Lead Technology Risk Analyst

Our Purpose

Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.

Title and Summary

Lead Technology Risk Analyst

The Mastercard Technology Risk Team is looking for an Assurance Manager to oversee the assurance program supporting requirements to meet customer and regulatory obligations for various regions. The focus of the position is on providing readiness and compliance support, monitoring, and reporting of the operating effectiveness of Mastercard’s internal control environment. The role is a pivotal part of the Mastercard technology risk function.
Mastercard is committed to balancing innovation while protecting the internal control posture. The team assesses internal controls to proactively identify risks, define remediation actions and track remediation efforts. We are looking for someone to join our team and help us meet these compliance goals. This person will be technically savvy and likes to solve issues and drive outcomes.
The ideal candidate will have the ability to think and act both strategically and tactically while ensuring that the organisation remains compliant with required security, technology, and financial standards, as well as industry best practices.
Responsibilities:
Lead evaluations and assessments
• Develop, plan, and execute control assessments of various IT (security) and, to a lesser extent, business areas to assess potential risks or control gaps, beyond procedural aspects, and also including technical configurations
• Understand the materiality of findings to live services
• Report formally on the results of assurance/certification objectives, controls and risk assessments
• Manage control inquiries from both internal and external stakeholders
Control framework and policy development
• Engage with customers to design control frameworks to ensure assurance needs and expectations are met for various certifications (e.g., ISAE, SOC…)
• Engage with auditors to develop, mature and evaluate the control framework to ensure objectives are met and risk is managed effectively
• Engage with internal stakeholders to make feasibility evaluations and cost/benefit analyses for control implementation
Remediation design and tracking
• Establish and track remediation through to resolution whilst improving design and operating effectiveness of controls
• Reduce error ratings and risk exposure as a result of gaps in control performance
• Develop and maintain reports, metrics and presentations of progress and results for meetings with internal stakeholders, customers, and regulators
• Provide data analysis and strategy execution across risk areas, leveraging an understanding of risk and regulations
About you:
• You have proven experience in successfully implementing and evaluating control frameworks (e.g., ISAE 3402, ISAE 3000 and SOC 2) and/or managing and executing technology audits
• You have a Bachelor’s degree in computer science, information technology, IT/technology audit or related field, or an equivalent combination of education and experience
• You are comfortable with the Trust Services Criteria (TSC), the five principles (security, availability, processing integrity, confidentiality, and privacy) and how to achieve them across various platforms is essential
• Professional certification like CISSP, CISA, CRISC or similar is highly valued
• Familiarity with the financial services industry and payment processing industry is a plus
• You have strong interpersonal, communication and presentation skills necessary for interaction with business leaders and teams across all levels of the organization
• You will contribute to a work environment that encourages knowledge of, respect for and development of skills to engage with those of other cultures and backgrounds
• You are comfortable to challenge strategy and approach, but also have the pragmatism to successfully negotiate build consensus

Corporate Security Responsibility

All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:

• Abide by Mastercard’s security policies and practices;

• Ensure the confidentiality and integrity of the information being accessed;

• Report any suspected information security violation or breach, and

• Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.