Sourcing and Contracting Manager, Information Assurance Third Party Management

Industry: Accounting, Finance & Insurance


5 - 7 years

Posted 49 days ago

Guided by ourshared values, we thrive in an environment where collaboration and openness are valued. We believe that innovation is powered by perspective and that teamwork and respect for each other lead to superior results. We elevate each other and obsess about doing the right thing. Ourassociates serve with humility and a deep respect for their responsibility in helping our customers achieve their goals and realize their dreams. Together, we are on a quest to changebankingfor good.Sourcing and Contracting Manager, Information Assurance Third Party Management

The Information Assurance Third Party Management (IA TPM) program defines the framework and owns the contractual language which enables the business to protect Capital One sensitive information and allows the third parties to provide continual services. The associate in this role will partner with the IA TPM team, Third Party Management (TPM) community, and other stakeholders to ensure third party contracts contain the necessary obligations to adequately protect Capital One data.

Responsibilities may include:

  • Consult with Enterprise Supplier Managers to trigger applicable IA TPM intent based language based on the risk factors of the engagement
  • Support direct conversations with Third Parties to understand control environments, clarify intent of Capital One requirements, and recommend revisions in alignment with risk tolerance
  • Evaluate and document summary of risk exposures created by contemplated contract deviations
  • Establish appropriate risk ratings for deviation summary based on compensating controls and residual risk
  • Ability to effectively drive alignment to requirements and effectively escalate to facilitate resolution
  • Ensure compliance to program process and procedures
  • Provide direct feedback to the Supplier Manager population
  • Maintain a thorough understanding of the programs controls, intent, and contractlanguage
  • Partner across the IA TPM community to drive appropriate security controls

The associate should be able to:

  • Demonstrate strong ability to analyze information and data
  • Ability to quickly analyze information security controls to ensure the delivery of intent based contractual language
  • Ability to translate security, business continuity, and operational controls into business risk
  • Ability to develop and communicate quality recommendations to negotiation teams
  • Ability to work with diverse contacts throughout the world to achieve results
  • Demonstrate strong negotiation skills
  • Ability to communicate technical issues to non-technical people
  • Demonstrate collaborative partnership skills for working with various points of contacts
  • Ability to adapt control intent to a wide variety of third party environments
  • Demonstrate strong problem-solving and conceptual thinking abilities
  • Demonstrate capacity to think broadly, but go deep into subject matter when needed

Basic Qualifications:

  • At least 6 years of experience in Information Security, or Business Continuity Management, or Vendor Management, or Risk Management
  • At least 2 years of experience communicating and presenting to senior level management
  • At least 2 years of experience in Third Party Management

Preferred Qualifications:

  • Bachelor’s Degree or military experience
  • CISSP, or CISA, or CRISC certification
  • 2+ years of experience with Risk Assessment Experience, or PCI DSS, or CoBIT Framework, or Physical Security, or IT Operations Management
  • 2+ years of experience at a Financial Institution