About this Role

At Capital One, you will help consult on initiatives, programs, and projects to raise their game in Information Security and Risk Management. You are pragmatic and practical in your understanding of risk and security, but also willing to know when to pull in experts and escalate. You collaborate and innovate with other teams within Capital One to push the envelope. You are comfortable with technologies like Cloud services, Containers, Docker, Microservices, Serverless, APIs, DevOps, noOps, FaaS, NoSQL, Immutable infrastructure and micro-segmentation. Security is essential to what we do here, from protecting our customers to our associates.

Your Responsibilities

• Act as a central point of contact for your line of business to the rest of Capital One’s Information Security and Risk Management

• Coordinate and execute proactive Information Security consulting to the business and technology teams covering Infrastructure Security, Resiliency, Data Security, Network Architecture and Design, and User Access Management

• Serve as an expert in Capital One’s Information Security capabilities, solutions, policies, procedures and standards

• Influence customers to leverage security capabilities and solutions to Shift and integrate security to the left in the development processes

• Work with line of business leadership to anticipate their objectives and needs to better serve line of business with strong conceptual thinking and communication skills

• Able to work well under minimal supervision with team-oriented interpersonal skills and the ability to interface effectively with a broad range of people and roles, including upper management, IT leaders, and technology vendors

• Have a deep understanding of strategic business objectives and the ability to drive results toward those objectives

Basic Qualifications

• At least 6 years of experience providing guidance and oversight of Security concepts

• At least 6 years of experience performing security risk assessments and security architecture reviews

• At least 6 years of experience with Architecture, software design, networking, and Cloud infrastructure

• Proven experience managing industry standard security audit and certifications; ISO 27001, PCI DSS, SOC 1 or 2 TYPE I/II

• Proven experience managing Canadian Regulators (OPC, OSFI)

Preferred Qualifications

• Bachelor's degree in related technical fields or equivalent experience

• Proven experience in securing a public cloud environment (e.g. AWS, GCP, Azure)

• Experience building software utilizing public cloud (e.g. AWS, GCP, Azure)

• Experience utilizing Agile methodologies

• Experience with Software Application Security and Secure Architecture skills

• Experience with Penetration Testing and/or Vulnerability Management

• Professional certifications, such as AWS Certified Solutions Architect, Certified Information Systems Security Professional (CISSP) and Lead Security Auditor Certification or similar an asset

• Experience is Offensive and/or Defensive Security techniques

• Experience in a regulated environment

Working at Capital One.

Enjoy a hybrid work environment, with 3 days in the office. Build a comfortable workspace with our one-time, Work From Home allowance and enjoy our head office located conveniently across the street from Union Station.

Live well1 physically, financially and emotionally. Receive support for you and those who are most important to you, with full coverage for spouses, domestic partners, and dependents. With up to $3000 in mental health coverage and up to $5000 in tuition subsidies per year1and much moreyoull discover that Capital One is committed to helping you live your best life.

This posting is for an existing vacancy.

The expected annual salary range for this position is $157,400 - $179,600. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es). Incentives could be discretionary or non discretionary depending on the plan.

Weembrace the responsible use of artificial intelligence (AI) to enhance the candidate experience and streamline our recruitment processes. However, no hiring decisions are made using AI as every hiring decision is made by our hiring managers, business interviewers, and recruitment professionals. Our teams are equipped with training that empowers them to use AI responsibly.

We may use your information for automated decision making. We may, for certain purposes, render a decision based exclusively on automated processing of your personal information as a part of the candidate screening process.