Social network you want to login/join with:
JOB DESCRIPTION
Our Purpose
Title and Summary
Security Risk Analyst II Overview
The Mastercard Technology Risk Team is looking for a security analyst to support the implementation of international standards, processes, best practices, and IT frameworks, thereby helping the organization enhance its current security posture.
Responsibilities:
1. Oversee compliance and the implementation of design (up-to-date standard operating procedures) and operational effectiveness (testing the validity of procedures periodically).
2. Participate in gathering, documenting, monitoring, and preliminary analysis of information security and technology metrics.
3. Identify, test, and report security weaknesses in systems and applications. Participate in the risk management process, including documenting, reviewing, and updating systems regularly; contribute to internal risk reports.
4. Maintain understanding of security policies and regulatory compliance (ISO 27001, PCI, GDPR).
5. Monitor technology risk and compliance, and develop, deliver, maintain, and monitor IT policies, standards, and best practices.
6. Oversee governance and compliance of vulnerability remediation enterprise-wide.
7. Support special projects as requested; provide ad-hoc support to management.
8. Develop effective working relationships with internal and external stakeholders, auditors, process and control owners, and functional staff.
9. Understand and interact with related disciplines through different committees to ensure consistent application of policies and standards across all technology functions.
Experience Required:
1. Experience supporting information security, IT audit, and/or IT risk management principles.
2. Familiarity with risk management processes and methods for assessing and mitigating risk.
3. Conceptual understanding of IT and security controls, networking, and information security technologies.
4. Knowledge of Risk and Control Framework standards such as ISO 27001, NIST CSF, PCI-DSS.
5. Background in developing and maintaining security policies, processes, procedures, and standards.
6. Strong analytical and problem-solving skills for designing, creating, and testing security controls and systems.
Nice to have:
1. Experience creating ISMS documentation to integrate ISO 27001 requirements.
2. ISO 27001:2022 Lead Auditor/Lead Implementer certification.
3. CISA/CISM Certification.
4. Knowledge of laws, regulations, policies, and ethics related to cybersecurity and IT management (GDPR, NY DFS Part 500, MAS TRM, etc.).
5. Knowledge of Mastercard products, technology, security, and risk management practices (desired, not required).
6. Experience using RSA Archer or equivalent risk tool sets.
Qualifications and Skills:
1. Bachelor’s degree or equivalent in information systems management, computer science, IT, or related field.
2. Experience with certifications, compliance, and security audits.
3. Excellent written and verbal communication skills; strong interpersonal skills.
4. Ability to handle multiple tasks simultaneously and switch between tasks quickly.
Corporate Security Responsibility
All activities involving access to Mastercard assets, information, and networks carry inherent risks. Employees must:
* Abide by Mastercard’s security policies and practices;
* Ensure confidentiality and integrity of accessed information;
* Report suspected security violations or breaches;
* Complete mandatory security trainings as per Mastercard’s guidelines.
#J-18808-Ljbffr