Cyber security is an integral part of our culture, and as an industry leader within financial services, it is vital that we all play our part in keeping customers’ data secure. We see security as an enabler and differentiator to enable business innovation and growth, rather than a step in a compliance process.
This role sits in our UK ISO (Information Security Office) team, and will work to embed a positive security culture and to ensure that security risks are properly understood and managed. Working both internally across UK Cyber, and with the wider business, this position will play a key role in solving business problems within cyber guard rails and building pragmatic security controls into our day to day operational processes.
You will also work with technical subject matter experts within our Advisory ISO team to ensure that we communicate technical information in accessible terms for business audiences, including senior management. This is a key part of our drive to communicate a consistent data-driven, risk-based set of priorities and updates.
What you will do:
Engage with business functions, projects and activities to ensure that key business processes deliver security balanced with ease of use - making the secure way the easy way to operate.
Provide a forward-looking view to Cyber of business activities which affect current understanding of cyber risk, and update business functions on relevant Cyber projects.
Provide cyber consultancy to business stakeholders and UK Cyber teams.
Support work to increase awareness of cyber risk across key business stakeholders.
Review existing processes to identify cyber risks, and propose any required mitigating work.
Assess compliance with Cyber policies and standards.
Work with Advisory ISO colleagues to ensure that we present consistent, compelling narratives on risks associated with cyber vulnerabilities.
What we are looking for
Practical experience of working in or leading components of a structured security programme, working with business teams to identify and manage cyber risk.
Demonstrable experience in cyber risk analysis, assessment and mitigation.
Experience in a financial or highly regulated environment.
A detailed understanding of ISO 27001, ITIL, COBIT, PCI DSS and NIST Cyber Security Frameworks.
Working knowledge of GDPR.
Relevant security certifications such as CISSP, CISM, CISA, CRISC, ISEB Certificate in Information Security Management Principles.
Effective written and verbal communication skills.
Capital One is committed to diversity in the workplace.If you require a reasonable adjustment, please contact ukrecruitment@capitalone.com All information will be kept confidential and will only be used for the purpose of applying a reasonable adjustment.
For technical support or questions about Capital One's recruiting process, please send an email to Careers@capitalone.com
Capital One does not provide, endorse nor guarantee and is not liable for third-party products, services, educational tools or other information available through this site.
Capital One Financial is made up of several different entities. Please note that any position posted in Canada is for Capital One Canada, any position posted in the United Kingdom is for Capital One Europe and any position posted in the Philippines is for Capital One Philippines Service Corp. (COPSSC).