Principal Analyst, Control Testing, Certification and Assurance (Director Level)

Our Purpose Mastercard powers economies and empowers people in 200 countries and territories worldwide. Together with our customers, we’re helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential. Title and Summary Principal Analyst, Control Testing, Certification and Assurance (Director Level) The newly created 1st Line Control Office function within Vocalink Limited (VLL) is seeking a Principal Analyst (Director-level equivalent), to join the Control Testing, Certification and Assurance team. This senior technical role is for an experienced technical subject matter expert who will be responsible for leading and managing Certifications, Certification Audits, and other Assurance activities including conducting control testing to drive the retention of VLL’s certifications across multiple frameworks and the delivery of assurance obligations to its customers and Regulators. This position requires a deep and broad understanding of security and technology control frameworks, with hands-on experience across standards such as: ISO 27001, ISO 22301, PCI DSS, PCI PIN, SWIFT CSP, ISAE 3000 etc. The successful candidate must have proven expertise in analysing and assessing control design, implementation and operating effectiveness against these standards, ensuring compliance and identifying gaps. The role also involves end-to-end management of external audits, requiring strong coordination skills and experience in audit readiness and stakeholder engagement. The Role The role has a significant emphasis on PCI DSS, so the successful candidate must have extensive experience in: understanding and testing against PCI DSS requirements, and managing all aspects of the PCI DSS external audit process. Key Responsibilities: 1. Leadership & Strategy - Lead and manage external audits for technical standards, e.g. PCI DSS and PCI PIN. - Support the Vice President and Director of Certification and Assurance in the development and maintenance of the annual Control Testing, Certification and Assurance plan. - Supporting and deputising for the Director of Certification and Assurance in the discharge of their responsibilities, as required. - Provide strategic input into the evolution and continuous improvement of Certification and Assurance team processes and procedures. 2. Certification and Assurance Responsibilities - Maintain certification related documentation. - Prepare and lead the organisation for annual certification audits. - Lead the assessment and validation of controls and processes against a variety of security standards and obligations. - Lead the team on the management of certifications, (e.g., ISO27001, PCI DSS) and assurance activities (e.g., ISAE3000). - Conduct periodic testing of key and non-key controls in line with the Control Testing Methodology. - Evaluate compliance with internal policies, standards, regulatory requirements, and customer obligations. - Prepare and review control testing documentation, including test procedures, results, and identified gaps. - Ensure timely escalation of control deficiencies and support remediation tracking. - Create and quality assure reports and team outputs. 3. Team Leadership, Collaboration & Stakeholder Engagement - Supervise and mentor junior team members (Senior Analysts and Managers), providing guidance on certification requirements, assurance requirements, testing execution and quality assurance. - Support the team Director in delivering the Certification and Assurance plan. - Maintain close working relationships with Control and Process Owners and Operators to operate certificate maintenance and assurance activities efficiently and effectively. - Contribute to reportin ... (truncated, view full listing at source)