Job Description
About the position Capital One's Audit function is a dedicated group of professionals focused on delivering top-quality assurance services to the organization's Audit Committee. Audit professionals are experienced, well-trained and credentialed, and operate within a collaborative, agile environment to deliver value-added opinions and recommendations. Audit's vision to provide high value, independent, proactive insights, to innovate with technology, and to be a top-notch talent destination, creates a dynamic and challenging atmosphere for both personal growth and professional opportunity. Capital One is seeking an energetic, self-motivated Sr. Technology Manager with experience in technology, including resiliency and recovery, cyber and information security analysis interested in becoming part of our Audit team. As a member of the Audit team, the candidate will focus on audits of critical technology functions including cloud-based technology implementations as well as data center operations, application, mainframe or cloud technology controls, and cybersecurity risks. Responsibilities β’ Proactively monitor the technology control environment for changing risks and necessary updates. β’ Lead continuous monitoring activities and updates to risk assessments, audit universe, and audit plan. β’ Oversee multiple, concurrent Cybersecurity, IT Operations including key third party hosted services, and Cloud audits across assigned portfolios. β’ Develop engagement planning documentation and audit programs to ensure adequate coverage of risk and sufficient rationale for audit scope. β’ Supervise and coordinate work assignments amongst audit team members. β’ Provide timely feedback, on-the-job training, and coaching to audit staff and direct reports. β’ Establish and maintain good relationships with key business and audit partners, particularly in third party risk and business continuity risk management. β’ Leverage specialized knowledge and skills, providing management with insight into areas of technology, business continuity and third party risk. β’ Effectively represent internal audit at management meetings, internal forums, and to external organizations. β’ Assess relevance of audit findings, potential exposures, materiality, improving or deteriorating trends, and demonstrate awareness of broader issues. β’ Interpret business priorities, anticipate issues and obstacles, and apply to scope of role. β’ Deliver appropriate, succinct and organized information, tailoring communication style to audience. β’ Effectively review and compile relevant, material findings and recommendations into readable and concise audit reports. β’ Communicate complex results and implications, incorporating different perspectives into deliverables. β’ Manage timely and high quality delivery of multiple tasks, including audits, projects, special assignments, and administrative activities. β’ Self-prioritize and independently complete multiple tasks across the team and department. β’ Demonstrate the ability to successfully meet deadlines and identify/escalate impediments in a timely manner. Requirements β’ Bachelor's Degree or military experience β’ At least 7 years of experience in information technology (resiliency and change management operations, software delivery, access management, information security, cloud computing) β’ At least 4 years of experience in managing audit engagements, project management or a combination β’ At least 4 years of experience leading a team to deliver initiatives, collection of work or a combination β’ At least 4 years of experience in analyzing data extracts to identify trends, patterns, and anomalies, including experience in test scripting, coding (writing, reviewing, or assessing) or a combination β’ At least 4 years of experience in information security (application security, network security, cyber security, data protection) β’ At least 4 years of experience in third party hosted technology controls (business continuity & disaster recovery, physical and environmental controls) β’ At least 2 years of experience in cloud computing and controls (design, operation, risk management, or auditing) β’ At least 2 years of experience in third party risk management and business continuity risk management. β’ At least 2 years experience of people management Nice-to-haves β’ 8+ years of experience in information systems auditing, in information systems risk management, in technology operations, or a combination β’ Certifications related to or pursuing certification related to Cloud, Cyber or Technology Operations, such as Cloud provider certifications, Certified Information Systems Security Professional (CISSP), or Certified Information Security Manager (CISM) β’ Certifications related to or pursuing certification related to Auditing, such as Certified Internal Auditor (CIA), or Certified Information Systems Auditor (CISA) β’ 7+ years of experience with IT control frameworks β’ 4+ years of experience auditing cyber or information security β’ 4+ years of experience auditing key third party service providers hosting critical enterprise applications β’ 4+ years experience in auditing or working in third party risk management and / or business continuity processes. β’ 4+ years experience in cloud computing (notably AWS, GCP, Azure) and controls, or 1+ years of conducting audits of controls in cloud-based environments β’ 4+ years of experience in risk and data management β’ 4+ years of experience performing data analysis in support of internal auditing β’ 2+ years of experience auditing emerging technologies Benefits β’ Comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. β’ Performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Apply tot his job