Manager, Risk Management

Our Purpose Mastercard powers economies and empowers people in 200 countries and territories worldwide. Together with our customers, we’re helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential. Title and Summary Manager, Risk Management Overview Who is Mastercard? Mastercard is a global technology company in the payments industry. Our mission is to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart, and accessible. Using secure data and networks, partnerships, and passion, our innovations and solutions help individuals, financial institutions, governments, and businesses realize their greatest potential. With connections across more than 210 countries and territories, we are building a sustainable world that unlocks priceless possibilities for all. Mission First, People Always Corporate Security is responsible for keeping Mastercard safe and secure from cyber and physical threats. We are a highly effective team protecting a major component of global payments infrastructure. Our Security Risk and Control Operations team is at the forefront of this effort in the “1st Line of Defense,” coordinating efforts across Corporate Security, enterprise risk management, and market-facing product teams to assess risks, implement controls to mitigate them, and provide assurance to regulators and stakeholders of Mastercard’s best-in-class performance in information security. Overview We are seeking a Lead Security Control Assessor to execute testing of security controls. You will perform quality control over documented control processes, shape control testing plans, review submitted evidence, evaluate control strength, and initiate findings of any shortfalls. As a member of an enterprise-wide risk management community of practice, you will also play a key role in maturing the control testing program through standardization, automation, and reporting that provides management visibility and supports regulatory/customer requirements (e.g., PCI DSS, SOC 1/SOC 2, ISO 27001). In this position, you will: Execute control testing (including design and operating effectiveness) across key security control domains such as access management, vulnerability management, logging/monitoring, encryption, incident response, etc. Evaluate evidence submitted by operators of security controls, rate effectiveness, and initiate findings as required. Facilitate remediation of control gaps by partnering with control owners, control operators, and security engineers to clarify requirements, remove blockers, agree on target dates, and escalate overdue or high-risk gaps through defined governance. Identify and communicate priorities for security control testing across the business, leveraging relationships with security control owners, knowledge of the risk environment, and awareness of metrics on control performance Participate in documentation of control testing procedures and drive enhancements of control testing tools. Support internal/external assessments and audits by coordinating evidence, leading walkthroughs of control design/testing approach, and addressing inquiries in partnership with compliance and audit teams. All About You The ideal candidate for this position has: Bachelor’s degree (or equivalent practical experience) in Information Security, Information Systems, Computer Science, or related field. Relevant certifications such as CISA, CISSP, Security+, PCI ISA, etc. 5–8 years of experience in 1st Line of Defense control testing, technology audit, risk & compliance, or security engineering with demonstrated ownership of testing/assurance outcomes. Strong ... (truncated, view full listing at source)