Lead Security Control Assessor – Job SummaryThis role involves executing testing of security controls, shaping control testing plans, reviewing evidence, evaluating control effectiveness, and initiating findings for shortfalls.Key ResponsibilitiesExecute control testing (including design and operating effectiveness) across key security control domains such as access management, vulnerability management, logging/monitoring, encryption, incident response, etc.Evaluate evidence submitted by operators of security controls, rate effectiveness, and initiate findings as required.Facilitate remediation of control gaps by partnering with control owners, operators, and security engineers to clarify requirements, remove blockers, agree on target dates, and expedite overdue or high‑risk gaps through defined governance.Identify and communicate priorities for security control testing across the business, leveraging relationships with control owners, knowledge of the risk environment, and awareness of metrics on control performance.Participate in documentation of control testing procedures and drive enhancements of control testing tools.Support internal and external assessments and audits by coordinating evidence, leading walkthroughs of control design/testing approach, and addressing inquiries in partnership with compliance and audit teams.All About You – QualificationsBachelor’s degree (or equivalent practical experience) in Information Security, Information Systems, Computer Science, or a related field.Relevant certifications such as CISA, CISSP, Security+, PCI ISA, etc.5–8 years of experience in 1st Line of Defense control testing, technology audit, risk & compliance, or security engineering with demonstrated ownership of testing/assurance outcomes.Strong technical understanding across core security control domains.Experience building and executing test procedures against formal standards/frameworks, including scoping, sampling, and defining evidence requirements.Ability to produce clear, defensible test documentation with strong attention to detail and consistency.Experience in a payment, fintech, bank, or other highly regulated environment.Familiarity with payment security concepts and frameworks, particularly PCI DSS.Experience with GRC platforms (e.g., RSA Archer) and evidence/workflow automation.NICE Framework ReferencesMastercard Corporate Security Roles have been aligned with the NICE framework (National Initiative for Cybersecurity Education). For this role the NICE Work Roles most closely aligned are:Security Control Assessment (OG-WRL-012): Responsible for conducting independent comprehensive assessments of management, operational, and technical security controls and control enhancements employed within or inherited by a system to determine their overall effectiveness.Systems Testing and Evaluation (DD-WRL-007): Responsible for planning, preparing, and executing system tests, evaluating test results against specifications, and reporting findings.Vulnerability Analysis (PD-WRL-007): Responsible for assessing systems and networks to identify deviations from acceptable configurations, enclave policy, or local policy. Measure effectiveness of defense‑in‑depth architecture against known vulnerabilities.Cybersecurity Architect (DD-WRL-001): Responsible for ensuring that security requirements are adequately addressed in all aspects of enterprise architecture, including reference models, segment and solution architectures, and the resulting systems that protect and support organizational mission and business processes.Systems Security Analyst (OM-ANA-001): Helps ensure secure configuration and operational security requirements are implemented and verifiable in production environments.Corporate Security ResponsibilityAbide by Mastercard’s security policies and practices.Ensure the confidentiality and integrity of the information being accessed.Report any suspected information security violation or breach.Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.
#J-18808-Ljbffr