Director, Technology Risk Management

Spectrum • O’Fallon, MO, United States • $200k - $250k / year • 1m ago

Our Purpose

We work to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments and businesses realize their greatest potential. Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. We cultivate a culture of inclusion for all employees that respects their individual strengths, views, and experiences. We believe that our differences enable us to be a better team – one that makes better decisions, drives innovation and delivers better business results.

Title and Summary

The Mastercard Technology Risk Team is looking for a Director to implement and lead a global Access Center of Excellence (COE) team. The Access COE will support an assurance and controls program that assesses various access requirements to meet customer and regulatory obligations for Mastercard. This role is a pivotal part of the Mastercard technology risk function and supports Mastercard's commitment to balancing innovation while protecting the internal control posture. Focus will be on providing compliance support, monitoring, and reporting of the ongoing operating effectiveness of the access internal control environment. The role will lead a team that assesses internal controls to proactively identify risks, define remediation actions and track remediation efforts. The Access COE will also centralize second line program support, building access management expertise and creating global standardized testing and monitoring processes in support of global assurance and compliance obligations.

The ideal candidate will have the ability to lead and act both strategically and tactically while ensuring that the corporation remains compliant with required security, technology, and financial standards, as well as industry best practices.

Responsibilities

Implement and lead an Access COE assurance program, supporting Technology Assurance Control teams and strategic initiatives related to access (e.g. generic IDs, out of band, locally managed access, etc.)
Engage with internal partners on existing and new control frameworks, ensuring needs and expectations over services are met for various assurance obligations (e.g., SOC1, SOC2, ISAE 3402, ISAE 3000, ISO 27001, PCI/DSS, etc.)
Partner closely with Mastercard Access Management team across global assurance obligations, supporting an Audit Once, Apply Many strategy
Engage with external auditors to test the control framework to ensure objectives are met and risk is managed effectively
Oversee control assessments of various operational and business areas to assess potential risks or control gaps, ensuring team partners with Access Management team to remediation
Create and operationalize scalable Access COE processes, utilizing tools like AuditBoard and Aha
Report formally on the results of assurance/certification objectives, controls, and risk assessments
Develop and maintain reports, metrics and presentations of progress and results for meetings with senior leadership, customers and regulators
Manage a team, conduct goal setting and performance appraisal processes, identify and coach top talent

Experiences

Demonstrated ability to lead a global team with a focus on employee development and feedback
Experience growing and motivating teams; coach employees through career milestones and progression
Experience with control frameworks (e.g., SOC1, SOC2, ISAE 3402/3000, etc.)
Bachelor’s degree or equivalent combination of education and experience/Bachelor’s degree in computer science, information technology or related field preferred
Strong interpersonal, communication and presentation skills necessary for interaction with business leaders and teams across all levels of the organization
Professional certification like CISSP/CISA/CRISC/CIPP or similar, a plus
Create a work environment that encourages knowledge of, respect for, and the development of skills to engage with those of other cultures and backgrounds
Familiarity with the financial services industry and payment processing industry, a plus

Corporate Security Responsibility

All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:

Abide by Mastercard’s security policies and practices;
Ensure the confidentiality and integrity of the information being accessed;
Report any suspected information security violation or breach, and;
Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.