999 jobs - 0 added today
Recruiting? Call us on 01772 639042
Email me jobs relevant to my job search
25 days ago
only 3 days until close

Product Security Governance and Remediation Manager


Capital One
Location: London
Job type: Permanent
Category: Management Jobs
Apply on company site
Select how you want to share:
View similar
ApplySave job

Job ID R98237Location:

London

White Collar Factory (95009), United Kingdom, London, London

At Capital One, we’re building a leading information-based technology company. Still founder-led by Chairman and Chief Executive Officer Richard Fairbank, Capital One is on a mission to help our customers succeed by bringing ingenuity, simplicity, and humanity to banking. We measure our efforts by the success our customers enjoy and the advocacy they exhibit. We are succeeding because they are succeeding.

Guided by our shared values, we thrive in an environment where collaboration and openness are valued. We believe that innovation is powered by perspective and that teamwork and respect for each other lead to superior results. We elevate each other and obsess about doing the right thing. Our associates serve with humility and a deep respect for their responsibility in helping our customers achieve their goals and realize their dreams. Together, we are on a quest to change banking for good.

Product Security Governance and Remediation Manager

Capital One is committed to diversity in the workplace.

The role is responsible for owning the vulnerability management strategy and process in the UK. They will partner with other remediation managers and penetration testers in the UK, the wider global Cyber team, as well as other technical teams to champion the vulnerability remediation lifecycle in the UK. They will act as the business owner’s subject matter experts on vulnerability impact and risk, providing guidance on root cause, and managing the full lifecycle of reported vulnerabilities through to closure.

Responsibilities:

Assessment and oversight of the remediation of vulnerabilities

*

Assess vulnerabilities reported from multiple teams/processes. Assess current tooling and their effectiveness.

*

Provide a single pane of glass to the business around vulnerabilities coming from different sources such as infrastructure, source code, 3rd party libraries and dynamic security vulnerabilities.

*

Advise technical and non-technical audiences on appropriate prioritization of remediation activities.

Vulnerability management reporting, education and awareness

*

Report and track remediation activities affecting on-premise, cloud hosted, containers, and applications.

*

Support compliance and due diligence led activities and audits, including regulatory updates.

*

Collaborate with teams and stakeholders to create both tactical and strategic plans as it relates to vulnerability management.

*

Champion security best practice within technology and be regarded as the ‘go-to’ individual for security vulnerability management.

*

Provide security and remediation advice to cross-business stakeholders at a technical level.

*

Proactive identification and communication of external themes and threats.

*

Help drive security maturity in vulnerability management and security in general across the business, through positive engagement and teaching.

Vulnerability management UK process ownership and coverage

*

Develop a strategy for the Product Security Assurance function.

*

Maintain and further improve the scanning scope and capability of the vulnerability scanning service, through automation and tooling.

*

Provide vulnerability assessment scan guidance and training.

Experience:

*

Familiarity with Infrastructure and web application scanning tools (e.g. Qualys, Nessus, checkmarx, veracode) and relevant remediation management/risk tools.

*

Past experience in executive, regulatory and audit reporting related to cyber risk management.

*

Sound understanding of network/infrastructure and web/mobile application weakness and anti-patterns (CWE, OWASP)

*

A good understanding of information security principles and best-practices

*

Experience working in a cyber security related function.

About You:

*

A passion to make a difference and positively challenge the status quo through continuous improvement

*

Providing a thoughtful approach to risk management and controls simplification with measurable data driven outcomes ensuring all appropriate exception, issue or risk processes were strictly adhered to if non-compliances were discovered.

Any of these would also be great:

*

Familiarity with open-source tooling

*

Knowledge of SQL language

*

Knowledge of Python or other scripting languages

*

Experience of cloud (e.g. AWS, Azure)

*

Experience with Kenna, Qualys or similar

*

Hands-on system infrastructure operations, security operations or a security engineering background

Capital One is committed to diversity in the workplace.

If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting via our website. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations.



Capital One does not provide, endorse nor guarantee and is not liable for third-party products, services, educational tools or other information available through this site.

Capital One Financial is made up of several different entities. Please note that any position posted in Canada is for Capital One Canada, any position posted in the United Kingdom is for Capital One Europe and any position posted in the Philippines is for Capital One Philippines Service Corp. (COPSSC).

Expand for full job description

ApplySave job
ApplySave job

Job ID R98237Location:

London

White Collar Factory (95009), United Kingdom, London, London

At Capital One, we’re building a leading information-based technology company. Still founder-led by Chairman and Chief Executive Officer Richard Fairbank, Capital One is on a mission to help our customers succeed by bringing ingenuity, simplicity, and humanity to banking. We measure our efforts by the success our customers enjoy and the advocacy they exhibit. We are succeeding because they are succeeding.

Guided by our shared values, we thrive in an environment where collaboration and openness are valued. We believe that innovation is powered by perspective and that teamwork and respect for each other lead to superior results. We elevate each other and obsess about doing the right thing. Our associates serve with humility and a deep respect for their responsibility in helping our customers achieve their goals and realize their dreams. Together, we are on a quest to change banking for good.

Product Security Governance and Remediation Manager

Capital One is committed to diversity in the workplace.

The role is responsible for owning the vulnerability management strategy and process in the UK. They will partner with other remediation managers and penetration testers in the UK, the wider global Cyber team, as well as other technical teams to champion the vulnerability remediation lifecycle in the UK. They will act as the business owner’s subject matter experts on vulnerability impact and risk, providing guidance on root cause, and managing the full lifecycle of reported vulnerabilities through to closure.

Responsibilities:

Assessment and oversight of the remediation of vulnerabilities

*

Assess vulnerabilities reported from multiple teams/processes. Assess current tooling and their effectiveness.

*

Provide a single pane of glass to the business around vulnerabilities coming from different sources such as infrastructure, source code, 3rd party libraries and dynamic security vulnerabilities.

*

Advise technical and non-technical audiences on appropriate prioritization of remediation activities.

Vulnerability management reporting, education and awareness

*

Report and track remediation activities affecting on-premise, cloud hosted, containers, and applications.

*

Support compliance and due diligence led activities and audits, including regulatory updates.

*

Collaborate with teams and stakeholders to create both tactical and strategic plans as it relates to vulnerability management.

*

Champion security best practice within technology and be regarded as the ‘go-to’ individual for security vulnerability management.

*

Provide security and remediation advice to cross-business stakeholders at a technical level.

*

Proactive identification and communication of external themes and threats.

*

Help drive security maturity in vulnerability management and security in general across the business, through positive engagement and teaching.

Vulnerability management UK process ownership and coverage

*

Develop a strategy for the Product Security Assurance function.

*

Maintain and further improve the scanning scope and capability of the vulnerability scanning service, through automation and tooling.

*

Provide vulnerability assessment scan guidance and training.

Experience:

*

Familiarity with Infrastructure and web application scanning tools (e.g. Qualys, Nessus, checkmarx, veracode) and relevant remediation management/risk tools.

*

Past experience in executive, regulatory and audit reporting related to cyber risk management.

*

Sound understanding of network/infrastructure and web/mobile application weakness and anti-patterns (CWE, OWASP)

*

A good understanding of information security principles and best-practices

*

Experience working in a cyber security related function.

About You:

*

A passion to make a difference and positively challenge the status quo through continuous improvement

*

Providing a thoughtful approach to risk management and controls simplification with measurable data driven outcomes ensuring all appropriate exception, issue or risk processes were strictly adhered to if non-compliances were discovered.

Any of these would also be great:

*

Familiarity with open-source tooling

*

Knowledge of SQL language

*

Knowledge of Python or other scripting languages

*

Experience of cloud (e.g. AWS, Azure)

*

Experience with Kenna, Qualys or similar

*

Hands-on system infrastructure operations, security operations or a security engineering background

Capital One is committed to diversity in the workplace.

If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting via our website. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations.



Capital One does not provide, endorse nor guarantee and is not liable for third-party products, services, educational tools or other information available through this site.

Capital One Financial is made up of several different entities. Please note that any position posted in Canada is for Capital One Canada, any position posted in the United Kingdom is for Capital One Europe and any position posted in the Philippines is for Capital One Philippines Service Corp. (COPSSC).

Expand for full job description

ApplySave job
Apply on company site

Email me jobs relevant to my job search

  Back to the top