Senior Associate, Technology SOX Controls Testing & Automation (ES Risk)
As a Senior Associate in Capital One’s Enterprise Services (ES) Core Risk, you will apply your risk management skills to the company’s Technology organization. You will partner across Enterprise Services, Divisional CIO, and Information Security teams to develop and support best-in-class industry risk solutions in a manner that supports innovation and protects our customers, shareholders and associates.
As a member of the 1st line controls testing team, you will collaborate with Capital One’s external auditor to test processes and control environments, report results, and evaluate Sarbanes Oxley (SOX) controls within the Technology organization. Your contributions will drive insight into risk and control performance, and organizational change through risk identification, measurement, analysis and reporting to enable better management of technology risks in an open and collaborative environment.
The Technology SOX and Automation Team, within Enterprise Services Core Risk Controls Governance and Testing (CGT), is seeking an experienced, highly motivated Technology Controls Risk Senior with a clear understanding of requirements, controls, and testing methodologies necessary for this role. The ideal candidate will have strong organizational and program management skills to ensure impediments, issues, and timelines are met.
In addition, the ability to clearly communicate results is imperative in this role. This will be an exciting role in a dynamic and fast-paced environment requiring the ability to multi-task and prioritize assignments appropriately. In this role, the associate will have the opportunity to learn new technologies, develop relationships with partners across technology divisions, and materially contribute to process enhancements to reduce risk.

Responsibilities:

• Project manage overall SOX schedule to meet defined timelines
• Communicate findings to stakeholders and external auditors
• Perform independent control testing activities and document results when needed
• Support dashboarding on control performance
• Establish and maintain relationships during testing engagements
• Provide guidance, expertise, and assist in the coordination of the Tech SOX program
• Provide subject matter expertise in on-going improvements to control design, process improvements and remediation of ineffective controls
• Help oversee and manage the Technology SOX testing and walkthrough
• Work closely with SOX partners in the development of controls to mitigate technology risks
• Coordinate remediation deficiency analysis for ineffective controls
• Ability to communicate effectively with people across multiple levels
• Ability to negotiate and influence results without direct authority
• Execute tasks assigned by manager to deliver on team objectives

Basic Qualifications:

• At least 2 years of experience in project or process management
• At least 2 years of experience in IT Risk Management
• At least 3 years of experience with Sarbanes-Oxley Controls

Preferred Qualifications:

• 2+ years of experience in testing technical controls in financial institutions
• 2+ years of experience in requirements evaluation
• 2+ years of experience in risk mitigation or corrective actions
• 2+ years of experience in testing internal controls
• 1+ years of experience with AWS, GCP, or Azure cloud technologies
• Security certifications such as CISA, CRISC, or CISSP
• Certifications such as AWS, GCP, or Azure

• Project manage overall SOX schedule to meet defined timelines
• Communicate findings to stakeholders and external auditors
• Perform independent control testing activities and document results when needed
• Support dashboarding on control performance
• Establish and maintain relationships during testing engagements
• Provide guidance, expertise, and assist in the coordination of the Tech SOX program
• Provide subject matter expertise in on-going improvements to control design, process improvements and remediation of ineffective controls
• Help oversee and manage the Technology SOX testing and walkthrough
• Work closely with SOX partners in the development of controls to mitigate technology risks
• Coordinate remediation deficiency analysis for ineffective controls
• Ability to communicate effectively with people across multiple levels
• Ability to negotiate and influence results without direct authority
• Execute tasks assigned by manager to deliver on team objective