Capital One

Financial Services

SeniorAssociate,TechnologyControlsTesting-EnterpriseServicesRisk

$101–115k McLean, Virginia, United States FULL TIME

Market Sentiment

HIGH DEMAND

Neural analysis suggests this role is
optimal for Senior candidates.

The Brief

“Senior Associate, Technology Controls Testing - Enterprise Services Risk at Capital One. Skills: Multi-Cloud Automated Control Testing, Process Enhancement & Automation, Data & API Integration, Cloud Risk Identification. Perform independent control testing activities and document results.. Design and execute automated "Tests of Effectiveness" (ToE) for controls across AWS, Azure, and GCP.”

What You'll Achieve.

Test and improve how we validate controls across the enterprise.; Develop best-in-class automated testing solutions.; Monitor and test processes and control environments.; Report results and evaluate compliance with multi-cloud security requirements.; Drive insight into risk and control performance.; Enable real-time management of technology risks.; Reduce manual audit overhead.

Industry & Context.

Financial Services

Problems you'll solve

Identify control gaps via code; Build process enhancements to reduce manual audit overhead

What They're Looking For.

Must Have

At least 2 years of experience in Risk Management, Process Management, or Project Management, At least 2 years of experience in technology, audit, or cyber security risk management frameworks, At least 1 year of experience working with scripting languages (e. g. , Python, SQL, or JavaScript/Apps Script), At least 1 year of experience evaluating or implementing controls testing or risk assessment activities

Nice to Have

Bachelor's Degree or Military Experience, Risk Certifications (CRISC, CISM, CRCM, CIPP, CISA, CISSP, ABA Risk Mgmt Certification), 3+ years of experience in Risk Management, Internal Audit, or Information Security, Hands-on experience with cloud risk, governance, and control validation across AWS, GCP, or Azure, Experience building automated workflows or custom tools within Google Workspace using Apps Script, Professional certifications such as CISA, CISSP, or Cloud-specific certifications (AWS Certified Solutions Architect, Azure Security Engineer, etc. ), Experience testing internal controls within a "Continuous Auditing" or "Continuous Monitoring" framework, Skilled at communicating technical risks to non-technical auditors and cross-functional partners at all organizational levels

What You'll Do.

Perform independent control testing activities and document results.

Design and execute automated "Tests of Effectiveness" (ToE) for controls across AWS

Use code to perform analysis and repeatable tasks.

Leverage Google Apps Script and other automation tools to streamline internal audit workflows

and reporting processes.

Leverage tools (e. g.

Python/SQL) to extract and analyze data from cloud APIs.

Visualize and create dashboards to support continuous control monitoring.

Maintain a broad understanding of major cloud service providers (AWS

Azure) and their respective vulnerabilities to identify and escalate critical risks.

Demonstrate sound program management by documenting and communicating action plans

and risks to stakeholders.

Research industry practices and regulatory make recommendations to change policies and control programs to mitigate evolving risks in the cloud.

Effectively self-challenge control programs and escalate risks where appropriate to ensure alignment with Information Security Standards.

How You'll Work.

Team & Collaboration

Partner across Cloud Engineering, Information Security, and Audit teams.; Collaborate with stakeholders to monitor and test processes and control environments.; Communicate technical risks to non-technical auditors and cross-functional partners at all organizational levels.

Communication Scope

Communicating technical risks to non-technical auditors and cross-functional partners at all organizational levels.

Process & Methodology

Sound program management, Documenting and communicating action plans, impediments, and risks to stakeholders.

Full Job Description

Senior Associate, Technology Controls Testing - Enterprise Services Risk The Enterprise Services Risk organization is expanding with a focus on attracting innovative, pioneering, collaborative, and highly skilled professionals. We operate at the forefront of risk management, providing support for novel and developing technologies, as well as critical business strategies. Diverse perspectives and experiences are valued as we work to redefine the financial sector. _**About the Team:**_ As a Senior Associate in the Control Governance Team, you will apply your technical and risk management skills to test and improve how we validate controls across the enterprise. You will partner across Cloud Engineering, Information Security, and Audit teams to develop best-in-class automated testing solutions that support innovation while protecting our environment. ** _About the Role:_** As a member of the automation-focused testing team, you will collaborate with stakeholders to monitor and test processes and control environments, report results, and evaluate compliance with multi-cloud security requirements. Your contributions will drive insight into risk and control performance through the development of "Audit-as-Code" and process enhancements that enable real-time management of technology risks. The team is seeking a highly motivated specialist with a strong interest in process maturity, cloud technologies (AWS, GCP, Azure), and workflow automation. The ideal candidate will be able to design/execute automated test plans, identify control gaps via code, and build process enhancements to reduce manual audit overhead. _**Responsibilities:**_ * **Multi-Cloud Automated Control Testing:** Perform independent control testing activities and document results. Design and execute automated "Tests of Effectiveness" (ToE) for controls across AWS, Azure, and GCP. * **Process Enhancement & Automation:****** Use code to perform analysis and repeatable tasks. Leverage Google Apps Script and othe

Free ATS check

Applying for this Senior Associate, Technology Controls Testing - Enterprise Services Risk role?

Most applicants get filtered before a human reads their resume. See if yours makes the cut.

Should you apply? AI reads your resume vs this job — match score, gaps to address, ATS keywords.

SKILL SIGNAL 33 detected · ranked by frequency

Automated Testing ×3

Control Testing ×3

Data Extraction ×3

Data Analysis ×3

API Integration ×3

Dashboard Creation ×3

Vulnerability Identification ×3

Program Management ×3

Scripting ×3

Multi-Cloud Automated Control Testing ×2

Process Enhancement & Automation ×2

Data & API Integration ×2

Cloud Risk Identification ×2

Google Apps Script ×2

AWS

GCP

Azure

Python

SQL

JavaScript

Risk Management

Process Management

Project Management

Technology Controls Testing

Cyber Security Risk Management

Cloud Risk

Cloud Governance

Control Validation

Continuous Auditing

Continuous Monitoring

Policy Recommendation

Information Security Standards

BEHAVIOURAL

InnovativePioneeringCollaborativeHighly SkilledMotivatedSelf-Challenge

Role Details

Seniority senior

Experience 2–10 yrs

Level Senior

Work Mode No

Type FULL TIME

Education High School Diploma, GED or Equivalent Certification

Salary Band 100k-150k

AI-Extracted Insights

Domain Areas

financial-sectorrisk-managementnovel-and-developing-technologiescloud-technologies-awsgcpazuremulti-cloud-security-requirementstechnology-risks

Certifications

CRISCCISMCRCMCIPPCISACISSP

How to Apply on Workday

Workday has a multi-step form — save your progress after every section.
"Apply With LinkedIn" can fail or lose data; manual entry is more reliable.
Watch for the "Submit for Review" final step — hitting "Save" alone does not submit.
Job requisition numbers are useful when following up with HR by email.

ANONYMOUS · UNFILTERED

What do employees actually say about Capital One?

Real rants from real employees. Read before you apply.

Read Company Rants →