Director, Technology Risk and Control Framework (2LoD)

Director, Technology Risk and Control Framework (2LoD)

Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart, and accessible. Our technology and innovation, partnerships, and networks combine to deliver a unique set of products and services that help people, businesses, and governments realize their greatest potential.

Overview:

The Mastercard Risk (2LoD) is looking for a Director to lead the implementation and roll out of a best practice Technology Control Framework and deliver independent test/validation of key controls across Mastercard’s Technology estate. The role requires a depth of knowledge and experience in Security and Operational risk approaches such as FAIR / RCSA / ISO31000 and of industry control standards such as Cyber Risk Institute Profile, NIST CSF, Unified Control Framework, and SOC1/2. The role also requires knowledge of risk management expectations of payment industry regulators globally.

Role Responsibilities:

1. Lead the 2LoD implementation/co-ordination of a Technology Control Framework based on the UCF and CRI Profile.
2. Deliver control sample testing on critical services or key business units leveraging industry best practices to assess control design and effectiveness.
3. Drive the establishment of a 1LoD Control Library that aligns to a coordinated Technology Control Framework.
4. Represent Technology Risk in relevant governance committees and facilitate the effectiveness of technology risk forums in supporting decision making.
5. Support the integration of the control framework into the technology risk assessment program for Mastercard.
6. Leverage industry standards to support the analysis of how controls affect risk i.e., via the FAIR CAM industry standard.
7. Align the Technology Control Framework to support decision making against the Mastercard Risk Appetite Framework inclusive of risk objectives and measurable tolerances.
8. Manage collaborative working relationships with stakeholders at the regional or local level.
9. Support the development of risk processes that implement best practices and ensure all processes are documented, reviewed, and updated regularly.
10. Coordinate the maintenance of risk registers, control libraries, and issue management processes in order to support the monitoring and reporting of material risks.

All About You:

Experience Required:

1. Experience delivering control testing and assurance reviews.
2. Experience delivering presentations and engaging with senior leadership.
3. Experience managing the Technology risk strategies that maintain the status of industry compliance standards (e.g., CRI Profile, ISAE 3402, SOC, CPMI IOSCO, etc).
4. Experience engaging with banking and payment industry regulators and an understanding of their requirements in relation to risk management and assurance.

Nice to have:

1. Experience with the FAIR Methodology and FAIR CAM.
2. Experience leveraging GRC tools.
3. Experience with regulatory and industry best practice and standards such as ISO 27001, PCI DSS, GLBA, and CRI Profile, NIST CSF.

Qualifications and Skills Required:

1. Business Degree (or equivalent) in a relevant field to risk management.
2. Very strong knowledge of Risk Management best practice.
3. Knowledge of Risk Assessment methodologies such as RCSA (Risk Control Self Assessment) and control assurance approaches.
4. Systematic problem-solving approach, coupled with strong communication skills and a sense of ownership and drive.

Nice to have:

1. Masters in Risk Management.
2. Strong IT technical knowledge or knowledge of payment systems.
3. Project Management Skills.
4. Knowledge of Quantitative Risk Approaches (i.e., Monte Carlo Simulation).

Mastercard is an inclusive equal opportunity employer that considers applicants without regard to gender, gender identity, sexual orientation, race, ethnicity, disabled or veteran status, or any other characteristic protected by law. In the US or Canada, if you require accommodations or assistance to complete the online application process or during the recruitment process, please contact reasonable_accommodation@mastercard.com and identify the type of accommodation or assistance you are requesting. Do not include any medical or health information in this email. The Reasonable Accommodations team will respond to your email promptly.

Corporate Security Responsibility:

All activities involving access to Mastercard assets, information, and networks come with an inherent risk to the organization, and therefore, it is expected that every person working for or on behalf of Mastercard is responsible for information security and must:

• Abide by Mastercard’s security policies and practices.
• Ensure the confidentiality and integrity of the information being accessed.
• Report any suspected information security violation or breach.
• Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.