathogens, and transgenic species, including but not limited to:Reviews Biological Use Authorizations (BUAs) and procedures to ensure compliance with CDC, NIH and other applicable university, state and federal regulations and requirements.Communicates with BUA holders regarding their BUA and regulatory training compliance status, monitors biosafety cabinet certification status, monitors Material Transfer Agreements, as well as other dynamic lab specific information.Designs new and / or recommends improvements to existing processes and procedures.Performs outreach and communication to organization within relevant field, and performs training to clients and colleagues.Supports Institutional Biosafety Committee (IBC).Serves as a technical associate to the Campus Biosafety Officer, ensuring the safe use of campus bioagents and biohazards via development of program improvements to ensure compliance with regulatory standards and guidelines.Performs technical work related to field(s) of expertise: Animal Research BiosafetyConducts biosafety inspections of animal research facilities, including vivaria and procedure rooms, to assess compliance with relevant regulations, and institutional policies.Identifies corrective actions and writes detailed inspection reports documenting findings, risks, and recommendations.Responsible for inspection follow-up, verifying implementation of corrective actions, and elevating issues to the Biosafety Officer (BSO) or appropriate leadership when needed.Assists in investigating biological or animal-related incidents, contributing to root cause analyses, documentation, and development of corrective and preventive action plans.Supports ongoing development and refinement of the animal biosafety program, including SOP creation, risk assessment tools, and training materials.Supports controlled substances program components in animal research to ensure proper authorization, secure storage, accurate recordkeeping, and compliant disposal.Provides guidance to animal researchers and husbandry staff on safe work practices, engineering controls, PPE, workflow optimization, and implementation of animal biosafety level (ABSL) requirements.Coordinates with veterinary, environmental health and safety, and research oversight groups to maintain a consistent, compliant, and risk-aware animal research environment.Reviews Animal Use Protocol (AUP) submissions for accuracy and completeness from a biosafety perspective, confirming alignment with hazard mitigation strategies, facility capabilities, and species-specific considerations; ensures timely communication of biosafety-related stipulations back to investigators.Serves as a liaison to the Institutional Animal Care and Use Committee (IACUC) by providing biosafety-specific expertise during protocol review cycles, attending designated meetings as needed, and helping interpret how biosafety requirements intersect with animal welfare standards. Supports cross-committee communication to strengthen oversight continuity and reduce gaps between biosafety and animal care expectations.Collaborates with ACUC administrative staff to track trends in protocol-related biosafety issues, contribute to committee and PI educational initiatives, and assist in developing process improvements that streamline the integration of biosafety considerations into the animal research review framework.Performs technical work related to field(s) of expertise: BiosafetyConducts biosafety inspections of laboratories that work with human, plant or animal pathogens and recombinant DNA, including defining corrective actions and writing reports.Responsible for inspection follow-up and recommending to BSO appropriate corrective actions and elevating as needed.Investigates biological incidents, which may result in writing regulatory incident reports, root cause analysis, and devising recommendations for corrective actions as needed.Conducts periodic audits of agent inventory to verify BUA accuracy.Provides guidance to researchers in the field or laboratory regarding safe work practice alternatives, such as safe sharp implementation or workflow design changes.Provides safety consultation and workplace hazard assessment based on need by campus clients.Investigates incidents, complaints, and assists with follow-up action items.Consults with researchers in their labs, and involves EH&S SMEs as needed to reduce hazards and support safer research operations.Adjusts methodologies to meet changing regulatory and scientific environment.May provide support to other EHS programs, including Lab Safety Program, Respiratory Protection Program, and Controlled Substances Program, and any other program per business needs.May work with the Office of Technology Licensing and EH&S Shipping Specialist on bio-related shipping requests to ensure compliance with DOT and IATA guidelines.Within specific field of biosafety, maintains knowledge/expertise on existing/proposed changes in all regulations; interprets and applies relevant laws, regulations, codes and standards, including making recommendations for work environment changes based on interpretations and principles of professional practices. (See Governing Laws and Regulations below)Completes and maintains compliance on campus/systemwide training requirements, as well as any training necessary per role.Staff development: Works on professional committees and assignments, participates in professional training and attends relevant conferences, and/or is mentored or coached on a formal or informal basis.Member of Designated Spill Response Team (Regular rotation, 24/7, every 6-8 weeks, or more frequently as needed.)Provide technical support to the Dedicated Spill Response Team (DSRT) program by serving as a "Designated Responder". Must be accessible via telephone and readily available to respond on-scene to emergencies (e.g., a chemical spill) during business hours . click apply for full job details
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details
12/17/2025
Full time
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details
Senior Manager, Customer Trust & Field Security Specialist - Capital One Software (Remote) About the Role: We are seeking an experienced and detail-oriented Senior Manager with horizontal cybersecurity expertise to join our dynamic Customer Trust & Field Security team. This critical role acts as the security expert for our sales and business development efforts, bridging our technical security posture with the questions of prospective customers. You will be responsible for reviewing, interpreting, and responding to customer security-related inquiries, ensuring our responses are accurate, complete, and aligned with our security certifications and documentation. This position is pivotal in establishing and strengthening customer confidence in our cybersecurity, privacy, and compliance programs, influencing product direction and sales strategy to solve real-world security challenges. You will drive transparency, thought leadership, and strategic engagement, ensuring our security posture aligns with industry best practices while enabling business growth. This is an opportunity to be a crucial part of our growth. If you're a cybersecurity professional who enjoys the challenge of communicating technical concepts in a business context, we'd love to hear from you. Key Responsibilities: Customer Trust & Transparency: Scale and build upon existing programs like the Customer Trust Center, providing customers with self-service access to relevant security, privacy, and compliance information. Customer Engagement: Act as a trusted technical and security advisor, engaging customer security teams and IT leaders to align on their cybersecurity & business needs. Serve as the internal subject matter expert on security for the GTM team, supporting sales and account managers in client-facing discussions and presentations. Industry Thought Leadership: Represent the company externally in security and technology conversations, shaping best practices and positioning our solutions as industry-leading. Go-to-Market & Sales Acceleration: Bridge the gap between technical value and business outcomes, aligning security messaging with sales and marketing strategies to drive adoption of our products. Cross-functional Influence & Collaboration: Work closely with the engineering, legal, risk, cyber, and compliance teams to ensure our security responses are accurate and reflect our latest technical and regulatory standing. RFI/RFP Response: Analyze and respond to cybersecurity sections of RFIs (Requests for Information) and RFPs (Requests for Proposal), providing detailed and precise information about our security controls, policies, and procedures. Security Documentation: Maintain and update a knowledge base of our security posture, including security policies, certifications (e.g., SOC 2, ISO 27001), and compliance documentation. Continuous Improvement: Identify trends in customer security inquiries to help improve our documentation and proactive communication strategies. Third-Party Risk & Due Diligence: Support third-party risk and due diligence processes, helping customers efficiently evaluate our security posture. Product Roadmap Contribution: Provide insights on emerging cybersecurity trends and customer expectations to contribute to the product roadmap. Security Sales Playbook Development: Develop and standardize security sales playbooks, equipping sales teams with messaging, objection handling, and case studies, as applicable. Why Join Us: Impactful Role: Play a critical role in shaping our customer trust strategy, directly influencing business growth and sales success by building trust and demonstrating our commitment to security for our customers. Collaborative Culture: Partner with diverse teams across the organization, from engineering to sales, in a fast-paced work environment. Thought Leadership: Represent the company externally and contribute to industry best practices. Customer-Centric Focus: Be part of a team dedicated to empowering organizations to confidently adopt our solutions. Basic Qualifications: At least 7 years of progressive experience in a cybersecurity or information security role, with a strong understanding of security frameworks and best practices, and a focus on horizontal expertise across various domains. At least 4 years in customer - facing roles , acting as a trusted advisor to senior security and IT leaders. Deep technical understanding of cybersecurity principles, data protection, privacy, and compliance frameworks. Familiarity with common cybersecurity concepts, including access control, encryption, network security, and incident response. Excellent written and verbal communication skills with the ability to translate complex technical information into clear, concise, and professional responses for both technical and non-technical audiences. Meticulous and organized, with a proven ability to manage multiple projects and deadlines simultaneously and great attention to detail . Ability to influence and collaborate effectively with cross-functional teams. Preferred Qualifications: Experience in developing and implementing scalable Customer Trust programs. 3+ years experience with Third Party Risk Management programs. Strong business acumen and the ability to translate complex technical concepts into business value. Professional certifications such as CISSP, CISM, CIPP/E, or CompTIA Security+ Experience with cloud services and cloud technologies (e.g., AWS, Microsoft Azure, GCP), cybersecurity technologies, data cloud platforms (e.g., Snowflake, Databricks). At this time, Capital One will not sponsor a new applicant for employment authorization for this position. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. Remote (Regardless of Location): $204,900 - $233,800 for Sr. Manager, Solutions Architecture McLean, VA: $225,400 - $257,200 for Sr. Manager, Solutions Architecture Richmond, VA: $204,900 - $233,800 for Sr. Manager, Solutions Architecture Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations. For technical support or questions about Capital One's recruiting process, please send an email to Capital One does not provide, endorse nor guarantee and is not liable for third-party products, services, educational tools or other information available through this site. Capital One Financial is made up of several different entities. Please note that any position posted in Canada is for Capital One Canada, any position posted in the United Kingdom is for Capital One Europe and any position posted in the Philippines is for Capital One Philippines Service Corp. (COPSSC).
12/17/2025
Full time
Senior Manager, Customer Trust & Field Security Specialist - Capital One Software (Remote) About the Role: We are seeking an experienced and detail-oriented Senior Manager with horizontal cybersecurity expertise to join our dynamic Customer Trust & Field Security team. This critical role acts as the security expert for our sales and business development efforts, bridging our technical security posture with the questions of prospective customers. You will be responsible for reviewing, interpreting, and responding to customer security-related inquiries, ensuring our responses are accurate, complete, and aligned with our security certifications and documentation. This position is pivotal in establishing and strengthening customer confidence in our cybersecurity, privacy, and compliance programs, influencing product direction and sales strategy to solve real-world security challenges. You will drive transparency, thought leadership, and strategic engagement, ensuring our security posture aligns with industry best practices while enabling business growth. This is an opportunity to be a crucial part of our growth. If you're a cybersecurity professional who enjoys the challenge of communicating technical concepts in a business context, we'd love to hear from you. Key Responsibilities: Customer Trust & Transparency: Scale and build upon existing programs like the Customer Trust Center, providing customers with self-service access to relevant security, privacy, and compliance information. Customer Engagement: Act as a trusted technical and security advisor, engaging customer security teams and IT leaders to align on their cybersecurity & business needs. Serve as the internal subject matter expert on security for the GTM team, supporting sales and account managers in client-facing discussions and presentations. Industry Thought Leadership: Represent the company externally in security and technology conversations, shaping best practices and positioning our solutions as industry-leading. Go-to-Market & Sales Acceleration: Bridge the gap between technical value and business outcomes, aligning security messaging with sales and marketing strategies to drive adoption of our products. Cross-functional Influence & Collaboration: Work closely with the engineering, legal, risk, cyber, and compliance teams to ensure our security responses are accurate and reflect our latest technical and regulatory standing. RFI/RFP Response: Analyze and respond to cybersecurity sections of RFIs (Requests for Information) and RFPs (Requests for Proposal), providing detailed and precise information about our security controls, policies, and procedures. Security Documentation: Maintain and update a knowledge base of our security posture, including security policies, certifications (e.g., SOC 2, ISO 27001), and compliance documentation. Continuous Improvement: Identify trends in customer security inquiries to help improve our documentation and proactive communication strategies. Third-Party Risk & Due Diligence: Support third-party risk and due diligence processes, helping customers efficiently evaluate our security posture. Product Roadmap Contribution: Provide insights on emerging cybersecurity trends and customer expectations to contribute to the product roadmap. Security Sales Playbook Development: Develop and standardize security sales playbooks, equipping sales teams with messaging, objection handling, and case studies, as applicable. Why Join Us: Impactful Role: Play a critical role in shaping our customer trust strategy, directly influencing business growth and sales success by building trust and demonstrating our commitment to security for our customers. Collaborative Culture: Partner with diverse teams across the organization, from engineering to sales, in a fast-paced work environment. Thought Leadership: Represent the company externally and contribute to industry best practices. Customer-Centric Focus: Be part of a team dedicated to empowering organizations to confidently adopt our solutions. Basic Qualifications: At least 7 years of progressive experience in a cybersecurity or information security role, with a strong understanding of security frameworks and best practices, and a focus on horizontal expertise across various domains. At least 4 years in customer - facing roles , acting as a trusted advisor to senior security and IT leaders. Deep technical understanding of cybersecurity principles, data protection, privacy, and compliance frameworks. Familiarity with common cybersecurity concepts, including access control, encryption, network security, and incident response. Excellent written and verbal communication skills with the ability to translate complex technical information into clear, concise, and professional responses for both technical and non-technical audiences. Meticulous and organized, with a proven ability to manage multiple projects and deadlines simultaneously and great attention to detail . Ability to influence and collaborate effectively with cross-functional teams. Preferred Qualifications: Experience in developing and implementing scalable Customer Trust programs. 3+ years experience with Third Party Risk Management programs. Strong business acumen and the ability to translate complex technical concepts into business value. Professional certifications such as CISSP, CISM, CIPP/E, or CompTIA Security+ Experience with cloud services and cloud technologies (e.g., AWS, Microsoft Azure, GCP), cybersecurity technologies, data cloud platforms (e.g., Snowflake, Databricks). At this time, Capital One will not sponsor a new applicant for employment authorization for this position. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. Remote (Regardless of Location): $204,900 - $233,800 for Sr. Manager, Solutions Architecture McLean, VA: $225,400 - $257,200 for Sr. Manager, Solutions Architecture Richmond, VA: $204,900 - $233,800 for Sr. Manager, Solutions Architecture Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations. For technical support or questions about Capital One's recruiting process, please send an email to Capital One does not provide, endorse nor guarantee and is not liable for third-party products, services, educational tools or other information available through this site. Capital One Financial is made up of several different entities. Please note that any position posted in Canada is for Capital One Canada, any position posted in the United Kingdom is for Capital One Europe and any position posted in the Philippines is for Capital One Philippines Service Corp. (COPSSC).
Senior Manager, Customer Trust & Field Security Specialist - Capital One Software (Remote) About the Role: We are seeking an experienced and detail-oriented Senior Manager with horizontal cybersecurity expertise to join our dynamic Customer Trust & Field Security team. This critical role acts as the security expert for our sales and business development efforts, bridging our technical security posture with the questions of prospective customers. You will be responsible for reviewing, interpreting, and responding to customer security-related inquiries, ensuring our responses are accurate, complete, and aligned with our security certifications and documentation. This position is pivotal in establishing and strengthening customer confidence in our cybersecurity, privacy, and compliance programs, influencing product direction and sales strategy to solve real-world security challenges. You will drive transparency, thought leadership, and strategic engagement, ensuring our security posture aligns with industry best practices while enabling business growth. This is an opportunity to be a crucial part of our growth. If you're a cybersecurity professional who enjoys the challenge of communicating technical concepts in a business context, we'd love to hear from you. Key Responsibilities: Customer Trust & Transparency: Scale and build upon existing programs like the Customer Trust Center, providing customers with self-service access to relevant security, privacy, and compliance information. Customer Engagement: Act as a trusted technical and security advisor, engaging customer security teams and IT leaders to align on their cybersecurity & business needs. Serve as the internal subject matter expert on security for the GTM team, supporting sales and account managers in client-facing discussions and presentations. Industry Thought Leadership: Represent the company externally in security and technology conversations, shaping best practices and positioning our solutions as industry-leading. Go-to-Market & Sales Acceleration: Bridge the gap between technical value and business outcomes, aligning security messaging with sales and marketing strategies to drive adoption of our products. Cross-functional Influence & Collaboration: Work closely with the engineering, legal, risk, cyber, and compliance teams to ensure our security responses are accurate and reflect our latest technical and regulatory standing. RFI/RFP Response: Analyze and respond to cybersecurity sections of RFIs (Requests for Information) and RFPs (Requests for Proposal), providing detailed and precise information about our security controls, policies, and procedures. Security Documentation: Maintain and update a knowledge base of our security posture, including security policies, certifications (e.g., SOC 2, ISO 27001), and compliance documentation. Continuous Improvement: Identify trends in customer security inquiries to help improve our documentation and proactive communication strategies. Third-Party Risk & Due Diligence: Support third-party risk and due diligence processes, helping customers efficiently evaluate our security posture. Product Roadmap Contribution: Provide insights on emerging cybersecurity trends and customer expectations to contribute to the product roadmap. Security Sales Playbook Development: Develop and standardize security sales playbooks, equipping sales teams with messaging, objection handling, and case studies, as applicable. Why Join Us: Impactful Role: Play a critical role in shaping our customer trust strategy, directly influencing business growth and sales success by building trust and demonstrating our commitment to security for our customers. Collaborative Culture: Partner with diverse teams across the organization, from engineering to sales, in a fast-paced work environment. Thought Leadership: Represent the company externally and contribute to industry best practices. Customer-Centric Focus: Be part of a team dedicated to empowering organizations to confidently adopt our solutions. Basic Qualifications: At least 7 years of progressive experience in a cybersecurity or information security role, with a strong understanding of security frameworks and best practices, and a focus on horizontal expertise across various domains. At least 4 years in customer - facing roles , acting as a trusted advisor to senior security and IT leaders. Deep technical understanding of cybersecurity principles, data protection, privacy, and compliance frameworks. Familiarity with common cybersecurity concepts, including access control, encryption, network security, and incident response. Excellent written and verbal communication skills with the ability to translate complex technical information into clear, concise, and professional responses for both technical and non-technical audiences. Meticulous and organized, with a proven ability to manage multiple projects and deadlines simultaneously and great attention to detail . Ability to influence and collaborate effectively with cross-functional teams. Preferred Qualifications: Experience in developing and implementing scalable Customer Trust programs. 3+ years experience with Third Party Risk Management programs. Strong business acumen and the ability to translate complex technical concepts into business value. Professional certifications such as CISSP, CISM, CIPP/E, or CompTIA Security+ Experience with cloud services and cloud technologies (e.g., AWS, Microsoft Azure, GCP), cybersecurity technologies, data cloud platforms (e.g., Snowflake, Databricks). At this time, Capital One will not sponsor a new applicant for employment authorization for this position. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. Remote (Regardless of Location): $204,900 - $233,800 for Sr. Manager, Solutions Architecture McLean, VA: $225,400 - $257,200 for Sr. Manager, Solutions Architecture Richmond, VA: $204,900 - $233,800 for Sr. Manager, Solutions Architecture Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations. For technical support or questions about Capital One's recruiting process, please send an email to Capital One does not provide, endorse nor guarantee and is not liable for third-party products, services, educational tools or other information available through this site. Capital One Financial is made up of several different entities. Please note that any position posted in Canada is for Capital One Canada, any position posted in the United Kingdom is for Capital One Europe and any position posted in the Philippines is for Capital One Philippines Service Corp. (COPSSC).
12/17/2025
Full time
Senior Manager, Customer Trust & Field Security Specialist - Capital One Software (Remote) About the Role: We are seeking an experienced and detail-oriented Senior Manager with horizontal cybersecurity expertise to join our dynamic Customer Trust & Field Security team. This critical role acts as the security expert for our sales and business development efforts, bridging our technical security posture with the questions of prospective customers. You will be responsible for reviewing, interpreting, and responding to customer security-related inquiries, ensuring our responses are accurate, complete, and aligned with our security certifications and documentation. This position is pivotal in establishing and strengthening customer confidence in our cybersecurity, privacy, and compliance programs, influencing product direction and sales strategy to solve real-world security challenges. You will drive transparency, thought leadership, and strategic engagement, ensuring our security posture aligns with industry best practices while enabling business growth. This is an opportunity to be a crucial part of our growth. If you're a cybersecurity professional who enjoys the challenge of communicating technical concepts in a business context, we'd love to hear from you. Key Responsibilities: Customer Trust & Transparency: Scale and build upon existing programs like the Customer Trust Center, providing customers with self-service access to relevant security, privacy, and compliance information. Customer Engagement: Act as a trusted technical and security advisor, engaging customer security teams and IT leaders to align on their cybersecurity & business needs. Serve as the internal subject matter expert on security for the GTM team, supporting sales and account managers in client-facing discussions and presentations. Industry Thought Leadership: Represent the company externally in security and technology conversations, shaping best practices and positioning our solutions as industry-leading. Go-to-Market & Sales Acceleration: Bridge the gap between technical value and business outcomes, aligning security messaging with sales and marketing strategies to drive adoption of our products. Cross-functional Influence & Collaboration: Work closely with the engineering, legal, risk, cyber, and compliance teams to ensure our security responses are accurate and reflect our latest technical and regulatory standing. RFI/RFP Response: Analyze and respond to cybersecurity sections of RFIs (Requests for Information) and RFPs (Requests for Proposal), providing detailed and precise information about our security controls, policies, and procedures. Security Documentation: Maintain and update a knowledge base of our security posture, including security policies, certifications (e.g., SOC 2, ISO 27001), and compliance documentation. Continuous Improvement: Identify trends in customer security inquiries to help improve our documentation and proactive communication strategies. Third-Party Risk & Due Diligence: Support third-party risk and due diligence processes, helping customers efficiently evaluate our security posture. Product Roadmap Contribution: Provide insights on emerging cybersecurity trends and customer expectations to contribute to the product roadmap. Security Sales Playbook Development: Develop and standardize security sales playbooks, equipping sales teams with messaging, objection handling, and case studies, as applicable. Why Join Us: Impactful Role: Play a critical role in shaping our customer trust strategy, directly influencing business growth and sales success by building trust and demonstrating our commitment to security for our customers. Collaborative Culture: Partner with diverse teams across the organization, from engineering to sales, in a fast-paced work environment. Thought Leadership: Represent the company externally and contribute to industry best practices. Customer-Centric Focus: Be part of a team dedicated to empowering organizations to confidently adopt our solutions. Basic Qualifications: At least 7 years of progressive experience in a cybersecurity or information security role, with a strong understanding of security frameworks and best practices, and a focus on horizontal expertise across various domains. At least 4 years in customer - facing roles , acting as a trusted advisor to senior security and IT leaders. Deep technical understanding of cybersecurity principles, data protection, privacy, and compliance frameworks. Familiarity with common cybersecurity concepts, including access control, encryption, network security, and incident response. Excellent written and verbal communication skills with the ability to translate complex technical information into clear, concise, and professional responses for both technical and non-technical audiences. Meticulous and organized, with a proven ability to manage multiple projects and deadlines simultaneously and great attention to detail . Ability to influence and collaborate effectively with cross-functional teams. Preferred Qualifications: Experience in developing and implementing scalable Customer Trust programs. 3+ years experience with Third Party Risk Management programs. Strong business acumen and the ability to translate complex technical concepts into business value. Professional certifications such as CISSP, CISM, CIPP/E, or CompTIA Security+ Experience with cloud services and cloud technologies (e.g., AWS, Microsoft Azure, GCP), cybersecurity technologies, data cloud platforms (e.g., Snowflake, Databricks). At this time, Capital One will not sponsor a new applicant for employment authorization for this position. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. Remote (Regardless of Location): $204,900 - $233,800 for Sr. Manager, Solutions Architecture McLean, VA: $225,400 - $257,200 for Sr. Manager, Solutions Architecture Richmond, VA: $204,900 - $233,800 for Sr. Manager, Solutions Architecture Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations. For technical support or questions about Capital One's recruiting process, please send an email to Capital One does not provide, endorse nor guarantee and is not liable for third-party products, services, educational tools or other information available through this site. Capital One Financial is made up of several different entities. Please note that any position posted in Canada is for Capital One Canada, any position posted in the United Kingdom is for Capital One Europe and any position posted in the Philippines is for Capital One Philippines Service Corp. (COPSSC).
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details
12/17/2025
Full time
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details
12/17/2025
Full time
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details
12/17/2025
Full time
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details
Senior Manager, Customer Trust & Field Security Specialist - Capital One Software (Remote) About the Role: We are seeking an experienced and detail-oriented Senior Manager with horizontal cybersecurity expertise to join our dynamic Customer Trust & Field Security team. This critical role acts as the security expert for our sales and business development efforts, bridging our technical security posture with the questions of prospective customers. You will be responsible for reviewing, interpreting, and responding to customer security-related inquiries, ensuring our responses are accurate, complete, and aligned with our security certifications and documentation. This position is pivotal in establishing and strengthening customer confidence in our cybersecurity, privacy, and compliance programs, influencing product direction and sales strategy to solve real-world security challenges. You will drive transparency, thought leadership, and strategic engagement, ensuring our security posture aligns with industry best practices while enabling business growth. This is an opportunity to be a crucial part of our growth. If you're a cybersecurity professional who enjoys the challenge of communicating technical concepts in a business context, we'd love to hear from you. Key Responsibilities: Customer Trust & Transparency: Scale and build upon existing programs like the Customer Trust Center, providing customers with self-service access to relevant security, privacy, and compliance information. Customer Engagement: Act as a trusted technical and security advisor, engaging customer security teams and IT leaders to align on their cybersecurity & business needs. Serve as the internal subject matter expert on security for the GTM team, supporting sales and account managers in client-facing discussions and presentations. Industry Thought Leadership: Represent the company externally in security and technology conversations, shaping best practices and positioning our solutions as industry-leading. Go-to-Market & Sales Acceleration: Bridge the gap between technical value and business outcomes, aligning security messaging with sales and marketing strategies to drive adoption of our products. Cross-functional Influence & Collaboration: Work closely with the engineering, legal, risk, cyber, and compliance teams to ensure our security responses are accurate and reflect our latest technical and regulatory standing. RFI/RFP Response: Analyze and respond to cybersecurity sections of RFIs (Requests for Information) and RFPs (Requests for Proposal), providing detailed and precise information about our security controls, policies, and procedures. Security Documentation: Maintain and update a knowledge base of our security posture, including security policies, certifications (e.g., SOC 2, ISO 27001), and compliance documentation. Continuous Improvement: Identify trends in customer security inquiries to help improve our documentation and proactive communication strategies. Third-Party Risk & Due Diligence: Support third-party risk and due diligence processes, helping customers efficiently evaluate our security posture. Product Roadmap Contribution: Provide insights on emerging cybersecurity trends and customer expectations to contribute to the product roadmap. Security Sales Playbook Development: Develop and standardize security sales playbooks, equipping sales teams with messaging, objection handling, and case studies, as applicable. Why Join Us: Impactful Role: Play a critical role in shaping our customer trust strategy, directly influencing business growth and sales success by building trust and demonstrating our commitment to security for our customers. Collaborative Culture: Partner with diverse teams across the organization, from engineering to sales, in a fast-paced work environment. Thought Leadership: Represent the company externally and contribute to industry best practices. Customer-Centric Focus: Be part of a team dedicated to empowering organizations to confidently adopt our solutions. Basic Qualifications: At least 7 years of progressive experience in a cybersecurity or information security role, with a strong understanding of security frameworks and best practices, and a focus on horizontal expertise across various domains. At least 4 years in customer - facing roles , acting as a trusted advisor to senior security and IT leaders. Deep technical understanding of cybersecurity principles, data protection, privacy, and compliance frameworks. Familiarity with common cybersecurity concepts, including access control, encryption, network security, and incident response. Excellent written and verbal communication skills with the ability to translate complex technical information into clear, concise, and professional responses for both technical and non-technical audiences. Meticulous and organized, with a proven ability to manage multiple projects and deadlines simultaneously and great attention to detail . Ability to influence and collaborate effectively with cross-functional teams. Preferred Qualifications: Experience in developing and implementing scalable Customer Trust programs. 3+ years experience with Third Party Risk Management programs. Strong business acumen and the ability to translate complex technical concepts into business value. Professional certifications such as CISSP, CISM, CIPP/E, or CompTIA Security+ Experience with cloud services and cloud technologies (e.g., AWS, Microsoft Azure, GCP), cybersecurity technologies, data cloud platforms (e.g., Snowflake, Databricks). At this time, Capital One will not sponsor a new applicant for employment authorization for this position. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. Remote (Regardless of Location): $204,900 - $233,800 for Sr. Manager, Solutions Architecture McLean, VA: $225,400 - $257,200 for Sr. Manager, Solutions Architecture Richmond, VA: $204,900 - $233,800 for Sr. Manager, Solutions Architecture Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations. For technical support or questions about Capital One's recruiting process, please send an email to Capital One does not provide, endorse nor guarantee and is not liable for third-party products, services, educational tools or other information available through this site. Capital One Financial is made up of several different entities. Please note that any position posted in Canada is for Capital One Canada, any position posted in the United Kingdom is for Capital One Europe and any position posted in the Philippines is for Capital One Philippines Service Corp. (COPSSC).
12/17/2025
Full time
Senior Manager, Customer Trust & Field Security Specialist - Capital One Software (Remote) About the Role: We are seeking an experienced and detail-oriented Senior Manager with horizontal cybersecurity expertise to join our dynamic Customer Trust & Field Security team. This critical role acts as the security expert for our sales and business development efforts, bridging our technical security posture with the questions of prospective customers. You will be responsible for reviewing, interpreting, and responding to customer security-related inquiries, ensuring our responses are accurate, complete, and aligned with our security certifications and documentation. This position is pivotal in establishing and strengthening customer confidence in our cybersecurity, privacy, and compliance programs, influencing product direction and sales strategy to solve real-world security challenges. You will drive transparency, thought leadership, and strategic engagement, ensuring our security posture aligns with industry best practices while enabling business growth. This is an opportunity to be a crucial part of our growth. If you're a cybersecurity professional who enjoys the challenge of communicating technical concepts in a business context, we'd love to hear from you. Key Responsibilities: Customer Trust & Transparency: Scale and build upon existing programs like the Customer Trust Center, providing customers with self-service access to relevant security, privacy, and compliance information. Customer Engagement: Act as a trusted technical and security advisor, engaging customer security teams and IT leaders to align on their cybersecurity & business needs. Serve as the internal subject matter expert on security for the GTM team, supporting sales and account managers in client-facing discussions and presentations. Industry Thought Leadership: Represent the company externally in security and technology conversations, shaping best practices and positioning our solutions as industry-leading. Go-to-Market & Sales Acceleration: Bridge the gap between technical value and business outcomes, aligning security messaging with sales and marketing strategies to drive adoption of our products. Cross-functional Influence & Collaboration: Work closely with the engineering, legal, risk, cyber, and compliance teams to ensure our security responses are accurate and reflect our latest technical and regulatory standing. RFI/RFP Response: Analyze and respond to cybersecurity sections of RFIs (Requests for Information) and RFPs (Requests for Proposal), providing detailed and precise information about our security controls, policies, and procedures. Security Documentation: Maintain and update a knowledge base of our security posture, including security policies, certifications (e.g., SOC 2, ISO 27001), and compliance documentation. Continuous Improvement: Identify trends in customer security inquiries to help improve our documentation and proactive communication strategies. Third-Party Risk & Due Diligence: Support third-party risk and due diligence processes, helping customers efficiently evaluate our security posture. Product Roadmap Contribution: Provide insights on emerging cybersecurity trends and customer expectations to contribute to the product roadmap. Security Sales Playbook Development: Develop and standardize security sales playbooks, equipping sales teams with messaging, objection handling, and case studies, as applicable. Why Join Us: Impactful Role: Play a critical role in shaping our customer trust strategy, directly influencing business growth and sales success by building trust and demonstrating our commitment to security for our customers. Collaborative Culture: Partner with diverse teams across the organization, from engineering to sales, in a fast-paced work environment. Thought Leadership: Represent the company externally and contribute to industry best practices. Customer-Centric Focus: Be part of a team dedicated to empowering organizations to confidently adopt our solutions. Basic Qualifications: At least 7 years of progressive experience in a cybersecurity or information security role, with a strong understanding of security frameworks and best practices, and a focus on horizontal expertise across various domains. At least 4 years in customer - facing roles , acting as a trusted advisor to senior security and IT leaders. Deep technical understanding of cybersecurity principles, data protection, privacy, and compliance frameworks. Familiarity with common cybersecurity concepts, including access control, encryption, network security, and incident response. Excellent written and verbal communication skills with the ability to translate complex technical information into clear, concise, and professional responses for both technical and non-technical audiences. Meticulous and organized, with a proven ability to manage multiple projects and deadlines simultaneously and great attention to detail . Ability to influence and collaborate effectively with cross-functional teams. Preferred Qualifications: Experience in developing and implementing scalable Customer Trust programs. 3+ years experience with Third Party Risk Management programs. Strong business acumen and the ability to translate complex technical concepts into business value. Professional certifications such as CISSP, CISM, CIPP/E, or CompTIA Security+ Experience with cloud services and cloud technologies (e.g., AWS, Microsoft Azure, GCP), cybersecurity technologies, data cloud platforms (e.g., Snowflake, Databricks). At this time, Capital One will not sponsor a new applicant for employment authorization for this position. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. Remote (Regardless of Location): $204,900 - $233,800 for Sr. Manager, Solutions Architecture McLean, VA: $225,400 - $257,200 for Sr. Manager, Solutions Architecture Richmond, VA: $204,900 - $233,800 for Sr. Manager, Solutions Architecture Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations. For technical support or questions about Capital One's recruiting process, please send an email to Capital One does not provide, endorse nor guarantee and is not liable for third-party products, services, educational tools or other information available through this site. Capital One Financial is made up of several different entities. Please note that any position posted in Canada is for Capital One Canada, any position posted in the United Kingdom is for Capital One Europe and any position posted in the Philippines is for Capital One Philippines Service Corp. (COPSSC).
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details
12/17/2025
Full time
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details
Senior Manager, Customer Trust & Field Security Specialist - Capital One Software (Remote) About the Role: We are seeking an experienced and detail-oriented Senior Manager with horizontal cybersecurity expertise to join our dynamic Customer Trust & Field Security team. This critical role acts as the security expert for our sales and business development efforts, bridging our technical security posture with the questions of prospective customers. You will be responsible for reviewing, interpreting, and responding to customer security-related inquiries, ensuring our responses are accurate, complete, and aligned with our security certifications and documentation. This position is pivotal in establishing and strengthening customer confidence in our cybersecurity, privacy, and compliance programs, influencing product direction and sales strategy to solve real-world security challenges. You will drive transparency, thought leadership, and strategic engagement, ensuring our security posture aligns with industry best practices while enabling business growth. This is an opportunity to be a crucial part of our growth. If you're a cybersecurity professional who enjoys the challenge of communicating technical concepts in a business context, we'd love to hear from you. Key Responsibilities: Customer Trust & Transparency: Scale and build upon existing programs like the Customer Trust Center, providing customers with self-service access to relevant security, privacy, and compliance information. Customer Engagement: Act as a trusted technical and security advisor, engaging customer security teams and IT leaders to align on their cybersecurity & business needs. Serve as the internal subject matter expert on security for the GTM team, supporting sales and account managers in client-facing discussions and presentations. Industry Thought Leadership: Represent the company externally in security and technology conversations, shaping best practices and positioning our solutions as industry-leading. Go-to-Market & Sales Acceleration: Bridge the gap between technical value and business outcomes, aligning security messaging with sales and marketing strategies to drive adoption of our products. Cross-functional Influence & Collaboration: Work closely with the engineering, legal, risk, cyber, and compliance teams to ensure our security responses are accurate and reflect our latest technical and regulatory standing. RFI/RFP Response: Analyze and respond to cybersecurity sections of RFIs (Requests for Information) and RFPs (Requests for Proposal), providing detailed and precise information about our security controls, policies, and procedures. Security Documentation: Maintain and update a knowledge base of our security posture, including security policies, certifications (e.g., SOC 2, ISO 27001), and compliance documentation. Continuous Improvement: Identify trends in customer security inquiries to help improve our documentation and proactive communication strategies. Third-Party Risk & Due Diligence: Support third-party risk and due diligence processes, helping customers efficiently evaluate our security posture. Product Roadmap Contribution: Provide insights on emerging cybersecurity trends and customer expectations to contribute to the product roadmap. Security Sales Playbook Development: Develop and standardize security sales playbooks, equipping sales teams with messaging, objection handling, and case studies, as applicable. Why Join Us: Impactful Role: Play a critical role in shaping our customer trust strategy, directly influencing business growth and sales success by building trust and demonstrating our commitment to security for our customers. Collaborative Culture: Partner with diverse teams across the organization, from engineering to sales, in a fast-paced work environment. Thought Leadership: Represent the company externally and contribute to industry best practices. Customer-Centric Focus: Be part of a team dedicated to empowering organizations to confidently adopt our solutions. Basic Qualifications: At least 7 years of progressive experience in a cybersecurity or information security role, with a strong understanding of security frameworks and best practices, and a focus on horizontal expertise across various domains. At least 4 years in customer - facing roles , acting as a trusted advisor to senior security and IT leaders. Deep technical understanding of cybersecurity principles, data protection, privacy, and compliance frameworks. Familiarity with common cybersecurity concepts, including access control, encryption, network security, and incident response. Excellent written and verbal communication skills with the ability to translate complex technical information into clear, concise, and professional responses for both technical and non-technical audiences. Meticulous and organized, with a proven ability to manage multiple projects and deadlines simultaneously and great attention to detail . Ability to influence and collaborate effectively with cross-functional teams. Preferred Qualifications: Experience in developing and implementing scalable Customer Trust programs. 3+ years experience with Third Party Risk Management programs. Strong business acumen and the ability to translate complex technical concepts into business value. Professional certifications such as CISSP, CISM, CIPP/E, or CompTIA Security+ Experience with cloud services and cloud technologies (e.g., AWS, Microsoft Azure, GCP), cybersecurity technologies, data cloud platforms (e.g., Snowflake, Databricks). At this time, Capital One will not sponsor a new applicant for employment authorization for this position. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. Remote (Regardless of Location): $204,900 - $233,800 for Sr. Manager, Solutions Architecture McLean, VA: $225,400 - $257,200 for Sr. Manager, Solutions Architecture Richmond, VA: $204,900 - $233,800 for Sr. Manager, Solutions Architecture Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations. For technical support or questions about Capital One's recruiting process, please send an email to Capital One does not provide, endorse nor guarantee and is not liable for third-party products, services, educational tools or other information available through this site. Capital One Financial is made up of several different entities. Please note that any position posted in Canada is for Capital One Canada, any position posted in the United Kingdom is for Capital One Europe and any position posted in the Philippines is for Capital One Philippines Service Corp. (COPSSC).
12/17/2025
Full time
Senior Manager, Customer Trust & Field Security Specialist - Capital One Software (Remote) About the Role: We are seeking an experienced and detail-oriented Senior Manager with horizontal cybersecurity expertise to join our dynamic Customer Trust & Field Security team. This critical role acts as the security expert for our sales and business development efforts, bridging our technical security posture with the questions of prospective customers. You will be responsible for reviewing, interpreting, and responding to customer security-related inquiries, ensuring our responses are accurate, complete, and aligned with our security certifications and documentation. This position is pivotal in establishing and strengthening customer confidence in our cybersecurity, privacy, and compliance programs, influencing product direction and sales strategy to solve real-world security challenges. You will drive transparency, thought leadership, and strategic engagement, ensuring our security posture aligns with industry best practices while enabling business growth. This is an opportunity to be a crucial part of our growth. If you're a cybersecurity professional who enjoys the challenge of communicating technical concepts in a business context, we'd love to hear from you. Key Responsibilities: Customer Trust & Transparency: Scale and build upon existing programs like the Customer Trust Center, providing customers with self-service access to relevant security, privacy, and compliance information. Customer Engagement: Act as a trusted technical and security advisor, engaging customer security teams and IT leaders to align on their cybersecurity & business needs. Serve as the internal subject matter expert on security for the GTM team, supporting sales and account managers in client-facing discussions and presentations. Industry Thought Leadership: Represent the company externally in security and technology conversations, shaping best practices and positioning our solutions as industry-leading. Go-to-Market & Sales Acceleration: Bridge the gap between technical value and business outcomes, aligning security messaging with sales and marketing strategies to drive adoption of our products. Cross-functional Influence & Collaboration: Work closely with the engineering, legal, risk, cyber, and compliance teams to ensure our security responses are accurate and reflect our latest technical and regulatory standing. RFI/RFP Response: Analyze and respond to cybersecurity sections of RFIs (Requests for Information) and RFPs (Requests for Proposal), providing detailed and precise information about our security controls, policies, and procedures. Security Documentation: Maintain and update a knowledge base of our security posture, including security policies, certifications (e.g., SOC 2, ISO 27001), and compliance documentation. Continuous Improvement: Identify trends in customer security inquiries to help improve our documentation and proactive communication strategies. Third-Party Risk & Due Diligence: Support third-party risk and due diligence processes, helping customers efficiently evaluate our security posture. Product Roadmap Contribution: Provide insights on emerging cybersecurity trends and customer expectations to contribute to the product roadmap. Security Sales Playbook Development: Develop and standardize security sales playbooks, equipping sales teams with messaging, objection handling, and case studies, as applicable. Why Join Us: Impactful Role: Play a critical role in shaping our customer trust strategy, directly influencing business growth and sales success by building trust and demonstrating our commitment to security for our customers. Collaborative Culture: Partner with diverse teams across the organization, from engineering to sales, in a fast-paced work environment. Thought Leadership: Represent the company externally and contribute to industry best practices. Customer-Centric Focus: Be part of a team dedicated to empowering organizations to confidently adopt our solutions. Basic Qualifications: At least 7 years of progressive experience in a cybersecurity or information security role, with a strong understanding of security frameworks and best practices, and a focus on horizontal expertise across various domains. At least 4 years in customer - facing roles , acting as a trusted advisor to senior security and IT leaders. Deep technical understanding of cybersecurity principles, data protection, privacy, and compliance frameworks. Familiarity with common cybersecurity concepts, including access control, encryption, network security, and incident response. Excellent written and verbal communication skills with the ability to translate complex technical information into clear, concise, and professional responses for both technical and non-technical audiences. Meticulous and organized, with a proven ability to manage multiple projects and deadlines simultaneously and great attention to detail . Ability to influence and collaborate effectively with cross-functional teams. Preferred Qualifications: Experience in developing and implementing scalable Customer Trust programs. 3+ years experience with Third Party Risk Management programs. Strong business acumen and the ability to translate complex technical concepts into business value. Professional certifications such as CISSP, CISM, CIPP/E, or CompTIA Security+ Experience with cloud services and cloud technologies (e.g., AWS, Microsoft Azure, GCP), cybersecurity technologies, data cloud platforms (e.g., Snowflake, Databricks). At this time, Capital One will not sponsor a new applicant for employment authorization for this position. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. Remote (Regardless of Location): $204,900 - $233,800 for Sr. Manager, Solutions Architecture McLean, VA: $225,400 - $257,200 for Sr. Manager, Solutions Architecture Richmond, VA: $204,900 - $233,800 for Sr. Manager, Solutions Architecture Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations. For technical support or questions about Capital One's recruiting process, please send an email to Capital One does not provide, endorse nor guarantee and is not liable for third-party products, services, educational tools or other information available through this site. Capital One Financial is made up of several different entities. Please note that any position posted in Canada is for Capital One Canada, any position posted in the United Kingdom is for Capital One Europe and any position posted in the Philippines is for Capital One Philippines Service Corp. (COPSSC).
Senior Manager, Customer Trust & Field Security Specialist - Capital One Software (Remote) About the Role: We are seeking an experienced and detail-oriented Senior Manager with horizontal cybersecurity expertise to join our dynamic Customer Trust & Field Security team. This critical role acts as the security expert for our sales and business development efforts, bridging our technical security posture with the questions of prospective customers. You will be responsible for reviewing, interpreting, and responding to customer security-related inquiries, ensuring our responses are accurate, complete, and aligned with our security certifications and documentation. This position is pivotal in establishing and strengthening customer confidence in our cybersecurity, privacy, and compliance programs, influencing product direction and sales strategy to solve real-world security challenges. You will drive transparency, thought leadership, and strategic engagement, ensuring our security posture aligns with industry best practices while enabling business growth. This is an opportunity to be a crucial part of our growth. If you're a cybersecurity professional who enjoys the challenge of communicating technical concepts in a business context, we'd love to hear from you. Key Responsibilities: Customer Trust & Transparency: Scale and build upon existing programs like the Customer Trust Center, providing customers with self-service access to relevant security, privacy, and compliance information. Customer Engagement: Act as a trusted technical and security advisor, engaging customer security teams and IT leaders to align on their cybersecurity & business needs. Serve as the internal subject matter expert on security for the GTM team, supporting sales and account managers in client-facing discussions and presentations. Industry Thought Leadership: Represent the company externally in security and technology conversations, shaping best practices and positioning our solutions as industry-leading. Go-to-Market & Sales Acceleration: Bridge the gap between technical value and business outcomes, aligning security messaging with sales and marketing strategies to drive adoption of our products. Cross-functional Influence & Collaboration: Work closely with the engineering, legal, risk, cyber, and compliance teams to ensure our security responses are accurate and reflect our latest technical and regulatory standing. RFI/RFP Response: Analyze and respond to cybersecurity sections of RFIs (Requests for Information) and RFPs (Requests for Proposal), providing detailed and precise information about our security controls, policies, and procedures. Security Documentation: Maintain and update a knowledge base of our security posture, including security policies, certifications (e.g., SOC 2, ISO 27001), and compliance documentation. Continuous Improvement: Identify trends in customer security inquiries to help improve our documentation and proactive communication strategies. Third-Party Risk & Due Diligence: Support third-party risk and due diligence processes, helping customers efficiently evaluate our security posture. Product Roadmap Contribution: Provide insights on emerging cybersecurity trends and customer expectations to contribute to the product roadmap. Security Sales Playbook Development: Develop and standardize security sales playbooks, equipping sales teams with messaging, objection handling, and case studies, as applicable. Why Join Us: Impactful Role: Play a critical role in shaping our customer trust strategy, directly influencing business growth and sales success by building trust and demonstrating our commitment to security for our customers. Collaborative Culture: Partner with diverse teams across the organization, from engineering to sales, in a fast-paced work environment. Thought Leadership: Represent the company externally and contribute to industry best practices. Customer-Centric Focus: Be part of a team dedicated to empowering organizations to confidently adopt our solutions. Basic Qualifications: At least 7 years of progressive experience in a cybersecurity or information security role, with a strong understanding of security frameworks and best practices, and a focus on horizontal expertise across various domains. At least 4 years in customer - facing roles , acting as a trusted advisor to senior security and IT leaders. Deep technical understanding of cybersecurity principles, data protection, privacy, and compliance frameworks. Familiarity with common cybersecurity concepts, including access control, encryption, network security, and incident response. Excellent written and verbal communication skills with the ability to translate complex technical information into clear, concise, and professional responses for both technical and non-technical audiences. Meticulous and organized, with a proven ability to manage multiple projects and deadlines simultaneously and great attention to detail . Ability to influence and collaborate effectively with cross-functional teams. Preferred Qualifications: Experience in developing and implementing scalable Customer Trust programs. 3+ years experience with Third Party Risk Management programs. Strong business acumen and the ability to translate complex technical concepts into business value. Professional certifications such as CISSP, CISM, CIPP/E, or CompTIA Security+ Experience with cloud services and cloud technologies (e.g., AWS, Microsoft Azure, GCP), cybersecurity technologies, data cloud platforms (e.g., Snowflake, Databricks). At this time, Capital One will not sponsor a new applicant for employment authorization for this position. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. Remote (Regardless of Location): $204,900 - $233,800 for Sr. Manager, Solutions Architecture McLean, VA: $225,400 - $257,200 for Sr. Manager, Solutions Architecture Richmond, VA: $204,900 - $233,800 for Sr. Manager, Solutions Architecture Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations. For technical support or questions about Capital One's recruiting process, please send an email to Capital One does not provide, endorse nor guarantee and is not liable for third-party products, services, educational tools or other information available through this site. Capital One Financial is made up of several different entities. Please note that any position posted in Canada is for Capital One Canada, any position posted in the United Kingdom is for Capital One Europe and any position posted in the Philippines is for Capital One Philippines Service Corp. (COPSSC).
12/17/2025
Full time
Senior Manager, Customer Trust & Field Security Specialist - Capital One Software (Remote) About the Role: We are seeking an experienced and detail-oriented Senior Manager with horizontal cybersecurity expertise to join our dynamic Customer Trust & Field Security team. This critical role acts as the security expert for our sales and business development efforts, bridging our technical security posture with the questions of prospective customers. You will be responsible for reviewing, interpreting, and responding to customer security-related inquiries, ensuring our responses are accurate, complete, and aligned with our security certifications and documentation. This position is pivotal in establishing and strengthening customer confidence in our cybersecurity, privacy, and compliance programs, influencing product direction and sales strategy to solve real-world security challenges. You will drive transparency, thought leadership, and strategic engagement, ensuring our security posture aligns with industry best practices while enabling business growth. This is an opportunity to be a crucial part of our growth. If you're a cybersecurity professional who enjoys the challenge of communicating technical concepts in a business context, we'd love to hear from you. Key Responsibilities: Customer Trust & Transparency: Scale and build upon existing programs like the Customer Trust Center, providing customers with self-service access to relevant security, privacy, and compliance information. Customer Engagement: Act as a trusted technical and security advisor, engaging customer security teams and IT leaders to align on their cybersecurity & business needs. Serve as the internal subject matter expert on security for the GTM team, supporting sales and account managers in client-facing discussions and presentations. Industry Thought Leadership: Represent the company externally in security and technology conversations, shaping best practices and positioning our solutions as industry-leading. Go-to-Market & Sales Acceleration: Bridge the gap between technical value and business outcomes, aligning security messaging with sales and marketing strategies to drive adoption of our products. Cross-functional Influence & Collaboration: Work closely with the engineering, legal, risk, cyber, and compliance teams to ensure our security responses are accurate and reflect our latest technical and regulatory standing. RFI/RFP Response: Analyze and respond to cybersecurity sections of RFIs (Requests for Information) and RFPs (Requests for Proposal), providing detailed and precise information about our security controls, policies, and procedures. Security Documentation: Maintain and update a knowledge base of our security posture, including security policies, certifications (e.g., SOC 2, ISO 27001), and compliance documentation. Continuous Improvement: Identify trends in customer security inquiries to help improve our documentation and proactive communication strategies. Third-Party Risk & Due Diligence: Support third-party risk and due diligence processes, helping customers efficiently evaluate our security posture. Product Roadmap Contribution: Provide insights on emerging cybersecurity trends and customer expectations to contribute to the product roadmap. Security Sales Playbook Development: Develop and standardize security sales playbooks, equipping sales teams with messaging, objection handling, and case studies, as applicable. Why Join Us: Impactful Role: Play a critical role in shaping our customer trust strategy, directly influencing business growth and sales success by building trust and demonstrating our commitment to security for our customers. Collaborative Culture: Partner with diverse teams across the organization, from engineering to sales, in a fast-paced work environment. Thought Leadership: Represent the company externally and contribute to industry best practices. Customer-Centric Focus: Be part of a team dedicated to empowering organizations to confidently adopt our solutions. Basic Qualifications: At least 7 years of progressive experience in a cybersecurity or information security role, with a strong understanding of security frameworks and best practices, and a focus on horizontal expertise across various domains. At least 4 years in customer - facing roles , acting as a trusted advisor to senior security and IT leaders. Deep technical understanding of cybersecurity principles, data protection, privacy, and compliance frameworks. Familiarity with common cybersecurity concepts, including access control, encryption, network security, and incident response. Excellent written and verbal communication skills with the ability to translate complex technical information into clear, concise, and professional responses for both technical and non-technical audiences. Meticulous and organized, with a proven ability to manage multiple projects and deadlines simultaneously and great attention to detail . Ability to influence and collaborate effectively with cross-functional teams. Preferred Qualifications: Experience in developing and implementing scalable Customer Trust programs. 3+ years experience with Third Party Risk Management programs. Strong business acumen and the ability to translate complex technical concepts into business value. Professional certifications such as CISSP, CISM, CIPP/E, or CompTIA Security+ Experience with cloud services and cloud technologies (e.g., AWS, Microsoft Azure, GCP), cybersecurity technologies, data cloud platforms (e.g., Snowflake, Databricks). At this time, Capital One will not sponsor a new applicant for employment authorization for this position. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. Remote (Regardless of Location): $204,900 - $233,800 for Sr. Manager, Solutions Architecture McLean, VA: $225,400 - $257,200 for Sr. Manager, Solutions Architecture Richmond, VA: $204,900 - $233,800 for Sr. Manager, Solutions Architecture Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations. For technical support or questions about Capital One's recruiting process, please send an email to Capital One does not provide, endorse nor guarantee and is not liable for third-party products, services, educational tools or other information available through this site. Capital One Financial is made up of several different entities. Please note that any position posted in Canada is for Capital One Canada, any position posted in the United Kingdom is for Capital One Europe and any position posted in the Philippines is for Capital One Philippines Service Corp. (COPSSC).
Senior Manager, Customer Trust & Field Security Specialist - Capital One Software (Remote) About the Role: We are seeking an experienced and detail-oriented Senior Manager with horizontal cybersecurity expertise to join our dynamic Customer Trust & Field Security team. This critical role acts as the security expert for our sales and business development efforts, bridging our technical security posture with the questions of prospective customers. You will be responsible for reviewing, interpreting, and responding to customer security-related inquiries, ensuring our responses are accurate, complete, and aligned with our security certifications and documentation. This position is pivotal in establishing and strengthening customer confidence in our cybersecurity, privacy, and compliance programs, influencing product direction and sales strategy to solve real-world security challenges. You will drive transparency, thought leadership, and strategic engagement, ensuring our security posture aligns with industry best practices while enabling business growth. This is an opportunity to be a crucial part of our growth. If you're a cybersecurity professional who enjoys the challenge of communicating technical concepts in a business context, we'd love to hear from you. Key Responsibilities: Customer Trust & Transparency: Scale and build upon existing programs like the Customer Trust Center, providing customers with self-service access to relevant security, privacy, and compliance information. Customer Engagement: Act as a trusted technical and security advisor, engaging customer security teams and IT leaders to align on their cybersecurity & business needs. Serve as the internal subject matter expert on security for the GTM team, supporting sales and account managers in client-facing discussions and presentations. Industry Thought Leadership: Represent the company externally in security and technology conversations, shaping best practices and positioning our solutions as industry-leading. Go-to-Market & Sales Acceleration: Bridge the gap between technical value and business outcomes, aligning security messaging with sales and marketing strategies to drive adoption of our products. Cross-functional Influence & Collaboration: Work closely with the engineering, legal, risk, cyber, and compliance teams to ensure our security responses are accurate and reflect our latest technical and regulatory standing. RFI/RFP Response: Analyze and respond to cybersecurity sections of RFIs (Requests for Information) and RFPs (Requests for Proposal), providing detailed and precise information about our security controls, policies, and procedures. Security Documentation: Maintain and update a knowledge base of our security posture, including security policies, certifications (e.g., SOC 2, ISO 27001), and compliance documentation. Continuous Improvement: Identify trends in customer security inquiries to help improve our documentation and proactive communication strategies. Third-Party Risk & Due Diligence: Support third-party risk and due diligence processes, helping customers efficiently evaluate our security posture. Product Roadmap Contribution: Provide insights on emerging cybersecurity trends and customer expectations to contribute to the product roadmap. Security Sales Playbook Development: Develop and standardize security sales playbooks, equipping sales teams with messaging, objection handling, and case studies, as applicable. Why Join Us: Impactful Role: Play a critical role in shaping our customer trust strategy, directly influencing business growth and sales success by building trust and demonstrating our commitment to security for our customers. Collaborative Culture: Partner with diverse teams across the organization, from engineering to sales, in a fast-paced work environment. Thought Leadership: Represent the company externally and contribute to industry best practices. Customer-Centric Focus: Be part of a team dedicated to empowering organizations to confidently adopt our solutions. Basic Qualifications: At least 7 years of progressive experience in a cybersecurity or information security role, with a strong understanding of security frameworks and best practices, and a focus on horizontal expertise across various domains. At least 4 years in customer - facing roles , acting as a trusted advisor to senior security and IT leaders. Deep technical understanding of cybersecurity principles, data protection, privacy, and compliance frameworks. Familiarity with common cybersecurity concepts, including access control, encryption, network security, and incident response. Excellent written and verbal communication skills with the ability to translate complex technical information into clear, concise, and professional responses for both technical and non-technical audiences. Meticulous and organized, with a proven ability to manage multiple projects and deadlines simultaneously and great attention to detail . Ability to influence and collaborate effectively with cross-functional teams. Preferred Qualifications: Experience in developing and implementing scalable Customer Trust programs. 3+ years experience with Third Party Risk Management programs. Strong business acumen and the ability to translate complex technical concepts into business value. Professional certifications such as CISSP, CISM, CIPP/E, or CompTIA Security+ Experience with cloud services and cloud technologies (e.g., AWS, Microsoft Azure, GCP), cybersecurity technologies, data cloud platforms (e.g., Snowflake, Databricks). At this time, Capital One will not sponsor a new applicant for employment authorization for this position. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. Remote (Regardless of Location): $204,900 - $233,800 for Sr. Manager, Solutions Architecture McLean, VA: $225,400 - $257,200 for Sr. Manager, Solutions Architecture Richmond, VA: $204,900 - $233,800 for Sr. Manager, Solutions Architecture Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations. For technical support or questions about Capital One's recruiting process, please send an email to Capital One does not provide, endorse nor guarantee and is not liable for third-party products, services, educational tools or other information available through this site. Capital One Financial is made up of several different entities. Please note that any position posted in Canada is for Capital One Canada, any position posted in the United Kingdom is for Capital One Europe and any position posted in the Philippines is for Capital One Philippines Service Corp. (COPSSC).
12/17/2025
Full time
Senior Manager, Customer Trust & Field Security Specialist - Capital One Software (Remote) About the Role: We are seeking an experienced and detail-oriented Senior Manager with horizontal cybersecurity expertise to join our dynamic Customer Trust & Field Security team. This critical role acts as the security expert for our sales and business development efforts, bridging our technical security posture with the questions of prospective customers. You will be responsible for reviewing, interpreting, and responding to customer security-related inquiries, ensuring our responses are accurate, complete, and aligned with our security certifications and documentation. This position is pivotal in establishing and strengthening customer confidence in our cybersecurity, privacy, and compliance programs, influencing product direction and sales strategy to solve real-world security challenges. You will drive transparency, thought leadership, and strategic engagement, ensuring our security posture aligns with industry best practices while enabling business growth. This is an opportunity to be a crucial part of our growth. If you're a cybersecurity professional who enjoys the challenge of communicating technical concepts in a business context, we'd love to hear from you. Key Responsibilities: Customer Trust & Transparency: Scale and build upon existing programs like the Customer Trust Center, providing customers with self-service access to relevant security, privacy, and compliance information. Customer Engagement: Act as a trusted technical and security advisor, engaging customer security teams and IT leaders to align on their cybersecurity & business needs. Serve as the internal subject matter expert on security for the GTM team, supporting sales and account managers in client-facing discussions and presentations. Industry Thought Leadership: Represent the company externally in security and technology conversations, shaping best practices and positioning our solutions as industry-leading. Go-to-Market & Sales Acceleration: Bridge the gap between technical value and business outcomes, aligning security messaging with sales and marketing strategies to drive adoption of our products. Cross-functional Influence & Collaboration: Work closely with the engineering, legal, risk, cyber, and compliance teams to ensure our security responses are accurate and reflect our latest technical and regulatory standing. RFI/RFP Response: Analyze and respond to cybersecurity sections of RFIs (Requests for Information) and RFPs (Requests for Proposal), providing detailed and precise information about our security controls, policies, and procedures. Security Documentation: Maintain and update a knowledge base of our security posture, including security policies, certifications (e.g., SOC 2, ISO 27001), and compliance documentation. Continuous Improvement: Identify trends in customer security inquiries to help improve our documentation and proactive communication strategies. Third-Party Risk & Due Diligence: Support third-party risk and due diligence processes, helping customers efficiently evaluate our security posture. Product Roadmap Contribution: Provide insights on emerging cybersecurity trends and customer expectations to contribute to the product roadmap. Security Sales Playbook Development: Develop and standardize security sales playbooks, equipping sales teams with messaging, objection handling, and case studies, as applicable. Why Join Us: Impactful Role: Play a critical role in shaping our customer trust strategy, directly influencing business growth and sales success by building trust and demonstrating our commitment to security for our customers. Collaborative Culture: Partner with diverse teams across the organization, from engineering to sales, in a fast-paced work environment. Thought Leadership: Represent the company externally and contribute to industry best practices. Customer-Centric Focus: Be part of a team dedicated to empowering organizations to confidently adopt our solutions. Basic Qualifications: At least 7 years of progressive experience in a cybersecurity or information security role, with a strong understanding of security frameworks and best practices, and a focus on horizontal expertise across various domains. At least 4 years in customer - facing roles , acting as a trusted advisor to senior security and IT leaders. Deep technical understanding of cybersecurity principles, data protection, privacy, and compliance frameworks. Familiarity with common cybersecurity concepts, including access control, encryption, network security, and incident response. Excellent written and verbal communication skills with the ability to translate complex technical information into clear, concise, and professional responses for both technical and non-technical audiences. Meticulous and organized, with a proven ability to manage multiple projects and deadlines simultaneously and great attention to detail . Ability to influence and collaborate effectively with cross-functional teams. Preferred Qualifications: Experience in developing and implementing scalable Customer Trust programs. 3+ years experience with Third Party Risk Management programs. Strong business acumen and the ability to translate complex technical concepts into business value. Professional certifications such as CISSP, CISM, CIPP/E, or CompTIA Security+ Experience with cloud services and cloud technologies (e.g., AWS, Microsoft Azure, GCP), cybersecurity technologies, data cloud platforms (e.g., Snowflake, Databricks). At this time, Capital One will not sponsor a new applicant for employment authorization for this position. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. Remote (Regardless of Location): $204,900 - $233,800 for Sr. Manager, Solutions Architecture McLean, VA: $225,400 - $257,200 for Sr. Manager, Solutions Architecture Richmond, VA: $204,900 - $233,800 for Sr. Manager, Solutions Architecture Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations. For technical support or questions about Capital One's recruiting process, please send an email to Capital One does not provide, endorse nor guarantee and is not liable for third-party products, services, educational tools or other information available through this site. Capital One Financial is made up of several different entities. Please note that any position posted in Canada is for Capital One Canada, any position posted in the United Kingdom is for Capital One Europe and any position posted in the Philippines is for Capital One Philippines Service Corp. (COPSSC).
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details
12/17/2025
Full time
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details
12/17/2025
Full time
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details
12/17/2025
Full time
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details
Senior Manager, Customer Trust & Field Security Specialist - Capital One Software (Remote) About the Role: We are seeking an experienced and detail-oriented Senior Manager with horizontal cybersecurity expertise to join our dynamic Customer Trust & Field Security team. This critical role acts as the security expert for our sales and business development efforts, bridging our technical security posture with the questions of prospective customers. You will be responsible for reviewing, interpreting, and responding to customer security-related inquiries, ensuring our responses are accurate, complete, and aligned with our security certifications and documentation. This position is pivotal in establishing and strengthening customer confidence in our cybersecurity, privacy, and compliance programs, influencing product direction and sales strategy to solve real-world security challenges. You will drive transparency, thought leadership, and strategic engagement, ensuring our security posture aligns with industry best practices while enabling business growth. This is an opportunity to be a crucial part of our growth. If you're a cybersecurity professional who enjoys the challenge of communicating technical concepts in a business context, we'd love to hear from you. Key Responsibilities: Customer Trust & Transparency: Scale and build upon existing programs like the Customer Trust Center, providing customers with self-service access to relevant security, privacy, and compliance information. Customer Engagement: Act as a trusted technical and security advisor, engaging customer security teams and IT leaders to align on their cybersecurity & business needs. Serve as the internal subject matter expert on security for the GTM team, supporting sales and account managers in client-facing discussions and presentations. Industry Thought Leadership: Represent the company externally in security and technology conversations, shaping best practices and positioning our solutions as industry-leading. Go-to-Market & Sales Acceleration: Bridge the gap between technical value and business outcomes, aligning security messaging with sales and marketing strategies to drive adoption of our products. Cross-functional Influence & Collaboration: Work closely with the engineering, legal, risk, cyber, and compliance teams to ensure our security responses are accurate and reflect our latest technical and regulatory standing. RFI/RFP Response: Analyze and respond to cybersecurity sections of RFIs (Requests for Information) and RFPs (Requests for Proposal), providing detailed and precise information about our security controls, policies, and procedures. Security Documentation: Maintain and update a knowledge base of our security posture, including security policies, certifications (e.g., SOC 2, ISO 27001), and compliance documentation. Continuous Improvement: Identify trends in customer security inquiries to help improve our documentation and proactive communication strategies. Third-Party Risk & Due Diligence: Support third-party risk and due diligence processes, helping customers efficiently evaluate our security posture. Product Roadmap Contribution: Provide insights on emerging cybersecurity trends and customer expectations to contribute to the product roadmap. Security Sales Playbook Development: Develop and standardize security sales playbooks, equipping sales teams with messaging, objection handling, and case studies, as applicable. Why Join Us: Impactful Role: Play a critical role in shaping our customer trust strategy, directly influencing business growth and sales success by building trust and demonstrating our commitment to security for our customers. Collaborative Culture: Partner with diverse teams across the organization, from engineering to sales, in a fast-paced work environment. Thought Leadership: Represent the company externally and contribute to industry best practices. Customer-Centric Focus: Be part of a team dedicated to empowering organizations to confidently adopt our solutions. Basic Qualifications: At least 7 years of progressive experience in a cybersecurity or information security role, with a strong understanding of security frameworks and best practices, and a focus on horizontal expertise across various domains. At least 4 years in customer - facing roles , acting as a trusted advisor to senior security and IT leaders. Deep technical understanding of cybersecurity principles, data protection, privacy, and compliance frameworks. Familiarity with common cybersecurity concepts, including access control, encryption, network security, and incident response. Excellent written and verbal communication skills with the ability to translate complex technical information into clear, concise, and professional responses for both technical and non-technical audiences. Meticulous and organized, with a proven ability to manage multiple projects and deadlines simultaneously and great attention to detail . Ability to influence and collaborate effectively with cross-functional teams. Preferred Qualifications: Experience in developing and implementing scalable Customer Trust programs. 3+ years experience with Third Party Risk Management programs. Strong business acumen and the ability to translate complex technical concepts into business value. Professional certifications such as CISSP, CISM, CIPP/E, or CompTIA Security+ Experience with cloud services and cloud technologies (e.g., AWS, Microsoft Azure, GCP), cybersecurity technologies, data cloud platforms (e.g., Snowflake, Databricks). At this time, Capital One will not sponsor a new applicant for employment authorization for this position. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. Remote (Regardless of Location): $204,900 - $233,800 for Sr. Manager, Solutions Architecture McLean, VA: $225,400 - $257,200 for Sr. Manager, Solutions Architecture Richmond, VA: $204,900 - $233,800 for Sr. Manager, Solutions Architecture Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations. For technical support or questions about Capital One's recruiting process, please send an email to Capital One does not provide, endorse nor guarantee and is not liable for third-party products, services, educational tools or other information available through this site. Capital One Financial is made up of several different entities. Please note that any position posted in Canada is for Capital One Canada, any position posted in the United Kingdom is for Capital One Europe and any position posted in the Philippines is for Capital One Philippines Service Corp. (COPSSC).
12/17/2025
Full time
Senior Manager, Customer Trust & Field Security Specialist - Capital One Software (Remote) About the Role: We are seeking an experienced and detail-oriented Senior Manager with horizontal cybersecurity expertise to join our dynamic Customer Trust & Field Security team. This critical role acts as the security expert for our sales and business development efforts, bridging our technical security posture with the questions of prospective customers. You will be responsible for reviewing, interpreting, and responding to customer security-related inquiries, ensuring our responses are accurate, complete, and aligned with our security certifications and documentation. This position is pivotal in establishing and strengthening customer confidence in our cybersecurity, privacy, and compliance programs, influencing product direction and sales strategy to solve real-world security challenges. You will drive transparency, thought leadership, and strategic engagement, ensuring our security posture aligns with industry best practices while enabling business growth. This is an opportunity to be a crucial part of our growth. If you're a cybersecurity professional who enjoys the challenge of communicating technical concepts in a business context, we'd love to hear from you. Key Responsibilities: Customer Trust & Transparency: Scale and build upon existing programs like the Customer Trust Center, providing customers with self-service access to relevant security, privacy, and compliance information. Customer Engagement: Act as a trusted technical and security advisor, engaging customer security teams and IT leaders to align on their cybersecurity & business needs. Serve as the internal subject matter expert on security for the GTM team, supporting sales and account managers in client-facing discussions and presentations. Industry Thought Leadership: Represent the company externally in security and technology conversations, shaping best practices and positioning our solutions as industry-leading. Go-to-Market & Sales Acceleration: Bridge the gap between technical value and business outcomes, aligning security messaging with sales and marketing strategies to drive adoption of our products. Cross-functional Influence & Collaboration: Work closely with the engineering, legal, risk, cyber, and compliance teams to ensure our security responses are accurate and reflect our latest technical and regulatory standing. RFI/RFP Response: Analyze and respond to cybersecurity sections of RFIs (Requests for Information) and RFPs (Requests for Proposal), providing detailed and precise information about our security controls, policies, and procedures. Security Documentation: Maintain and update a knowledge base of our security posture, including security policies, certifications (e.g., SOC 2, ISO 27001), and compliance documentation. Continuous Improvement: Identify trends in customer security inquiries to help improve our documentation and proactive communication strategies. Third-Party Risk & Due Diligence: Support third-party risk and due diligence processes, helping customers efficiently evaluate our security posture. Product Roadmap Contribution: Provide insights on emerging cybersecurity trends and customer expectations to contribute to the product roadmap. Security Sales Playbook Development: Develop and standardize security sales playbooks, equipping sales teams with messaging, objection handling, and case studies, as applicable. Why Join Us: Impactful Role: Play a critical role in shaping our customer trust strategy, directly influencing business growth and sales success by building trust and demonstrating our commitment to security for our customers. Collaborative Culture: Partner with diverse teams across the organization, from engineering to sales, in a fast-paced work environment. Thought Leadership: Represent the company externally and contribute to industry best practices. Customer-Centric Focus: Be part of a team dedicated to empowering organizations to confidently adopt our solutions. Basic Qualifications: At least 7 years of progressive experience in a cybersecurity or information security role, with a strong understanding of security frameworks and best practices, and a focus on horizontal expertise across various domains. At least 4 years in customer - facing roles , acting as a trusted advisor to senior security and IT leaders. Deep technical understanding of cybersecurity principles, data protection, privacy, and compliance frameworks. Familiarity with common cybersecurity concepts, including access control, encryption, network security, and incident response. Excellent written and verbal communication skills with the ability to translate complex technical information into clear, concise, and professional responses for both technical and non-technical audiences. Meticulous and organized, with a proven ability to manage multiple projects and deadlines simultaneously and great attention to detail . Ability to influence and collaborate effectively with cross-functional teams. Preferred Qualifications: Experience in developing and implementing scalable Customer Trust programs. 3+ years experience with Third Party Risk Management programs. Strong business acumen and the ability to translate complex technical concepts into business value. Professional certifications such as CISSP, CISM, CIPP/E, or CompTIA Security+ Experience with cloud services and cloud technologies (e.g., AWS, Microsoft Azure, GCP), cybersecurity technologies, data cloud platforms (e.g., Snowflake, Databricks). At this time, Capital One will not sponsor a new applicant for employment authorization for this position. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. Remote (Regardless of Location): $204,900 - $233,800 for Sr. Manager, Solutions Architecture McLean, VA: $225,400 - $257,200 for Sr. Manager, Solutions Architecture Richmond, VA: $204,900 - $233,800 for Sr. Manager, Solutions Architecture Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations. For technical support or questions about Capital One's recruiting process, please send an email to Capital One does not provide, endorse nor guarantee and is not liable for third-party products, services, educational tools or other information available through this site. Capital One Financial is made up of several different entities. Please note that any position posted in Canada is for Capital One Canada, any position posted in the United Kingdom is for Capital One Europe and any position posted in the Philippines is for Capital One Philippines Service Corp. (COPSSC).
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details
12/17/2025
Full time
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details
12/17/2025
Full time
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details