In this role, you will provide cybersecurity engineering support to classified networks, ensuring the confidentiality, integrity, and availability of systems aligned with U.S. Space Force priorities. You will assist in the design and implementation of security solutions to protect against evolving cyber threats. You will support cybersecurity program activities by providing recommendations in accordance with DAF, DoD, and IC standards. Responsibilities include conducting program reviews, tracking action items, and ensuring compliance with IT security policies. As a cybersecurity subject matter expert, you will ensure solutions are compatible with existing systems and properly coordinated through configuration management processes while supporting program leadership and government stakeholders. Key Responsibilities The Cybersecurity Information Systems Security Engineer, SME will: Provide strategic and technical guidance to project teams supporting mission-critical DoD initiatives Lead research, design, and development efforts to meet program requirements and specifications Oversee technical execution of major initiatives, ensuring alignment with performance, schedule, and budget objectives Monitor and evaluate design considerations, including cost, schedule, and technical impacts Identify and assess risks, providing actionable insights to mitigate impacts to program execution Ensure deliverables meet quality standards and align with operational and warfighting objectives Facilitate collaboration across cross-functional teams and stakeholders to achieve project goals Initiate, refine, and manage project requirements through full lifecycle completion Conduct studies, data analysis, and evaluations to support strategic decision-making Requirements Skills and Experience The Cybersecurity Information Systems Security Engineer, SME must have: Active TS/SCI 15+ years of relevant experience supporting DoD programs Experience in aerospace and/or industry strategy environments Deep knowledge of the Risk Management Framework (RMF) and NIST standards Expertise in cybersecurity policies, programs, and best practices Proven ability to manage projects end-to-end, including scope, resources, timelines, and risk Strong analytical and critical thinking skills, with a proactive approach to problem-solving Ability to work independently while effectively engaging with team members and senior leadership Strong communication skills, with the ability to clearly articulate complex concepts and strategies Recognized as a subject matter expert or leader within the field Education and Certifications Required: Masters degree (MA, MS, or ME) Equivalent work experience may be considered in lieu of education DoD 8170 IASAE Level III (IAM Level III with relevant experience may be considered as a substitute) Benefits Medical, dental, vision, disability, and life insurance Flexible Spending Accounts 401(k) PTO Paid Parental Leave Tuition reimbursement Paid federal holidays
06/14/2026
In this role, you will provide cybersecurity engineering support to classified networks, ensuring the confidentiality, integrity, and availability of systems aligned with U.S. Space Force priorities. You will assist in the design and implementation of security solutions to protect against evolving cyber threats. You will support cybersecurity program activities by providing recommendations in accordance with DAF, DoD, and IC standards. Responsibilities include conducting program reviews, tracking action items, and ensuring compliance with IT security policies. As a cybersecurity subject matter expert, you will ensure solutions are compatible with existing systems and properly coordinated through configuration management processes while supporting program leadership and government stakeholders. Key Responsibilities The Cybersecurity Information Systems Security Engineer, SME will: Provide strategic and technical guidance to project teams supporting mission-critical DoD initiatives Lead research, design, and development efforts to meet program requirements and specifications Oversee technical execution of major initiatives, ensuring alignment with performance, schedule, and budget objectives Monitor and evaluate design considerations, including cost, schedule, and technical impacts Identify and assess risks, providing actionable insights to mitigate impacts to program execution Ensure deliverables meet quality standards and align with operational and warfighting objectives Facilitate collaboration across cross-functional teams and stakeholders to achieve project goals Initiate, refine, and manage project requirements through full lifecycle completion Conduct studies, data analysis, and evaluations to support strategic decision-making Requirements Skills and Experience The Cybersecurity Information Systems Security Engineer, SME must have: Active TS/SCI 15+ years of relevant experience supporting DoD programs Experience in aerospace and/or industry strategy environments Deep knowledge of the Risk Management Framework (RMF) and NIST standards Expertise in cybersecurity policies, programs, and best practices Proven ability to manage projects end-to-end, including scope, resources, timelines, and risk Strong analytical and critical thinking skills, with a proactive approach to problem-solving Ability to work independently while effectively engaging with team members and senior leadership Strong communication skills, with the ability to clearly articulate complex concepts and strategies Recognized as a subject matter expert or leader within the field Education and Certifications Required: Masters degree (MA, MS, or ME) Equivalent work experience may be considered in lieu of education DoD 8170 IASAE Level III (IAM Level III with relevant experience may be considered as a substitute) Benefits Medical, dental, vision, disability, and life insurance Flexible Spending Accounts 401(k) PTO Paid Parental Leave Tuition reimbursement Paid federal holidays
Manager, Title IX and Clery Compliance Job ID: 293355 Location: Augusta University Full/Part Time: Full Time Regular/Temporary: About Us Augusta University is Georgia's innovation center for education and health care, training the next generation of innovators, leaders, and healthcare providers in classrooms and clinics on four campuses in Augusta and locations across the state. More than 12,000 students choose Augusta for educational opportunities at the center of Georgia's cybersecurity hub and experiential learning that blends arts and application, humanities, and the health sciences. Augusta is home to Georgia's only public academic health center, where groundbreaking research is creating a healthier, more prosperous Georgia, and world-class clinicians are bringing the medicine of tomorrow to patient care today. Our mission and values make Augusta University an institution like no other. Augusta University's distinct characteristics in education and research include real-world experiences and community engagement, as well as a culture of building community, corporate and government partnerships that address health, security, economic and societal concerns locally and across the state. The University System of Georgia is comprised of our 26 institutions of higher education and learning as well as the System Office. Our USG Statement of Core Values are Integrity, Excellence, Accountability, and Respect. These values serve as the foundation for all that we do as an organization, and each USG community member is responsible for demonstrating and upholding these standards. More details on the USG Statement of Core Values and Code of Conduct are available in USG Board Policy 8.2.18.1.2 and can be found online at Additionally, USG supports Freedom of Expression as stated in Board Policy 6.5 Freedom of Expression and Academic Freedom found online at . Location Augusta University- Our Health Sciences Campus: th Street, Augusta, GA 30912 Our Summerville Campus: 2500 Walton Way, Augusta, GA 30904 Job Summary The Manager of Title IX and Clery Compliance serves as the university's accountability, education, and compliance leader of the Title IX and Clery Act programs. The Manager is the designated institutional Title IX Coordinator responsible for overseeing all aspects of university compliance with Title IX of the Educational Amendments of 1972, as well as other laws and rules related to sexual misconduct and sex discrimination and is responsible for the coordination and implementation of the university's efforts to foster a culture and environment that supports a safe and respectful campus to learn, live, and work on. The Manager is also responsible for the oversight of institutional Clery Act compliance through supervision of the university Title IX Investigator. Responsibilities GENERAL RESPONSIBILITIES: Ensure the University's policies/procedures and practices regarding sexual harassment & sexual misconduct comply with Title IX and other laws and reflect current best practices. Provide accessible methods for students and employees to report alleged sex discrimination, sexual harassment, sexual misconduct, and retaliation, including confidential/anonymous reporting options. Respond to complaints of alleged sex discrimination/harassment/misconduct, and retaliation, including meeting with complainants and respondents and arranging interim and supportive measures and remedies, as appropriate. Ensure supportive & remedial measures are documented, including basis for conclusions are designed to preserve access to institutional programs/activities. Manage the University's timely response to investigations of complaints pursuant to anti-discrimination laws and policies, including sexual harassment and sexual misconduct, as well as forms of sex discrimination. Maintain records in accordance with the law and University policies. Identify, assess, and address any patterns that arise during reviews of complaints of alleged discrimination, sexual harassment, and sexual misconduct. Make certain the University's Clery Act policies, procedures, and practices comply with laws and reflect current best practices. COLLABORATION:Advise and collaborate with the General Counsel, the Offices of Student Affairs, Human Resources, Athletics, Campus Police, Faculty Affairs, and others as appropriate on the status of initiatives, compliance, pending matters, challenges, and resource needs of Title IX and Clery Act compliance. Work collaboratively with Human Resources, General Counsel, Student Life, Campus Police, and other colleagues across the University to oversee complaints/reports, investigations, and training requirements. Partner with Student Health, Counseling, Student Affairs, and other relevant offices to provide continuity of care for all reporting parties, including those whose complaints do not proceed to formal investigation. Partner with the Student Wellness coordinator on initiatives associated with the Office on Violence Against Women (OVW) aimed to improve services and trainings related to sexual assault, domestic violence, and stalking. SERVICE/OUTREACH: Serve as chair for the Domestic Violence and Sexual Assault Awareness committees to create a culture of consent across campus and raise awareness of educational resources around sexual violence prevention and community wellness. Lead in the development, implementation, and coordination of campus-based strategic awareness and programming efforts aimed at the prevention of discrimination, harassment, sexual harassment, and sexual misconduct and retaliation. Represent the university on the Augusta Judicial Sexual Assault Response Team. Key member of the institutional Committee of Equity Leaders MANAGEMENT: Direct supervisor to the institutional Title IX Investigator/Clery Coordinator. Oversee Deputy Title IX Coordinators across campus and other key members of the Title IX Team, including advisors, investigators, hearing panelists, and hearing officers. EDUCATION/TRAINING: Train Title IX team and staff responsible for implementing grievance procedures. Manage the development and implementation of the education and training of the campus community on Title IX and ensure that the campus community is aware of how and when to report complaints related to these laws and policies. Govern the recruiting and training of Title IX team members. ADVISORY: Review and provide necessary feedback to Title IX team members on all documents related to the Title IX grievance process including investigative reports, outcomes, and appeal letters. Review and provide necessary feedback on annual Clery Security Report and Crime Statistics. Advise and direct the Clery Coordinator and the Clery Committee to ensure compliance and best practices pertaining to campus safety. : Perform other duties as assigned. Required Qualifications Bachelor's degree from an accredited college or university and five years of experience in project management, systems administration/integration, data integrity/analytics, or related field. Preferred Qualifications Master's degree from an accredited college or university in Business Administration, statistics, data analytics, or a related field preferred. Knowledge, Skills, & Abilities KNOWLEDGE Knowledge of Title IX and regulatory requirements. Proficient in Microsoft Office and other computer software/databases. Knowledge of the principles, policies/procedures related to Title IX compliance and techniques of educational administration. Thorough knowledge of University policies and procedures related to Augusta University. Thorough knowledge of USG rules and regulations preferred. Knowledge of integrated Information systems and/or process design and engineering. SKILLS Strong problem-solving skills Excellent interpersonal, written, and verbal communication skills. Detail-oriented with strong prioritization and organizational skills. ABILITIES Ability to develop and disseminate educational materials to students, faculty, and staff. Ability to conduct investigations, as well as consultation with university administrators and Senior Leadership. Ability to maintain confidentiality. Ability to plan and coordinate work independently. Shift/Salary/Benefits Shift: Days; M-F (Work outside of the standard business hours may be required) Pay Band: B12 Salary: $62,300/annually-$78,400/annually Salary to be commensurate with qualifications of the selected candidate within the established range (generally minimum-midpoint) of the position Recruitment Period: Until Filled Augusta University offers a variety of benefits to full-time benefits-eligible employees and some of our half-time (or more) employees. Benefits that may be elected could include health insurance, dental insurance, life insurance, Teachers Retirement System (or Optional Retirement Plan), as well as earned vacation time, sick leave, and 13 paid holidays. Also, our full-time employees who have been employed with us successfully for more than 6 months can be considered for the Tuition Assistance Program. Consider applying with us today! Conditions of Employment . click apply for full job details
01/14/2026
Full time
Manager, Title IX and Clery Compliance Job ID: 293355 Location: Augusta University Full/Part Time: Full Time Regular/Temporary: About Us Augusta University is Georgia's innovation center for education and health care, training the next generation of innovators, leaders, and healthcare providers in classrooms and clinics on four campuses in Augusta and locations across the state. More than 12,000 students choose Augusta for educational opportunities at the center of Georgia's cybersecurity hub and experiential learning that blends arts and application, humanities, and the health sciences. Augusta is home to Georgia's only public academic health center, where groundbreaking research is creating a healthier, more prosperous Georgia, and world-class clinicians are bringing the medicine of tomorrow to patient care today. Our mission and values make Augusta University an institution like no other. Augusta University's distinct characteristics in education and research include real-world experiences and community engagement, as well as a culture of building community, corporate and government partnerships that address health, security, economic and societal concerns locally and across the state. The University System of Georgia is comprised of our 26 institutions of higher education and learning as well as the System Office. Our USG Statement of Core Values are Integrity, Excellence, Accountability, and Respect. These values serve as the foundation for all that we do as an organization, and each USG community member is responsible for demonstrating and upholding these standards. More details on the USG Statement of Core Values and Code of Conduct are available in USG Board Policy 8.2.18.1.2 and can be found online at Additionally, USG supports Freedom of Expression as stated in Board Policy 6.5 Freedom of Expression and Academic Freedom found online at . Location Augusta University- Our Health Sciences Campus: th Street, Augusta, GA 30912 Our Summerville Campus: 2500 Walton Way, Augusta, GA 30904 Job Summary The Manager of Title IX and Clery Compliance serves as the university's accountability, education, and compliance leader of the Title IX and Clery Act programs. The Manager is the designated institutional Title IX Coordinator responsible for overseeing all aspects of university compliance with Title IX of the Educational Amendments of 1972, as well as other laws and rules related to sexual misconduct and sex discrimination and is responsible for the coordination and implementation of the university's efforts to foster a culture and environment that supports a safe and respectful campus to learn, live, and work on. The Manager is also responsible for the oversight of institutional Clery Act compliance through supervision of the university Title IX Investigator. Responsibilities GENERAL RESPONSIBILITIES: Ensure the University's policies/procedures and practices regarding sexual harassment & sexual misconduct comply with Title IX and other laws and reflect current best practices. Provide accessible methods for students and employees to report alleged sex discrimination, sexual harassment, sexual misconduct, and retaliation, including confidential/anonymous reporting options. Respond to complaints of alleged sex discrimination/harassment/misconduct, and retaliation, including meeting with complainants and respondents and arranging interim and supportive measures and remedies, as appropriate. Ensure supportive & remedial measures are documented, including basis for conclusions are designed to preserve access to institutional programs/activities. Manage the University's timely response to investigations of complaints pursuant to anti-discrimination laws and policies, including sexual harassment and sexual misconduct, as well as forms of sex discrimination. Maintain records in accordance with the law and University policies. Identify, assess, and address any patterns that arise during reviews of complaints of alleged discrimination, sexual harassment, and sexual misconduct. Make certain the University's Clery Act policies, procedures, and practices comply with laws and reflect current best practices. COLLABORATION:Advise and collaborate with the General Counsel, the Offices of Student Affairs, Human Resources, Athletics, Campus Police, Faculty Affairs, and others as appropriate on the status of initiatives, compliance, pending matters, challenges, and resource needs of Title IX and Clery Act compliance. Work collaboratively with Human Resources, General Counsel, Student Life, Campus Police, and other colleagues across the University to oversee complaints/reports, investigations, and training requirements. Partner with Student Health, Counseling, Student Affairs, and other relevant offices to provide continuity of care for all reporting parties, including those whose complaints do not proceed to formal investigation. Partner with the Student Wellness coordinator on initiatives associated with the Office on Violence Against Women (OVW) aimed to improve services and trainings related to sexual assault, domestic violence, and stalking. SERVICE/OUTREACH: Serve as chair for the Domestic Violence and Sexual Assault Awareness committees to create a culture of consent across campus and raise awareness of educational resources around sexual violence prevention and community wellness. Lead in the development, implementation, and coordination of campus-based strategic awareness and programming efforts aimed at the prevention of discrimination, harassment, sexual harassment, and sexual misconduct and retaliation. Represent the university on the Augusta Judicial Sexual Assault Response Team. Key member of the institutional Committee of Equity Leaders MANAGEMENT: Direct supervisor to the institutional Title IX Investigator/Clery Coordinator. Oversee Deputy Title IX Coordinators across campus and other key members of the Title IX Team, including advisors, investigators, hearing panelists, and hearing officers. EDUCATION/TRAINING: Train Title IX team and staff responsible for implementing grievance procedures. Manage the development and implementation of the education and training of the campus community on Title IX and ensure that the campus community is aware of how and when to report complaints related to these laws and policies. Govern the recruiting and training of Title IX team members. ADVISORY: Review and provide necessary feedback to Title IX team members on all documents related to the Title IX grievance process including investigative reports, outcomes, and appeal letters. Review and provide necessary feedback on annual Clery Security Report and Crime Statistics. Advise and direct the Clery Coordinator and the Clery Committee to ensure compliance and best practices pertaining to campus safety. : Perform other duties as assigned. Required Qualifications Bachelor's degree from an accredited college or university and five years of experience in project management, systems administration/integration, data integrity/analytics, or related field. Preferred Qualifications Master's degree from an accredited college or university in Business Administration, statistics, data analytics, or a related field preferred. Knowledge, Skills, & Abilities KNOWLEDGE Knowledge of Title IX and regulatory requirements. Proficient in Microsoft Office and other computer software/databases. Knowledge of the principles, policies/procedures related to Title IX compliance and techniques of educational administration. Thorough knowledge of University policies and procedures related to Augusta University. Thorough knowledge of USG rules and regulations preferred. Knowledge of integrated Information systems and/or process design and engineering. SKILLS Strong problem-solving skills Excellent interpersonal, written, and verbal communication skills. Detail-oriented with strong prioritization and organizational skills. ABILITIES Ability to develop and disseminate educational materials to students, faculty, and staff. Ability to conduct investigations, as well as consultation with university administrators and Senior Leadership. Ability to maintain confidentiality. Ability to plan and coordinate work independently. Shift/Salary/Benefits Shift: Days; M-F (Work outside of the standard business hours may be required) Pay Band: B12 Salary: $62,300/annually-$78,400/annually Salary to be commensurate with qualifications of the selected candidate within the established range (generally minimum-midpoint) of the position Recruitment Period: Until Filled Augusta University offers a variety of benefits to full-time benefits-eligible employees and some of our half-time (or more) employees. Benefits that may be elected could include health insurance, dental insurance, life insurance, Teachers Retirement System (or Optional Retirement Plan), as well as earned vacation time, sick leave, and 13 paid holidays. Also, our full-time employees who have been employed with us successfully for more than 6 months can be considered for the Tuition Assistance Program. Consider applying with us today! Conditions of Employment . click apply for full job details
Job Title: Research Engineer (Open Rank) Location: Atlanta, Georgia Regular/Temporary: Regular Full/Part Time: Full-Time Job ID: 292707 About Us Overview Georgia Tech prides itself on its technological resources, collaborations, high-quality student body, and its commitment to building an outstanding and diverse community of learning, discovery, and creation. We strongly encourage applicants whose values align with our institutional values, as outlined in our Strategic Plan. These values include academic excellence, diversity of thought and experience, inquiry and innovation, collaboration and community, and ethical behavior and stewardship. Georgia Tech has policies to promote a healthy work-life balance and is aware that attracting faculty may require meeting the needs of two careers. About Georgia Tech Georgia Tech is a top-ranked public research university situated in the heart of Atlanta, a diverse and vibrant city with numerous economic and cultural strengths. The Institute serves more than 45,000 students through top-ranked undergraduate, graduate, and executive programs in engineering, computing, science, business, design, and liberal arts. Georgia Tech's faculty attracted more than $1.4 billion in research awards this past year in fields ranging from biomedical technology to artificial intelligence, energy, sustainability, semiconductors, neuroscience, and national security. Georgia Tech ranks among the nation's top 20 universities for research and development spending and No. 1 among institutions without a medical school. Georgia Tech's Mission and Values Georgia Tech's mission is to develop leaders who advance technology and improve the human condition. The Institute has nine key values that are foundational to everything we do: Students are our top priority. We strive for excellence. We thrive on diversity. We celebrate collaboration. We champion innovation. We safeguard freedom of inquiry and expression. We nurture the wellbeing of our community. We act ethically. We are responsible stewards. Over the next decade, Georgia Tech will become an example of inclusive innovation, a leading technological research university of unmatched scale, relentlessly committed to serving the public good; breaking new ground in addressing the biggest local, national, and global challenges and opportunities of our time; making technology broadly accessible; and developing exceptional, principled leaders from all backgrounds ready to produce novel ideas and create solutions with real human impact. About the College of Computing at the Georgia Institute of Technology The College of Computing has been a leader in defining modern computing as a paradigm that combines the foundations of theoretical mathematics and information science, the force of invention in computational systems and processes, and interdisciplinary practice that integrates innovation in computing with all facets of life. Today, the college comprises five schools that offer unique academic programs and conduct research specifically related to their concentration areas: Computer Science, Computing Instruction, Cybersecurity and Privacy, Interactive Computing, and Computational Science and Engineering. The Team The Center for Scientific Software Engineering (CSSE) is focused on the development and dissemination of software engineering best practices to accelerate both the quality and pace of scientific discovery at Georgia Tech and throughout the scientific community. Location Atlanta, GA Job Summary The School of Computational Science and Engineering (CSE) at GA Tech is seeking to hire a Research Engineer (Open Rank) to serve as a Product Manager. CSE is enhancing our impact on the Georgia Tech ecosystem through new programs that help students become better Research Software Engineers. With this increased capacity, we will amplify the impact of research conducted by Georgia Tech's scientific community. We are expanding our team of 6 professional software engineers (with varying degrees of industry experience) to include a Product Manager who is excited about working in a highly dynamic and research-oriented environment. This is a hybrid working position. Responsibilities Partner with Georgia Tech faculty to identify areas of scientific research likely to benefit from dedicated Research Software Engineering. Establish goals and requirements to create new functionality that maximize Research Software Engineering contributions. Pair students with Research Software Engineering mentors in the Center for Scientific Software Engineering. Partner with student Research Software Engineers to create development plans that deliver agreed-upon functionality. Monitor the progress of student Research Software Engineers as they embark on established development plans. Refine CSSE team processes to achieve our collective goals more efficiently. Required Qualifications This position vacancy is an open rank announcement. Final job offer will be dependent on candidate qualifications in alignment with Research Faculty Georgia Tech Faculty Handbook () Research Engineer I Bachelor's degree Research Engineer II Three (3) years of relevant full-time experience after completion of Master's or Five (5) years of relevant full-time experience after completion of Bachelor's or Doctoral Degree Senior Research Engineer Master's degree with seven (7) years of relevant full-time experience after completion of that degree, or Master's degree with nine (9) years of relevant full-time experience after completion of a Bachelor's degree, or Doctoral degree with four (4) years of relevant full-time experience after completion of a Bachelor's degree Principal Research Engineer Master's degree with Eleven (11) years of relevant full-time experience or Doctoral degree with Seven (7) years of relevant full-time experience after completion of a Bachelor's degree One (1) year of relevant full-time experience Experience in Data Science, Network Science, Algorithms, Machine Learning and AI. Preferred Qualifications Bachelor's Degree in Computer Science, Electrical Engineering, a STEM-related field, or equivalent practical experience. Minimum of 4 years of experience in product management. Experience working with open-source software and open-source communities. Experience collaborating with research stakeholders in academic or industry settings. Proven ability to create clear and compelling software specification documents. Experience working closely with software engineers to define feature scope and development estimates. Strong product thinking, with the ability to synthesize information quickly and take decisive action. Empathy for users and experience engaging with customers and stakeholders to understand their needs. Ability to prioritize effectively in environments with limited resources, ambiguity, or competing demands. Strong interpersonal skills and the ability to build positive, collaborative relationships. Clear and compelling communication skills, both verbal and written. Understanding of the software development lifecycle and its various phases. Awareness of opportunities and challenges associated with Generative AI technologies. Contact Information Requests for information may be directed to Dr. Dave Brownell: . USG Core Values The University System of Georgia is comprised of our 26 institutions of higher education and learning as well as the System Office. Our USG Statement of Core Values are Integrity, Excellence, Accountability, and Respect. These values serve as the foundation for all that we do as an organization, and each USG community member is responsible for demonstrating and upholding these standards. More details on the USG Statement of Core Values and Code of Conduct are available in USG Board Policy 8.2.18.1.2 and can be found on-line at . Additionally, USG supports Freedom of Expression as stated in Board Policy 6.5 Freedom of Expression and Academic Freedom found on-line at . Equal Employment Opportunity The Georgia Institute of Technology (Georgia Tech) is an Equal Employment Opportunity Employer. The Institute is committed to maintaining a fair and respectful environment for all. To that end, and in accordance with federal and state law, Board of Regents policy, and Institute policy, Georgia Tech provides equal opportunity to all faculty, staff, students, and all other members of the Georgia Tech community, including applicants for admission and/or employment, contractors, volunteers, and participants in institutional programs, activities, or services. Georgia Tech complies with all applicable laws and regulations governing equal opportunity in the workplace and in educational activities. Equal opportunity and decisions based on merit are fundamental values of the University System of Georgia ("USG") and Georgia Tech. Georgia Tech prohibits discrimination, including discriminatory harassment, on the basis of an individual's race, ethnicity, ancestry, color, religion, sex (including pregnancy), national origin, age, disability, genetics . click apply for full job details
01/14/2026
Full time
Job Title: Research Engineer (Open Rank) Location: Atlanta, Georgia Regular/Temporary: Regular Full/Part Time: Full-Time Job ID: 292707 About Us Overview Georgia Tech prides itself on its technological resources, collaborations, high-quality student body, and its commitment to building an outstanding and diverse community of learning, discovery, and creation. We strongly encourage applicants whose values align with our institutional values, as outlined in our Strategic Plan. These values include academic excellence, diversity of thought and experience, inquiry and innovation, collaboration and community, and ethical behavior and stewardship. Georgia Tech has policies to promote a healthy work-life balance and is aware that attracting faculty may require meeting the needs of two careers. About Georgia Tech Georgia Tech is a top-ranked public research university situated in the heart of Atlanta, a diverse and vibrant city with numerous economic and cultural strengths. The Institute serves more than 45,000 students through top-ranked undergraduate, graduate, and executive programs in engineering, computing, science, business, design, and liberal arts. Georgia Tech's faculty attracted more than $1.4 billion in research awards this past year in fields ranging from biomedical technology to artificial intelligence, energy, sustainability, semiconductors, neuroscience, and national security. Georgia Tech ranks among the nation's top 20 universities for research and development spending and No. 1 among institutions without a medical school. Georgia Tech's Mission and Values Georgia Tech's mission is to develop leaders who advance technology and improve the human condition. The Institute has nine key values that are foundational to everything we do: Students are our top priority. We strive for excellence. We thrive on diversity. We celebrate collaboration. We champion innovation. We safeguard freedom of inquiry and expression. We nurture the wellbeing of our community. We act ethically. We are responsible stewards. Over the next decade, Georgia Tech will become an example of inclusive innovation, a leading technological research university of unmatched scale, relentlessly committed to serving the public good; breaking new ground in addressing the biggest local, national, and global challenges and opportunities of our time; making technology broadly accessible; and developing exceptional, principled leaders from all backgrounds ready to produce novel ideas and create solutions with real human impact. About the College of Computing at the Georgia Institute of Technology The College of Computing has been a leader in defining modern computing as a paradigm that combines the foundations of theoretical mathematics and information science, the force of invention in computational systems and processes, and interdisciplinary practice that integrates innovation in computing with all facets of life. Today, the college comprises five schools that offer unique academic programs and conduct research specifically related to their concentration areas: Computer Science, Computing Instruction, Cybersecurity and Privacy, Interactive Computing, and Computational Science and Engineering. The Team The Center for Scientific Software Engineering (CSSE) is focused on the development and dissemination of software engineering best practices to accelerate both the quality and pace of scientific discovery at Georgia Tech and throughout the scientific community. Location Atlanta, GA Job Summary The School of Computational Science and Engineering (CSE) at GA Tech is seeking to hire a Research Engineer (Open Rank) to serve as a Product Manager. CSE is enhancing our impact on the Georgia Tech ecosystem through new programs that help students become better Research Software Engineers. With this increased capacity, we will amplify the impact of research conducted by Georgia Tech's scientific community. We are expanding our team of 6 professional software engineers (with varying degrees of industry experience) to include a Product Manager who is excited about working in a highly dynamic and research-oriented environment. This is a hybrid working position. Responsibilities Partner with Georgia Tech faculty to identify areas of scientific research likely to benefit from dedicated Research Software Engineering. Establish goals and requirements to create new functionality that maximize Research Software Engineering contributions. Pair students with Research Software Engineering mentors in the Center for Scientific Software Engineering. Partner with student Research Software Engineers to create development plans that deliver agreed-upon functionality. Monitor the progress of student Research Software Engineers as they embark on established development plans. Refine CSSE team processes to achieve our collective goals more efficiently. Required Qualifications This position vacancy is an open rank announcement. Final job offer will be dependent on candidate qualifications in alignment with Research Faculty Georgia Tech Faculty Handbook () Research Engineer I Bachelor's degree Research Engineer II Three (3) years of relevant full-time experience after completion of Master's or Five (5) years of relevant full-time experience after completion of Bachelor's or Doctoral Degree Senior Research Engineer Master's degree with seven (7) years of relevant full-time experience after completion of that degree, or Master's degree with nine (9) years of relevant full-time experience after completion of a Bachelor's degree, or Doctoral degree with four (4) years of relevant full-time experience after completion of a Bachelor's degree Principal Research Engineer Master's degree with Eleven (11) years of relevant full-time experience or Doctoral degree with Seven (7) years of relevant full-time experience after completion of a Bachelor's degree One (1) year of relevant full-time experience Experience in Data Science, Network Science, Algorithms, Machine Learning and AI. Preferred Qualifications Bachelor's Degree in Computer Science, Electrical Engineering, a STEM-related field, or equivalent practical experience. Minimum of 4 years of experience in product management. Experience working with open-source software and open-source communities. Experience collaborating with research stakeholders in academic or industry settings. Proven ability to create clear and compelling software specification documents. Experience working closely with software engineers to define feature scope and development estimates. Strong product thinking, with the ability to synthesize information quickly and take decisive action. Empathy for users and experience engaging with customers and stakeholders to understand their needs. Ability to prioritize effectively in environments with limited resources, ambiguity, or competing demands. Strong interpersonal skills and the ability to build positive, collaborative relationships. Clear and compelling communication skills, both verbal and written. Understanding of the software development lifecycle and its various phases. Awareness of opportunities and challenges associated with Generative AI technologies. Contact Information Requests for information may be directed to Dr. Dave Brownell: . USG Core Values The University System of Georgia is comprised of our 26 institutions of higher education and learning as well as the System Office. Our USG Statement of Core Values are Integrity, Excellence, Accountability, and Respect. These values serve as the foundation for all that we do as an organization, and each USG community member is responsible for demonstrating and upholding these standards. More details on the USG Statement of Core Values and Code of Conduct are available in USG Board Policy 8.2.18.1.2 and can be found on-line at . Additionally, USG supports Freedom of Expression as stated in Board Policy 6.5 Freedom of Expression and Academic Freedom found on-line at . Equal Employment Opportunity The Georgia Institute of Technology (Georgia Tech) is an Equal Employment Opportunity Employer. The Institute is committed to maintaining a fair and respectful environment for all. To that end, and in accordance with federal and state law, Board of Regents policy, and Institute policy, Georgia Tech provides equal opportunity to all faculty, staff, students, and all other members of the Georgia Tech community, including applicants for admission and/or employment, contractors, volunteers, and participants in institutional programs, activities, or services. Georgia Tech complies with all applicable laws and regulations governing equal opportunity in the workplace and in educational activities. Equal opportunity and decisions based on merit are fundamental values of the University System of Georgia ("USG") and Georgia Tech. Georgia Tech prohibits discrimination, including discriminatory harassment, on the basis of an individual's race, ethnicity, ancestry, color, religion, sex (including pregnancy), national origin, age, disability, genetics . click apply for full job details
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details
12/17/2025
Full time
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details
12/17/2025
Full time
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details
12/17/2025
Full time
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details
12/17/2025
Full time
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details
12/17/2025
Full time
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details
12/17/2025
Full time
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details
12/17/2025
Full time
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details
12/17/2025
Full time
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details
12/17/2025
Full time
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details
12/17/2025
Full time
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details
12/17/2025
Full time
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details
12/17/2025
Full time
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details
12/17/2025
Full time
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details
12/17/2025
Full time
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details
12/17/2025
Full time
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details
12/17/2025
Full time
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details
12/17/2025
Full time
Senior Manager, Technology Change Risk Oversight Capital One is one of the fastest growing organizations in the world today, powered by our passion for our customers. We are serious about technology, we dream big, and we execute: Capital One moved our entire enterprise to the public cloud over the course of five years. Just as we prioritize driving innovation through technology, we equally prioritize cybersecurity, reliability, and managing technology risk. Technology Risk Management (TRM) is a small organization that packs a big punch. The 100 professionals in TRM are trusted experts who oversee 14,000 developers at Capital One. We raise the bar for excellence in cybersecurity, reliability, and tech risk. We shape strategy and decisions, challenge activities to ensure they meet our standards, and perform independent tests of our security and technology risk. Our business leaders must make technology decisions constantly. TRM makes sure they have the tech risk information they need to make good decisions. Associates within TRM are highly-skilled information security, cybersecurity, site reliability engineering, technology, and risk management professionals. They have a wealth of experience and a demonstrated ability to add value with their advice and to deliver high-impact results. As the Senior Manager, Technology Change Risk Oversight you will play a key role in the review, risk identification, risk assessment, reporting, and effective challenge of technology processes, controls, and capabilities, including but not limited to material and high risk technology changes. You will provide subject matter expertise, oversight, and effective challenge of key Technology areas such as cloud services, enterprise architecture, cloud migrations, and overall technology deployments. As part of the second line of defense, this position will also collaborate closely with associates in first line Cyber, Technology, the Lines of Business, as well as other second line of defense risk management offices to perform and support evaluations of the effectiveness of the firm's controls infrastructure and offer independent advice and recommendations regarding ways to further mature the firm's cyber risk management capabilities. Finally, as a member of a growing organization, you will have the opportunity to shape and further refine your portfolio commensurate with the priorities of the organization and the company. The demands and high-visibility nature of this position requires an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately. Essential Functions (Responsibilities): Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy. Evaluate proposed and approved cloud technical solutions for automation, resiliency, performance, scalability, and security including appropriate tradeoffs, risks and opportunities Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically cloud native architecture, serverless, and emerging AWS services Demonstrate strong analytical, problem-solving, and decision-making skills Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers Define, structure and plan work independently Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance. Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies Basic Qualifications: Bachelor's Degree or military experience At least 6 years of experience managing, consulting, auditing, or working in the fields of information security or information technology At least 3 years experience with Public Cloud implementations Preferred Qualifications: Master's Degree in Computer Science or in an Engineering discipline Professional certification (AWS Certified Solutions Architect, AWS Certified Security Speciality, AWS SysOps Administrator, or Certified Information Systems Security Professional (CISSP Experience with Information Security at the policy, architecture or implementation level Ability to communicate clearly and to interact effectively at all levels of the organization, and to influence as warranted and appropriate to drive to consensus Experience with identifying and communicating key risks related to cloud native implementations and architectures Experience drafting reports or analytic assessments for senior management Experience with analysis of emerging threats and reports that describe the implications of threat(s) and opportunities to executives or senior decision-makers Passion and expertise in cybersecurity and technology risk, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions Ability to manage multiple high-visibility and high-impact projects while maintaining superior results Execution oriented and a self-motivator Experience with threat modeling frameworks (STRIDE, OWASP Top 10, MITRE ATT&CK) Familiarity with controls and control frameworks ( NIST Cybersecurity Framework, NIST 800-53, CIS Top 20, ISO, COBIT.) Ability to work independently and in a team, taking a lead role on projects when necessary Prior experience working in financial services or other highly-regulated sectors Experience working in a hybrid IT environment that includes both traditional on-premises data centers and public cloud infrastructure (e.g., AWS, Azure, Google Cloud) Experience with OpenStack At this time, Capital One will not sponsor a new applicant for employment authorization for this position. This role is Hybrid, with associates expected to consistently spend three days per week in the office. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical Riverwoods, IL: $204,900 - $233,800 for Sr Manager, Cyber Technical Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days.No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections ; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1- or via email at . click apply for full job details