Our Purpose

Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.

Title and Summary

Lead Technology Risk Analyst - Tech Risk & Control Lifecycle

Overview:

TR&C is a business enabler and industry leader, empowering Mastercard to provide regulators, auditors, and customers with assurance of our strong practices around risk management, control best practices, data, operational resiliency, IT operations, and security. We provide governance, tools and frameworks to frontline programs to ensure a secure and resilient technology control environment— empowered by a multi-disciplinary team of top technology and risk professionals.
Our mission is to provide best-in-class: risk and control governance, methodology and best practices
•\tcomprehensive risk assessments and audit/issue support
•\tfrontline control testing and validation
•\tservice level management across critical domains (i.e., change management, incident management)

We provide risk intelligence and analysis, and streamline and scale assurance activities through automation, reusability, and self-service.


Responsibilities:

o\tExecute product and infrastructure risk assessments in alignment with Mastercard’s Risk Management framework and industry best practices.
o\tAdvise and assist with the implementation of technology and information security policies and strategies, promoting a culture of risk awareness and compliance.
o\tSupport the optimization of technology risk and controls activities to demonstrate technology compliance across multiple markets, leveraging common elements and focusing on reusability.
o\tIdentify opportunities within the risk management lifecycle for automation, leveraging existing service operations tools to drive efficiency and consistency across the business.
o\tMaintain and enhance templates used for risk management activities, such as risk assessments and risk and control self-attestations, based on industry best practices.
o\tCollaborate with technology partners - Engineering, Business Operations, Security Leads, and Risk Management teams to understand and translate technology and security risk management requirements, perform gap analysis, provide recommendations, and assist in developing remediation plans.
o\tAssist with the design and implementation of controls to demonstrate compliance with technology and security standards and associated control requirements, supporting remediation approaches to ensure tracking and closure of gaps.
o\tEvaluate the current state of controls in relation to industry best practices and Mastercard standards, providing recommendations to enhance controls maturity.
o\tShare best practices and leverage trend analysis to execute business and cross-functional strategies around managing obligations.
o\tReport on technology and security risk and compliance trends, assisting in risk treatment, including exception and escalation awareness.

Experience:

o\tStrong foundation of risk management fundamentals, lifecycle and processes (e.g., methods for identifying, assessing, treating, and monitoring risk).
o\tPrior experience executing Tech risk and control activities (e.g., RCSA, Internal/external audits, risk assessments, SOC2/ISO/PCI) in first, second or third line of defense
o\tBackground in technology audit, risk management, technology operations, information systems management, information security management, etc.
o\tStrong knowledge of baseline technology and security processes, risks, and controls. Tech and Information Security control testing experience preferred
o\tFamiliarity with technology/security frameworks and mechanisms (e.g., SOC 1, SOC 2, PCI-DSS, ISO 27001, COBIT, CRI).
o\tUnderstanding of regulatory technology and security risk management expectations.
o\tKnowledge of current and emerging technologies and their potential for exploitation.
o\tExperience collaborating cross-functionally and geographically to identify and implement best practice risk processes.
o\tSystematic problem-solving approach, coupled with strong communication skills and a sense of ownership to drive results.

Corporate Security Responsibility

All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:

Abide by Mastercard’s security policies and practices;

Ensure the confidentiality and integrity of the information being accessed;

Report any suspected information security violation or breach, and

Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.