Senior Associate, Technology Controls Testing – Enterprise Services Risk
McLean, Illinois, United States of America
Full Time
2 weeks ago
$101,100 - $138,400 USD
Visa Sponsor
Key skills
AWSAzureCloudCyber SecurityGoogle Cloud PlatformJavaScriptPythonSQLGCPGoogle CloudProject ManagementRisk Management
About this role
Role Overview
- Perform independent control testing activities and document results.
- Design and execute automated "Tests of Effectiveness" (ToE) for controls across AWS, Azure, and GCP.
- Use code to perform analysis and repeatable tasks.
- Leverage Google Apps Script and other automation tools to streamline internal audit workflows, documentation, and reporting processes.
- Leverage tools (e.g., Python/SQL) to extract and analyze data from cloud APIs.
- Visualize and create dashboards to support continuous control monitoring.
- Maintain a broad understanding of major cloud service providers (AWS, GCP, Azure) and their respective vulnerabilities to identify and escalate critical risks.
- Demonstrate sound program management by documenting and communicating action plans, impediments, and risks to stakeholders.
- Research industry practices and regulatory changes; make recommendations to change policies and control programs to mitigate evolving risks in the cloud.
- Effectively self-challenge control programs and escalate risks where appropriate to ensure alignment with Information Security Standards.
Requirements
- High School Diploma, GED or Equivalent Certification
- At least 2 years of experience in Risk Management, Process Management, or Project Management
- At least 2 years of experience in technology, audit, or cyber security risk management frameworks
- At least 1 year of experience working with scripting languages (e.g., Python, SQL, or JavaScript/Apps Script)
- At least 1 year of experience evaluating or implementing controls testing or risk assessment activities
- Bachelor's Degree or Military Experience (Preferred)
- Risk Certifications (CRISC, CISM, CRCM, CIPP, CISA, CISSP, ABA Risk Mgmt Certification) (Preferred)
- 3+ years of experience in Risk Management, Internal Audit, or Information Security (Preferred)
- Hands-on experience with cloud risk, governance, and control validation across AWS, GCP, or Azure (Preferred)
- Experience building automated workflows or custom tools within Google Workspace using Apps Script (Preferred)
- Professional certifications such as CISA, CISSP, or Cloud-specific certifications (Preferred)
- Experience testing internal controls within a "Continuous Auditing" or "Continuous Monitoring" framework (Preferred)
- Skilled at communicating technical risks to non-technical auditors and cross-functional partners at all organizational levels (Preferred).
Tech Stack
- AWS
- Azure
- Cloud
- Cyber Security
- Google Cloud Platform
- JavaScript
- Python
- SQL
Benefits
- Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being.