Lead Technology Risk Analyst - Tech Risk & Control Lifecycle

Our Purpose

Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.

Title and Summary

Lead Technology Risk Analyst - Tech Risk & Control Lifecycle

Overview:

TR&C is a business enabler and industry leader, empowering Mastercard to provide regulators, auditors, and customers with assurance of our strong practices around risk management, control best practices, data, operational resiliency, IT operations, and security. We provide governance, tools and frameworks to frontline programs to ensure a secure and resilient technology control environment— empowered by a multi-disciplinary team of top technology and risk professionals.
Our mission is to provide best-in-class: risk and control governance, methodology and best practices
• comprehensive risk assessments and audit/issue support
• frontline control testing and validation
• service level management across critical domains (i.e., change management, incident management)

We provide risk intelligence and analysis, and streamline and scale assurance activities through automation, reusability, and self-service.


Responsibilities:
o Execute product and infrastructure risk assessments in alignment with Mastercard’s Risk Management framework and industry best practices.
o Advise and assist with the implementation of technology and information security policies and strategies, promoting a culture of risk awareness and compliance.
o Support the optimization of technology risk and controls activities to demonstrate technology compliance across multiple markets, leveraging common elements and focusing on reusability.
o Identify opportunities within the risk management lifecycle for automation, leveraging existing service operations tools to drive efficiency and consistency across the business.
o Maintain and enhance templates used for risk management activities, such as risk assessments and risk and control self-attestations, based on industry best practices.
o Collaborate with technology partners - Engineering, Business Operations, Security Leads, and Risk Management teams to understand and translate technology and security risk management requirements, perform gap analysis, provide recommendations, and assist in developing remediation plans.
o Assist with the design and implementation of controls to demonstrate compliance with technology and security standards and associated control requirements, supporting remediation approaches to ensure tracking and closure of gaps.
o Evaluate the current state of controls in relation to industry best practices and Mastercard standards, providing recommendations to enhance controls maturity.
o Share best practices and leverage trend analysis to execute business and cross-functional strategies around managing obligations.
o Report on technology and security risk and compliance trends, assisting in risk treatment, including exception and escalation awareness.

Experience:
o Strong foundation of risk management fundamentals, lifecycle and processes (e.g., methods for identifying, assessing, treating, and monitoring risk).
o Prior experience executing Tech risk and control activities (e.g., RCSA, Internal/external audits, risk assessments, SOC2/ISO/PCI) in first, second or third line of defense
o Background in technology audit, risk management, technology operations, information systems management, information security management, etc.
o Strong knowledge of baseline technology and security processes, risks, and controls. Tech and Information Security control testing experience preferred
o Familiarity with technology/security frameworks and mechanisms (e.g., SOC 1, SOC 2, PCI-DSS, ISO 27001, COBIT, CRI).
o Understanding of regulatory technology and security risk management expectations.
o Knowledge of current and emerging technologies and their potential for exploitation.
o Experience collaborating cross-functionally and geographically to identify and implement best practice risk processes.
o Systematic problem-solving approach, coupled with strong communication skills and a sense of ownership to drive results.

Corporate Security Responsibility

All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:

• Abide by Mastercard’s security policies and practices;

• Ensure the confidentiality and integrity of the information being accessed;

• Report any suspected information security violation or breach, and

• Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.