Title and Summary
Senior Technology Risk Analyst
The Commercial & New Payment Flows Technology Risk team is seeking a Technology Risk Analyst II role. The role will be responsible for assessing the effectiveness of controls for the first line business, which is crucial for adhering to customer and regulatory mandates. In addition, the role would also include providing compliance support and monitoring and reporting on the ongoing operational efficacy of Mastercard's Technology control framework as well as performing data analysis and aggregation across other tech risk initiatives. This role will be a pivotal component of the Mastercard Technology Regulatory Execution function.
Mastercard is committed to striking a balance between innovation and safeguarding its internal control posture. The team conducts assessments of internal controls to proactively identify risks, define remediation actions, and monitor remediation progress. We are seeking an individual to join our team and assist us in achieving these compliance objectives. This person will possess technical expertise, a propensity for problem-solving, and a drive to achieve outcomes.
Job Responsibilities
Provide consultancy and central coordination for security and compliance activities, encompassing the implementation of ISO 27001, ISO 9001, and ISO 27701, as well as PCI standards within the organisation.
Identify potential security risks and issues through control assessments and ensure their resolution within specified timelines.
Establish and monitor remediation efforts both internally and externally until resolution, while simultaneously enhancing the design and operational efficiency of controls.
Document the outcomes of assessments and prepare assessment reports for key stakeholders.
Prepare compliance status reports and dashboards for key initiatives, plans, and audit tracking of current processes in accordance with management requirements.
Data Aggregation & reporting for various risk & compliance activities in support of the larger risk management practices.
About You
Experience:
Ideal experience working within digital and technology functions, preferably in a compliance role.
Reasonable understanding of security and quality management frameworks such as ISO 27001/27002, ISO 9001, ISO 27701, and PCI.
Bachelor's degree or equivalent combination of education and experience, or a Bachelor's degree in computer science, information technology, or a related field is preferred.
One or more professional certifications like CISA or CISSP (desirable).
Professional certifications ISO 27001, ISO 9001 Lead Auditor, and Implementer.
Reasonable understanding of information security domains and possesses a well-rounded technical background. Basic knowledge of infrastructure and application security would be desirable.
Experience working on GRC tools like Archer would be a significant advantage.
Excellent communication and problem-solving skills and able to collaborate across global team.
Demonstrated experience in managing complex projects related to information security.
Ability to:
Review security architecture of applications and determine PCI/ISO relevance.
Employ strong research skills and problem solving skills.
Apply PCI/ISO standards to new and existing technologies.
Identify and evaluate security gaps.
Communicate business risk to stakeholders.
Understand security findings (scanning/Pen test) and assess remediation strategy.
Evaluate compensating controls.
Conduct or facilitate meaningful meetings.
Work in slightly chaotic, rapidly growing environment.
Corporate Security Responsibility
Abide by Mastercard's security policies and practices;
Ensure the confidentiality and integrity of the information being accessed;
Report any suspected information security violation or breach, and
Complete all periodic mandatory security trainings in accordance with Mastercard's guidelines.
#J-18808-Ljbffr