• Support the CI Risk Control team’s efforts to modernize stakeholder reporting and enhance analytics capabilities • Provide hands-on experience in data management, dashboard development, and business-focused reporting • Apply and sharpen analytical, problem-solving, and communication skills • Leverage data and visualization tools to transform data into meaningful insights for stakeholders

Company Description It all started in sunny San Diego, California in 2004 when a visionary engineer, Fred Luddy, saw the potential to transform how we work. Fast forward to today — ServiceNow stands as a global market leader, bringing innovative AI-enhanced technology to over 8,100 customers, including 85% of the Fortune 500®. Our intelligent cloud-based platform seamlessly connects people, systems, and processes to empower organizations to find smarter, faster, and better ways to work. But this is just the beginning of our journey. Join us as we pursue our purpose to make the world work better for everyone. Job Description As the Risk Manager on the Digital Technology GRC team, you will play a central role in advancing our federal compliance posture and GRC program maturity. You will guide initiatives related to CMMC (Cybersecurity Maturity Model Certification) Level 2 readiness, NIST framework implementation, and enterprise-wide risk assessment across infrastructure, endpoints, identity, cloud, and data protection domains. You will partner closely with Security Architecture, IT Operations, SecOps, Internal Audit, Legal & Compliance, and Executives to assess risk, implement controls, and ensure our organization meets the rigorous standards required for federal contracting. You will drive compliance and risk management across key areas such as: - CMMC 2.0 Level 2 Assessment Readiness & Certification - NIST SP 800-171 / NIST CSF Control Mapping & Implementation - Enterprise Risk Assessment & Remediation Planning - System Security Plans (SSP) & Plan of Action & Milestones (POA&M) - GRC Process Maturity & Automation - Federal Compliance Documentation & Evidence Management - This is a high-impact, high-visibility role designed for someone who combines deep knowledge of federal cybersecurity frameworks with the ability to translate technical compliance requirements into actionable plans and executive-ready communications. Risk Assessment & Management - Conduct comprehensive risk assessments across infrastructure, endpoints, identity management, data protection, and cloud environments. - Identify, document, and track security gaps and remediation activities in the enterprise risk register. - Perform control effectiveness testing and support continuous monitoring initiatives to ensure ongoing compliance posture. - Cross-Functional Collaboration & Communication - Partner with Security Architecture, IT Operations, SecOps, Internal Audit, and Legal & Compliance to align security controls and risk mitigation strategies. - Translate complex technical findings and compliance status into executive-ready reports, dashboards, and briefings for senior principals. - Act as a subject matter expert for CMMC and NIST compliance across the organization, providing guidance and training to stakeholders. GRC Program & Process Maturity - Support the development and maturation of GRC processes, including policy management, control mapping, audit support, and evidence management workflows. - Evaluate and recommend GRC tooling and automation opportunities to increase efficiency and accuracy of compliance operations. - Contribute to enterprise-wide assessment campaigns and support regulatory change management activities. What You Get to Do in This Role ServiceNow Platform & GRC Tooling - Leverage ServiceNow IRM (Integrated Risk Management) modules — including Risk Management, Policy & Compliance Management, Audit Management, and Vendor Risk Management — to manage and operationalize compliance workflows. - Utilize ServiceNow SecOps (Security Incident Response, Vulnerability Response), CMDB/APM, ITSM, and IT Asset Management to support integrated security and compliance operations. - Build and maintain GRC dashboards, reports, and Performance Data views to provide executive visibility into risk posture, control coverage, and compliance status. - Drive workflow automation within the ServiceNow platform to streamline evidence collection, control testing, risk scoring, and remediation tracking. Risk Assessment & Management - Conduct comprehensive risk assessments across infrastructure, endpoints, identity management, data protection, and cloud environments. - Identify, document, and track security gaps and remediation activities in the enterprise risk register. - Perform control effectiveness testing and support continuous monitoring initiatives to ensure ongoing compliance posture. - Cross-Functional Collaboration & Communication - Partner with Security Architecture, IT Operations, SecOps, Internal Audit, and Legal & Compliance to align security controls and risk mitigation strategies. - Translate complex technical findings and compliance status into executive-ready reports, dashboards, and briefings for senior principals - Act as a subject matter expert for CMMC and NIST compliance across the organization, providing guidance and training to stakeholders. GRC Program & Process Maturity - Support the development and maturation of GRC processes including policy management, control mapping, audit support, and evidence management workflows. - Evaluate and recommend GRC tooling and automation opportunities to increase efficiency and accuracy of compliance operations. - Contribute to enterprise-wide assessment campaigns and support regulatory change management activities. - ServiceNow Platform & GRC Tooling - Leverage ServiceNow IRM (Integrated Risk Management) modules — including Risk Management, Policy & Compliance Management, Audit Management, and Vendor Risk Management — to manage and operationalize compliance workflows. - Utilize ServiceNow SecOps (Security Incident Response, Vulnerability Response), CMDB/APM, ITSM, and IT Asset Management to support integrated security and compliance operations. - Build and maintain GRC dashboards, reports, and Performance Data views to provide executive visibility into risk posture, control coverage, and compliance status. - Drive workflow automation within the ServiceNow platform to streamline evidence collection, control testing, risk scoring, and remediation tracking. Qualifications Required - 7–8 years of experience in cybersecurity, information security, GRC, or federal compliance roles. - Deep working knowledge of CMMC 2.0, NIST SP 800-171, NIST SP 800-53, and NIST Cybersecurity Framework (CSF). - Hands-on experience leading or supporting CMMC assessments, including application scoping, control mapping, gap analysis, and remediation planning. - Strong understanding of federal contracting compliance requirements, including DFARS 252.204-7012 and CUI (Controlled Unclassified Information) handling. - Experience developing and maintaining SSPs, POA&Ms, and compliance documentation for federal authorization. - Proven ability to conduct risk assessments across enterprise environments covering endpoints, identity, cloud, and data protection. - Working knowledge of the ServiceNow platform, including familiarity with IRM, SecOps, CMDB, or ITSM modules for managing security and compliance workflows. - Excellent written and verbal communication skills with demonstrated ability to present technical findings to executive audiences. - Experience working cross-functionally with IT, security, audit, and legal teams in a large enterprise environment. Preferred - Professional certifications such as CISSP, CISM, CISA, CAP (Certified Authorization Professional), or CMMC Registered Practitioner (RP). - Hands-on experience with ServiceNow IRM (Integrated Risk Management), including Risk Management, Policy & Compliance Management, Audit Management, and Vendor Risk Management modules. - Experience with broader ServiceNow platform capabilities including CMDB/APM, SecOps (Security Incident Response, Vulnerability Response), ITSM, and IT Asset Management for integrated security and compliance workflows. - Familiarity with ServiceNow reporting, dashboards, Performance Analytics, and workflow automation to drive GRC program efficiency and executive visibility. - Familiarity with FedRAMP, FISMA, FIPS 140-2/3 encryption requirements, and DoD cybersecurity policies. - Background in evaluating dual-environment architectures (e.g., O365 commercial vs. GCC High) for compliance alignment. - Experience with SIEM, EDR (e.g., CrowdStrike), vulnerability management tools, and security architecture review processes. - Knowledge of identity and access management frameworks, including Okta, Active Directory, and SailPoint integrations. - Prior experience in enterprise-scale assessment campaigns involving 50+ applications or business units. - Experience in building or consuming continuous monitoring, control hygiene, or AI-enabled risk/issue automation workflows (e.g., automated control testing, continuous controls monitoring, risk scoring, AI/ML-driven issue remediation). For positions in this location, we offer a base pay of $114,200 - $199,900, plus equity (when applicable), variable/incentive compensation and benefits. Sales positions generally offer a competitive On Target Earnings (OTE) incentive compensation structure. Please note that the base pay shown is a guideline, and individual total compensation will vary based on factors such as qualifications, skill level, competencies, and work location. We also offer health plans, including flexible spending accounts, a 401(k) Plan with company match, ESPP, matching donations, a flexible time away plan and family leave programs. Compensation is based on the geographic location in which the role is located and is subject to change based on work location. Additional Information Work Personas We approach our distributed world of work with flexibility and trust. Work personas (flexible, remote, or required in office) are categories that are assigned to ServiceNow employees depending on the nature of their work and their assigned work location. Learn more here. To determine eligibility for a work persona, ServiceNow may confirm the distance between your primary residence and the closest ServiceNow office using a third-party service. Equal Opportunity Employer ServiceNow is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex, sexual orientation, national origin or nationality, ancestry, age, disability, gender identity or expression, marital status, veteran status, or any other category protected by law. In addition, all qualified applicants with arrest or conviction records will be considered for employment in accordance with legal requirements. Accommodations We strive to create an accessible and inclusive experience for all candidates. If you require a reasonable accommodation to complete any part of the application process, or are unable to use this online application and need an alternative method to apply, please contact [email protected] for assistance. Export Control Regulations For positions requiring access to controlled technology subject to export control regulations, including the U.S. Export Administration Regulations (EAR), ServiceNow may be required to obtain export control approval from government authorities for certain individuals. All employment is contingent upon ServiceNow obtaining any export license or other approval that may be required by relevant export control authorities. From Fortune. ©2025 Fortune Media IP Limited. All rights reserved. Used under license. - Employee Type: Regular - Region: AMS - North America and Canada - Work Persona: Flexible or Remote

CAPCO POLAND *We are looking for Poland based candidate. Capco is a fully independent, global management and technology consultancy. For 25 years we have combined innovative thinking with deep industry knowledge to deliver business consulting, digital transformation and technology services to Finance and Energy markets. Our collaborative and efficient approach helps clients reduce costs and manage risk and regulatory change while increasing revenues. We are thinkers, innovators, and disruptors. We are small enough to care but large enough to matter. We also are experts in focused on development, automation, innovation, and long-term projects in financial services. In Capco, you can code, write, create, and live at your maximum capabilities without getting dull, tired, or foggy. ROLE OVERVIEW: The Senior Java Developer will play a key role in delivering high-visibility strategic initiatives, with a primary focus on designing and implementing components within the MRP platform. The engineer will be responsible for providing scalable, robust, and fault-tolerant solutions that address both current and future business needs. A crucial part of the engagement includes proposing and developing innovative solutions in an iterative manner—quickly delivering functional versions to gather feedback and advising on the full rollout. We are looking for an experienced professional with a strong technical mindset, a pragmatic and delivery-driven approach, and the ability to independently bring continuous business value through effective and innovative use of technology. The collaboration will take place within a dynamic, global environment, involving close interaction with business analysts, project managers, stakeholders, and other technical experts across multiple locations. TECH STACK Must Have: Java 11/17, Spring, Microservices, JUnit, Mockito, Cucumber, Jenkins Nice to Have: Market risk domain experience SKILLS & EXPERIENCE - Expertise in Core Java (JDK 11/17), Collections, Threading, JDBC. - Strong experience with Object-Oriented Programming (OOP), Design Principles, and Design Patterns. - Hands-on experience with Spring Framework (Spring Boot, Spring Data, Hibernate), Web Services, REST APIs, and Microservices architecture. - Proficiency in unit testing, integration testing, and behavior testing using tools such as JUnit, Mockito, Cucumber. - Strong experience with Java IDEs such as IntelliJ IDEA, Eclipse, VS Code - Skilled in Java debugging, profiling, and performance tuning - Experience with OLTP and OLAP systems (preferably PostgreSQL and Clickhouse) - Good exposure to Java coding standard, clean code, code review - Knowledge of Domain-Driven Design and Microservices Architecture - Proficient in Shell scripting, and working in a UNIX/LINUX environment - Familiarity with authentication and authorisation frameworks and tools (e.g. AD/LDAP, OAuth2, SSO, Kerberos, JWT, Spring Security) - Experience JIRA, Git / Bitbucket, and Gitflow branching strategy - Familiarity with build tools, CI/CD pipelines, and code quality tools (e.g., Maven, Jenkins, SonarQube, Artifactory) Additionally but not mandatory - very good to have - Java certification (preferred but not essential) - Experience with containers and Container Platforms (e.g., Docker, Podman, Kubernetes, OpenShift, AWS EKS) - Knowledge of Sprint Cloud stack (e.g., Spring Cloud Config, Gateway, Eureka, Stream, Data Flow) - Experience with monitoring, log analysis tools (e.g., ELK stack, Splunk) - Knowledge in AWS S3 and its compatible storage systems such as HCP and MinIO - Familiarity with messaging technologies such (e.g., Kafka, RabbitMQ, Solace) - Experience with Workflow Engines (e.g., jBPM, Activiti, Camunda) - Knowledge in Big Data technologies (e.g., Hadoop, HDFS, Spark) - Cloud platform experience (AWS, Azure). - Experience with front-end development (e.g., HTML5, JavaScript, ReactJS) - Knowledge of OLAP technologies (e.g., ActivePivot, ClickHouse, Exasol, SSAS, MDX/XMLA NON-TECHNICAL SKILLS - Strong communication and collaboration skills in a global team environment. - Proven ability to manage multiple priorities, make decisions independently, and meet deadlines under pressure. - Strong problem-solving, analytical, and organizational abilities. We offer a flexible collaboration model based on a B2B contract, with the opportunity to work on diverse projects. RECRUITMENT PROCESS - HR interview with Recruiter - Technical Screening interview with Capco Engineering Team - Code Challenge - Client interview - Feedback and Offer We have been informed of several recruitment scams targeting the public. We strongly advise you to verify identities before engaging in recruitment related communication. All official Capco communication will be conducted via a Capco recruiter.

Manager, Capital Markets & Risk-Treasury Management (Remote-Eligible) The Treasury Systems & Business Solutions team, a department within Treasury that falls under Capital Markets and Risk organization, consists of business process and system experts who are passionate about creating a simple, well-integrated and intelligent solution that enables superior decision making and best-in-class execution, operations, and risk management for the Treasury department. We are responsible for maintaining Treasury software applications that support both business users and data consumers, while influencing strategic technology decisions. Working back from business imperatives, and internal customer needs, we lead Agile teams to implement new products for Treasury , develop new capabilities, and deliver high quality data. We are looking for a Manager to work with the Agile pod in delivering cloud-based solutions for the overall business intent through close collaboration across internal partners. This role will be responsible for leading the necessary customer interviews and analysis to ground the problems to be solved, running impact analysis, and working with Agile teams to define, test and implement solutions. Our ideal candidate should possess strong system configuration knowledge for SimCorp Dimension to help build a strong system support team and to expand the usage of SimCorp across Capital One finance teams. General Responsibilities: - Leading team development on training and talent development - Collaborate with business stakeholders across Front Office, Middle Office, and Accounting, Product and Technology partners on solution development, process enhancements, and production issue resolution - Work with business stakeholders to define requirements and document user acceptance test cases, negative test scenarios - Define solutions (requirements, designs, services, recommendations) to achieve required business outcomes - Perform configuration changes to the SimCorp Dimension system - Own the development, maintenance, management, and delivery of analysis, user manuals, training materials, and technical specifications - Own the integrity of the solution through participation in software testing and quality assurance activities - Participate in release planning activities and perform required validation - Learn and leverage cloud based data management tools to create analytics, reporting, and automation solutions for internal customers' case - Communicate progress and status to team members and stakeholders - Identify roadblocks to projected timeline and present possible solutions - Collaborate with cross functional teams to launch new initiatives - Lead large cross functional projects and work with senior level stakeholders Capital One is open to hiring a Remote Employee for this opportunity. Basic Qualifications: - Bachelor's Degree or military experience - At least 5 years of SimCorp Dimension configuration experience - At least 5 years of experience in business systems analysis - At least 5 years of experience with Capital Markets, Finance, or a combination Preferred Qualifications: - At least 8 years of experience using SimCorp Dimension's IBOR and ABOR platforms - Experience in SimCorp technical functions, such as Communication Server, Data Format Extracts, Data Format Setups, Services, etc - At least 8 years of experience in Capital Markets, Accounting, Front Office, Trade Operations in fixed income securities, or a combination - At least 1 year of experience with programming languages At this time, Capital One will not sponsor a new applicant for employment authorization for this position. The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked. Remote (Regardless of Location): $149,800 - $171,000 for Manager, Capital Markets & Risk McLean, VA: $164,800 - $188,100 for Manager, Capital Markets & Risk Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter. This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan. Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at the Capital One Careers website . Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level. This role is expected to accept applications for a minimum of 5 business days. No agencies please. Capital One is an equal opportunity employer (EOE, including disability/vet) committed to non-discrimination in compliance with applicable federal, state, and local laws. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections 4901-4920; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1-800-304-9102 or via email at RecruitingAccommodation@capitalone.com . All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations. For technical support or questions about Capital One's recruiting process, please send an email to Careers@capitalone.com Capital One does not provide, endorse nor guarantee and is not liable for third-party products, services, educational tools or other information available through this site. Capital One Financial is made up of several different entities. Please note that any position posted in Canada is for Capital One Canada, any position posted in the United Kingdom is for Capital One Europe and any position posted in the Philippines is for Capital One Philippines Service Corp. (COPSSC).