WashingtonRecruiter Since 2001
the smart solution for Washington DC jobs

Manager, Software Development Security Risk Oversight - Cyber Risk Management

Company: Capital One
Location: Lanham
Posted on: May 23, 2020

Job Description:

McLean 1 (19050), United States of America, McLean, VirginiaAt Capital One, we're building a leading information-based technology company. Still founder-led by Chairman and Chief Executive Officer Richard Fairbank, Capital One is on a mission to help our customers succeed by bringing ingenuity, simplicity, and humanity to banking. We measure our efforts by the success our customers enjoy and the advocacy they exhibit. We are succeeding because they are succeeding.----------------------------------------------------------------------------------------------Guided by our shared values, we thrive in an environment where collaboration and openness are valued. We believe that innovation is powered by perspective and that teamwork and respect for each other lead to superior results. We elevate each other and obsess about doing the right thing. Our associates serve with humility and a deep respect for their responsibility in helping our customers achieve their goals and realize their dreams. Together, we are on a quest to change banking for good.Manager, Software Development Security Risk Oversight - Cyber Risk ManagementCyber Risk Management is a growing organization focused on providing expert advice, credible challenge, and effective oversight of information security and technology activities to identify, assess, control, and manage cyber and technology risk throughout the company. This organization plays a critical role in helping to ensure that the company's risk-taking entities are aware of the risks inherent in their activities and decisions, the impact of their actions on the company at an enterprise level, and opportunities to reduce, mitigate, or avoid risks altogether. Associates within the Cyber Risk Management organization are highly-skilled information security, cyber, technology, or risk management professionals who have a wealth of experience and a demonstrated ability to provide value-added recommendations and deliver high-impact results in their areas of expertise.This position - Manager, Software Development Security Risk Oversight -will play a key role in assessing, challenging and advising on the secure software development lifecycle (SDLC), open-source software security (OSS), continuous integration/continuous deployment (CI/CD) pipelines, and agile delivery.As part of the second line of defense, you will collaborate closely with associates in Cyber, Technology, the Lines of Business, and other risk management offices. You will help develop and further build our 2nd line oversight and credible challenge program for the SDLC. You will perform and support evaluations of the Capital One's delivery pipeline, SDLC governance, controls and practices and offer independent advice and recommendations regarding ways to further mature the firm's cyber and technology risk management capabilities. In addition, you will contribute to the identification and analysis of new or emerging cybersecurity and technology risks to the enterprise, and aid in integrating cloud engineering practices with other risk management programs across the enterprise.--------Essential Functions (Responsibilities):- Provide technical leadership in assessing the practices of designing, developing, testing and implementing cloud native solutions to crucial business problems through thoughtful use of industry best practices and Capital One policy.- Perform risk analysis of open source software and CI/CD policies, procedures, and controls.- Evaluate/assess complex technological and business environment migrations to the cloud and integrated end-to-end solution options- Build and maintain relationships with technical leaders, business owners, engineers and other stakeholders to understand and evaluate implementation plans, business priorities and technical solutions to ensure risk are well communicated and understood by the key stakeholders- Keep up-to-date on cutting edge technology, standards, protocols and tools in areas relevant to the rapidly changing environment at Capital One, specifically containerization, serverless, and emerging AWS services- Demonstrate strong analytical, problem-solving, and decision-making skills--- Communicate and drive highly complex technology solutions to broad audiences including executives, business leaders, product managers, legal experts, security specialists and software engineers- Define, structure and plan work independently- Perform independent risk assessment of our cloud environment focusing on architecture, engineering, networking, governance.- Provide expertise and advice regarding the effectiveness of device configurations, IT architecture, or IT engineering solutions- Consult with risk owners on the design and implementation or adjustment of mitigating controls associated with emerging technologies- Draft and publish independent reports for risk owners, senior management, and other stakeholders regarding risks associated with new or emerging technologies- Professional security management certification; e.g. Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified in Risk and Information Systems Control (CRISC)Basic Qualifications:- Bachelor's Degree or military experience- At least 3 years of experience with agile software development, APIs, micro-services, and modern technology design patterns- At least 3 years experience with open source software security and vulnerability management- At least 2 years experience with Public Cloud implementations (AWS,-- Google, Azure)- At least 1 year experience in CI/CD pipelines with containerized workloads including EKS, ECS, Kubernetes, container-as-a-service, immutable infrastructure, and enabling blue-green deployments- At least 1 year experience with Application Security testing (DAST, SAST, IAST)Preferred Qualifications:- Master's Degree in Computer Science or in an Engineering discipline- AWS Certified Professional Architect or other equivalent AWS certification- CCSP, CCSK, or equivalent certification- Experience implementing resilient cloud applications and platform services on public cloud (AWS, GCP, Azure)- Experience with micro-services architecture, cloud native architecture and 12 factor application architecture principles and implementation- Experience in, Data Analytics; Data Science platforms, Integration Services (RESTful API, data streams, files), Real-time monitoring and intelligence, or DevOps/CI/CD- Experience with Information Security at the policy, architecture or implementation level- Experience with identifying and communicating key risks related to cloud native implementations and architectures- Experience applying control frameworks such as CSA-CSM, CIS, and FedRAMPAt this time, Capital One will not sponsor a new applicant for employment authorization for this position.

Keywords: Capital One, Washington DC , Manager, Software Development Security Risk Oversight - Cyber Risk Management, IT / Software / Systems , Lanham, DC

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category

Other IT / Software / Systems Jobs

Information Systems Security Engineer (ISSE)
Description: Description:.The coolest jobs on this planet... or any other... are with Lockheed Martin Space.Lockheed Martin is a pioneer, partner, innovator and builder. Our amazing men and women are on a mission (more...)
Company: Lockheed Martin
Location: Washington
Posted on: 05/31/2020

Software Engineer
Description: Introduction:Are you passionate about providing real impact to the country's toughest national security problems Are you searching for engaging work with an employer that prioritizes continual innovation (more...)
Company: Johns Hopkins Applied Physics Laboratory (APL)
Location: Laurel
Posted on: 05/31/2020

Senior Level Unix/Linux Systems Engineer - HPC
Description: Description:The coolest jobs on this planet... or any other... are with Lockheed Martin Space.At the dawn of a new space age, Lockheed Martin is a pioneer, partner, innovator and builder. Our amazing (more...)
Company: Lockheed Martin
Location: Wilmington
Posted on: 05/31/2020

IT Operation Manager, Senior
Description: Type of Requisition:RegularClearance Level Must Currently Possess:NoneClearance Level Must Be Able to Obtain:NoneSuitability:Agency SpecificPublic Trust/Other Required:OtherJob Family:Project/Task ManagementJob (more...)
Company: General Dynamics Information Technology
Location: Washington
Posted on: 05/31/2020

Application/Analytics Developer
Description: Description:At the dawn of a new space age, Lockheed Martin is a pioneer, partner, innovator and builder. Our amazing men and women are on a mission to make a difference in the world and every single (more...)
Company: Lockheed Martin
Location: Washington
Posted on: 05/31/2020

Senior Space Technical Analyst
Description: Requisition ID: 50941 br br All Locations: Reston, VA Virginia br br A trusted partner. A national resource. A leader in national security space. We are THE Aerospace Corporation. A team that (more...)
Company: The Aerospace Corporation
Location: Chantilly
Posted on: 05/31/2020

Mid-Career HPC Software Engineer
Description: Description:Lockheed Martin provides High Performance Computing HPC services throughout the HPC lifecycle for computational requirements, architecture, acquisition, and operations to federal government (more...)
Company: Lockheed Martin
Location: Olney
Posted on: 05/31/2020

Senior HIV/AIDS Technical Specialist
Description: Solicitation for U.S. Personal Service Contractor - Senior HIV/AIDS Technical SpecialistDear Prospective Offerors: The United States Government, represented by the U.S. Agency for International Development (more...)
Company: United States Agency for International Development
Location: Washington
Posted on: 05/31/2020

Associate SAS Programmer
Description: The Emmes Company, LLC is searching for an Associate SAS Programmer located in our Rockville, Maryland or Frederick, Maryland office. Emmes provides flexibility for office location preference, dependent (more...)
Company: The Emmes Company, LLC
Location: Rockville
Posted on: 05/31/2020

Open-Rank Tenure-Line Faculty, Information Systems
Description: Open-Rank Tenure-Line Faculty, Information SystemsThe Information Systems and Operations Management ISOM area of the School of Business at George Mason University invites applications for multiple open-rank (more...)
Company: George Mason University
Location: Fairfax
Posted on: 05/31/2020

Log In or Create An Account