Director Risk Management

Posted 5 hours 15 minutes ago by MasterCard

Permanent
Not Specified
Other
London, United Kingdom
Job Description

time left to apply End Date: December 26, 2024 (26 days left to apply)

job requisition id R-235359

Our Purpose

Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we're helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart, and accessible. Our technology and innovation, partnerships, and networks combine to deliver a unique set of products and services that help people, businesses, and governments realize their greatest potential.

Title and Summary

Director Risk Management

OVERVIEW:

The ONE ("The Operations, Network, and Employee Digital Experience teams focus on the underpinning platforms that power our Network and the employees that serve it") Risk and Control team is a newly formed group focused on establishing both foundational and transformational risk management practice at Mastercard Technology. Responsibilities include, but are not limited to, leading efforts in support of Technology partners with identifying control gaps, designing key control activities, monitoring such activities, and driving risk remediation with TeamONE platform and program owners.

This is an exciting opportunity to be in a leadership role, taking part in solving complex problems and working with great Mastercard technology leaders in operations and platforms. This highly visible role will focus on proactively identifying, monitoring, and managing technology risks to protect Mastercard Technology and our customers.

In this role, you will combine your technical, risk, control, and leadership expertise with your keen eye for detail to create and implement robust control activities that fortify TeamONE against threats and potential issues. If you are ready to be at the forefront of technological risk management, we invite you to bring your risk management and leadership skills to our innovative and collaborative environment.

ROLE:

  1. Lead the assessments of IT controls and processes to identify deficiencies, deviations, and compliance gaps.
  2. Lead and perform IT and operational control walkthroughs to determine existing process controls and adherence to control framework for the following key control areas: Patch Management, End-of-Life/End-of-Support, Access Management, Configuration Management, Disaster Recovery, Asset Tagging and Inventory Accuracy and Completeness, Logging and Monitoring, and Change Management.
  3. Within each assigned project, understand specific risks (e.g., strategic, operational, financial, legal, regulatory, technology, other) and business requirements. Lead the development of control activity documentation in a qualitative and timely manner. Evaluate compliance with relevant policies, procedures, and requirements, assess controls design adequacy and operating effectiveness, and identify controls gaps and improvement opportunities. Lead the development of draft reportable issues for validation with management and understand related risk, impact, and root cause. Partner with management to develop action plans that remediate gaps identified in a sustainable manner. Track, monitor, and validate the completion of action plans by management.
  4. Lead efforts to support the development and updating of control and process documentation, and relevant standards.
  5. Based on criticality and urgency, support remediation activities and link such activities back to monitor risk rating.
  6. Partner with first and second-line risk management teams for all risk-related functions to ensure alignment on risk management methodology, practices, terminology, etc.

ALL ABOUT YOU:

  1. Technical Proficiency:
    • Demonstrate abilities in leading technology risk and control assessment and implementation activities.
    • Knowledge of IT general controls and related operations.
    • Experience in Mainframe, Oracle, SQL, Unix/Linux, HP Nonstop, and/or Windows environments.
    • Knowledge of cybersecurity principles, best practices, and threat landscape.
    • Ability to both lead and assess technology controls, vulnerabilities, and potential risks.
    • General understanding of technology infrastructure.
    • Background in technology audit, risk management, technology operations, information systems management, information security management, regulatory engagement, etc.
  2. Risk Management Expertise:
    • Strong knowledge of the risk management lifecycle and processes (e.g., methods for identifying, assessing, treating, and monitoring risk).
    • Leadership experience with developing, implementing, and delivering technology risk assessment and mitigation approaches.
    • Leadership experience in developing and implementing technology risk management frameworks and strategies.
    • Strong understanding of industry standards and regulatory requirements related to technology risk management (e.g., SOC 1, SOC 2, ISO 27001, PCI-DSS, COBIT, NIST Cybersecurity Framework).
  3. Regulatory and Compliance Knowledge:
    • Experience with regulatory technology and security risk management expectations.
    • Leadership experience in developing, performing, and evaluating IT internal controls and testing.
    • Demonstrate ability to align the organization's technology practices with legal and regulatory standards.
  4. Execution and Communication:
    • Demonstrate strong leadership and execution skills, consistently meeting and exceeding team project deadlines and goals.
    • Demonstrate ability to work as a leader, independently and in a team environment, ensuring tasks are completed thoroughly and accurately.
    • Exceptional attention to detail with a keen ability to identify errors or discrepancies in processes or documentation.
    • Strong analytical skills to identify potential risks, assess their potential impact, and devise effective mitigation strategies.
    • Excellent communication skills to effectively convey technical concepts to both technical and non-technical stakeholders, including executive management.
    • Ability to lead and collaborate with cross-functional teams, including other technology, security, compliance, application/product teams, and business/regional teams.

Qualifications (preferred but not required):

  • Bachelor's degree in Information Technology, Computer Science, or a related field.
  • Experience in leading evaluations assessing compliance with legal, regulatory, operational, and IT requirements.
  • Professional Certification or Designation (e.g., CISA, CIA, CISSP, or equivalent).
  • Experience in payment ecosystems.
  • Ability to travel up to 10%.

Corporate Security Responsibility

All activities involving access to Mastercard assets, information, and networks come with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:

  • Abide by Mastercard's security policies and practices;
  • Ensure the confidentiality and integrity of the information being accessed;
  • Report any suspected information security violation or breach;
  • Complete all periodic mandatory security trainings in accordance with Mastercard's guidelines.
About Us

Everyone wants easier ways to pay; we invent them.

Checkout lines are slow; we speed them along.

Merchants want more sales; we give them data and insights.

People need financial access; we connect them.

Corporate purchasing is complicated; we make it simple.

Commuters are busy; we speed them on their way.

We help create them.

Small businesses are virtual; we give them access to a world of buyers.