Our Purpose
Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.
Title and Summary
Director, Technology Risk and Control Framework (2LoD)Overview:The Mastercard Risk (2LoD) is looking for a Director to lead the implementation and roll out of a best practice Technology Control Framework and deliver independent test / validation of key controls across Mastercard’s Technology estate. The role requires a depth of knowledge and experience in Security and Operational risk approaches such as FAIR / RCSA / ISO31000 and of industry control standards such as Cyber Risk Institute Profile, NIST CSF, Unified Control Framework and SOC1/2. The role also requires knowledge of risk management expectations of payment industry regulators globally.
Role:
•\tLead the 2LoD implementation / co-ordination of a Technology Control Framework based on the UCF and CRI Profile
•\tDeliver control sample testing on critical services or key business units leveraging industry best practices to assess control design and effectiveness
•\tDriver the establishment of a 1LoD Control Library that aligns to a co-ordinated Technology Control Framework
•\tRepresent Technology Risk in relevant governance committees and facilitate the effectiveness of technology risk forums in supporting decision making
•\tSupport the integration of the control framework into the technology risk assessment program for Mastercard
•\tLeverage industry standards to support the analysis of how controls affect risk i.e. via the FAIR CAM industry standard
•\tAlign the Technology Control Framework to support decision making against the Mastercard Risk Appetite Framework inclusive of risk objectives and measurable tolerances.
•\tManages collaborative working relationships with stakeholders at the regional or local level
•\tSupport the development of risk processes that implement best practices and ensure all processes are documented, reviewed and updated regularly
•\tCo-ordinate the maintenance of risk registers, control libraries and issue management processes in order to support the monitoring and reporting of material risks
All About You:
Experience
Required
•\tExperience delivering control testing and assurance reviews
•\tExperience delivering presentations and engaging with senior leadership
•\tExperience managing the Technology risk strategies that maintain the status of industry compliance standards (e.g. CRI Profile, ISAE 3402, SOC, CPMI IOSCO etc)
•\tExperience engaging with banking and payment industry regulators and an understanding of their requirements in relation to risk management and assurance
Nice to have
•\tExperience with the FAIR Methodology and FAIR CAM
•\tExperience leveraging GRC tools
•\tExperience with regulatory and industry best practice and standards such as ISO 27001, PCI DSS, GLBA and CRI Profile, NIST CSF
Qualifications and Skills
Required
•\tBusiness Degree (or equivalent) in a relevant field to risk management
•\tVery strong knowledge of Risk Management best practice
•\tKnowledge of Risk Assessment methodologies such as RCSA (Risk Control Self Assessment) and control assurance approaches
•\tSystematic problem-solving approach, coupled with strong communication skills and a sense of ownership and drive.
Nice to have
•\tMasters Risk Management
•\tStrong IT technical knowledge or knowledge of payment systems
•\tProject Management Skills
•\tKnowledge of Quantitative Risk Approaches (i.e. Monte Carlo Simulation)Mastercard is an inclusive equal opportunity employer that considers applicants without regard to gender, gender identity, sexual orientation, race, ethnicity, disabled or veteran status, or any other characteristic protected by law. In the US or Canada, if you require accommodations or assistance to complete the online application process or during the recruitment process, please contact reasonable_accommodation@mastercard.com and identify the type of accommodation or assistance you are requesting. Do not include any medical or health information in this email. The Reasonable Accommodations team will respond to your email promptly.
Corporate Security Responsibility
All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:
Abide by Mastercard’s security policies and practices;
Ensure the confidentiality and integrity of the information being accessed;
Report any suspected information security violation or breach, and
Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.