Our Purpose

Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.

Title and Summary

Principal Technology Risk Management:

Overview:

The Vocalink Security team is looking for a Principal, Technology Risk Management to drive maturity of internal cybersecurity governance processes. This includes supporting business decisioning through robust risk management practices, including management of cybersecurity policies, standards and controls across the Vocalink business and helping drive timely response to, and remediation of, control weaknesses and deviations to policies.

Business Outcomes

The role will ensure security policies and controls are kept up to date as the business expands, and that they remain fit for purpose as processes and technologies change.
The role will also be responsible for undertaking risk assessments that clearly articulate the cybersecurity risks faced by the business, in order to inform business decisions and outcomes.

Role

Lead on the creation and maintenance of all Vocalink cybersecurity policies and standards.
Support control owners with the management of controls to address cybersecurity risk, ensuring alignment with adopted industry frameworks, corporate Mastercard policies, and regulatory & contractual obligations.
Ensure policies and standards are appropriately communicated across the business to ensure adoption.
Oversee deviations to policies and standards, ensuring policy owners are able to balance associated risks against business benefits. Identify, assess, monitor and manage cybersecurity risks across the business, enabling the business to make informed decisions which balance business objectives against risk appetite.
Perform risk assessments to support prioritisation of key cybersecurity initiatives, and subsequently to provide assurance that desired risk reductions have been realised.
Track management action plans to address control issues and deliver associated management reporting to senior stakeholders.
Support the enhancement of Security Governance, Risk and Compliance (GRC) reporting, including cybersecurity KRIs/KCIs/KPIs, to support oversight of policy adoption and risk treatment activities.
Respond to customer due diligence queries and questionnaires in a timely manner, as requested from time to time.
Supports leadership, leveraging a solid understanding of industry audit and compliance standards and internal control concepts and principles, risks and regulations.
Manage cross-functional initiatives to deliver on risk and framework goals, policies and procedures.

All About You:

Understanding of Security GRC roles and responsibilities. Experience of creating, developing and enhancing security policies to ensure they stay up-to-date and meet all business requirements.
Understanding of a broad range of industry frameworks and standards including ISO 27001, PCI DSS and Cyber Risk Institute Profile / NIST requirements.
Robust experience of implementing security risk management best practices and methods, along with compiling and reporting cybersecurity risks and control effectiveness.
Experience of working with internal and external audit teams.
Experience in using IBM Openpages and RSA Archer GRC solutions desirable.
Security-focused analytical skills to support risk and control assessments.
Ability to work autonomously taking personal accountability for deliverables.
Ability to work as part of a team.
Ability to influence and motivate others to achieve security objectives.
Good communication skills, in written and verbal form.
Diligent and thorough approach to problem solving.
Ability to resolve varied and complex compliance issues.
Experience delivering presentations and engaging with senior leadership.
Experience growing and motivating a team and coaching members through career milestones and progression.

Corporate Security Responsibility

All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:

• Abide by Mastercard’s security policies and practices;

• Ensure the confidentiality and integrity of the information being accessed;

• Report any suspected information security violation or breach, and

• Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.