The Principal Technology Risk Management will enhance cybersecurity governance, manage risks, update policies, and support compliance efforts across the Vocalink business.
Our Purpose
Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we're helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.
Title and Summary
Principal Technology Risk Management
Overview
The Vocalink Security team is looking for a Principal, Technology Risk Management to drive maturity of internal cybersecurity governance processes. This includes supporting business decisioning through robust risk management practices, including management of cybersecurity policies, standards and controls across the Vocalink business and helping drive timely response to, and remediation of, control weaknesses and deviations to policies.
Business Outcomes
The role will ensure security policies and controls are kept up to date as the business expands, and that they remain fit for purpose as processes and technologies change.
The role will also be responsible for undertaking risk assessments that clearly articulate the cybersecurity risks faced by the business, in order to inform business decisions and outcomes.
Role
Lead on the creation and maintenance of all Vocalink cybersecurity policies and standards.
Support control owners with the management of controls to address cybersecurity risk, ensuring alignment with adopted industry frameworks, corporate Mastercard policies, and regulatory & contractual obligations.
Ensure policies and standards are appropriately communicated across the business to ensure adoption.
Oversee deviations to policies and standards, ensuring policy owners are able to balance associated risks against business benefits. Identify, assess, monitor and manage cybersecurity risks across the business, enabling the business to make informed decisions which balance business objectives against risk appetite.
Perform risk assessments to support prioritisation of key cybersecurity initiatives, and subsequently to provide assurance that desired risk reductions have been realised.
Track management action plans to address control issues and deliver associated management reporting to senior stakeholders.
Support the enhancement of Security Governance, Risk and Compliance (GRC) reporting, including cybersecurity KRIs/KCIs/KPIs, to support oversight of policy adoption and risk treatment activities.
Respond to customer due diligence queries and questionnaires in a timely manner, as requested from time to time.
Supports leadership, leveraging a solid understanding of industry audit and compliance standards and internal control concepts and principles, risks and regulations.
Manage cross-functional initiatives to deliver on risk and framework goals, policies and procedures.
All About You
Understanding of Security GRC roles and responsibilities. Experience of creating, developing and enhancing security policies to ensure they stay up-to-date and meet all business requirements.
Understanding of a broad range of industry frameworks and standards including ISO 27001, PCI DSS and Cyber Risk Institute Profile / NIST requirements.
Robust experience of implementing security risk management best practices and methods, along with compiling and reporting cybersecurity risks and control effectiveness.
Experience of working with internal and external audit teams.
Experience in using IBM Openpages and RSA Archer GRC solutions desirable.
Security-focused analytical skills to support risk and control assessments.
Ability to work autonomously taking personal accountability for deliverables.
Ability to work as part of a team.
Ability to influence and motivate others to achieve security objectives.
Good communication skills, in written and verbal form.
Diligent and thorough approach to problem solving.
Ability to resolve varied and complex compliance issues.
Experience delivering presentations and engaging with senior leadership.
Experience growing and motivating a team and coaching members through career milestones and progression.
Corporate Security Responsibility
All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:
Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we're helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.
Title and Summary
Principal Technology Risk Management
Overview
The Vocalink Security team is looking for a Principal, Technology Risk Management to drive maturity of internal cybersecurity governance processes. This includes supporting business decisioning through robust risk management practices, including management of cybersecurity policies, standards and controls across the Vocalink business and helping drive timely response to, and remediation of, control weaknesses and deviations to policies.
Business Outcomes
The role will ensure security policies and controls are kept up to date as the business expands, and that they remain fit for purpose as processes and technologies change.
The role will also be responsible for undertaking risk assessments that clearly articulate the cybersecurity risks faced by the business, in order to inform business decisions and outcomes.
Role
Lead on the creation and maintenance of all Vocalink cybersecurity policies and standards.
Support control owners with the management of controls to address cybersecurity risk, ensuring alignment with adopted industry frameworks, corporate Mastercard policies, and regulatory & contractual obligations.
Ensure policies and standards are appropriately communicated across the business to ensure adoption.
Oversee deviations to policies and standards, ensuring policy owners are able to balance associated risks against business benefits. Identify, assess, monitor and manage cybersecurity risks across the business, enabling the business to make informed decisions which balance business objectives against risk appetite.
Perform risk assessments to support prioritisation of key cybersecurity initiatives, and subsequently to provide assurance that desired risk reductions have been realised.
Track management action plans to address control issues and deliver associated management reporting to senior stakeholders.
Support the enhancement of Security Governance, Risk and Compliance (GRC) reporting, including cybersecurity KRIs/KCIs/KPIs, to support oversight of policy adoption and risk treatment activities.
Respond to customer due diligence queries and questionnaires in a timely manner, as requested from time to time.
Supports leadership, leveraging a solid understanding of industry audit and compliance standards and internal control concepts and principles, risks and regulations.
Manage cross-functional initiatives to deliver on risk and framework goals, policies and procedures.
All About You
Understanding of Security GRC roles and responsibilities. Experience of creating, developing and enhancing security policies to ensure they stay up-to-date and meet all business requirements.
Understanding of a broad range of industry frameworks and standards including ISO 27001, PCI DSS and Cyber Risk Institute Profile / NIST requirements.
Robust experience of implementing security risk management best practices and methods, along with compiling and reporting cybersecurity risks and control effectiveness.
Experience of working with internal and external audit teams.
Experience in using IBM Openpages and RSA Archer GRC solutions desirable.
Security-focused analytical skills to support risk and control assessments.
Ability to work autonomously taking personal accountability for deliverables.
Ability to work as part of a team.
Ability to influence and motivate others to achieve security objectives.
Good communication skills, in written and verbal form.
Diligent and thorough approach to problem solving.
Ability to resolve varied and complex compliance issues.
Experience delivering presentations and engaging with senior leadership.
Experience growing and motivating a team and coaching members through career milestones and progression.
Corporate Security Responsibility
All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:
- Abide by Mastercard's security policies and practices;
- Ensure the confidentiality and integrity of the information being accessed;
- Report any suspected information security violation or breach, and
- Complete all periodic mandatory security trainings in accordance with Mastercard's guidelines.
Top Skills
Cyber Risk Institute Profile
Ibm Openpages
Iso 27001
Nist
Pci Dss
Rsa Archer Grc
Mastercard London, England Office
1 Angel Lane, London, United Kingdom, EC4R 3AB
Similar Jobs at Mastercard
Blockchain • Fintech • Payments • Consulting • Cryptocurrency • Cybersecurity • Quantum Computing
The Director of Business Excellence will act as Chief of Staff, support the EVP, lead cross-functional projects, and drive employee engagement and COO strategy.
Blockchain • Fintech • Payments • Consulting • Cryptocurrency • Cybersecurity • Quantum Computing
The Software Engineer develops, tests, and maintains software solutions, aims for high quality and secure applications, and collaborates on project teams.
Top Skills:
Agile MethodologiesSoftware Engineering ConceptsTest Automation
Blockchain • Fintech • Payments • Consulting • Cryptocurrency • Cybersecurity • Quantum Computing
This role involves designing ETL processes, sourcing data, collaborating with teams, and solving big data problems to drive data-driven decisions.
Top Skills:
ETLProgramming LanguageRelational DatabasesSQLSsis
What you need to know about the London Tech Scene
London isn't just a hub for established businesses; it's also a nursery for innovation. Boasting one of the most recognized fintech ecosystems in Europe, attracting billions in investments each year, London's success has made it a go-to destination for startups looking to make their mark. Top U.K. companies like Hoptin, Moneybox and Marshmallow have already made the city their base — yet fintech is just the beginning. From healthtech to renewable energy to cybersecurity and beyond, the city's startups are breaking new ground across a range of industries.
