Director, Technology Risk and Control Framework (2LoD)

and experience in Security and Operational risk approaches such as FAIR / RCSA / ISO31000 and of industry control standards such as Cyber Risk Institute Profile, NIST CSF, Unified Control Framework and SOC1/2. The role also requires knowledge of risk management expectations of payment industry regulators globally.

Role:
• Lead the 2LoD implementation / co-ordination of a Technology Control Framework based on the UCF and CRI Profile
• Deliver control sample testing on critical services or key business units leveraging industry best practices to assess control design and effectiveness
• Driver the establishment of a 1LoD Control Library that aligns to a co-ordinated Technology Control Framework
• Represent Technology Risk in relevant governance committees and facilitate the effectiveness of technology risk forums in supporting decision making
• Support the integration of the control framework into the technology risk assessment program for Mastercard
• Leverage industry standards to support the analysis of how controls affect risk i.e. via the FAIR CAM industry standard
• Align the Technology Control Framework to support decision making against the Mastercard Risk Appetite Framework inclusive of risk objectives and measurable tolerances.
• Manages collaborative working relationships with stakeholders at the regional or local level
• Support the development of risk processes that implement best practices and ensure all processes are documented, reviewed and updated regularly
• Co-ordinate the maintenance of risk registers, control libraries and issue management processes in order to support the monitoring and reporting of material risks

All About You:
Experience
Required
• Experience delivering control testing and assurance reviews
• Experience delivering presentations and engaging with senior leadership
• Experience managing the Technology risk strategies that maintain the status of industry compliance standards (e.g. CRI Profile, ISAE 3402, SOC, CPMI IOSCO etc)
• Experience engaging with banking and payment industry regulators and an understanding of their requirements in relation to risk management and assurance

Nice to have
• Experience with the FAIR Methodology and FAIR CAM
• Experience leveraging GRC tools
• Experience with regulatory and industry best practice and standards such as ISO 27001, PCI DSS, GLBA and CRI Profile, NIST CSF

Qualifications and Skills
Required
• Business Degree (or equivalent) in a relevant field to risk management
• Very strong knowledge of Risk Management best practice
• Knowledge of Risk Assessment methodologies such as RCSA (Risk Control Self Assessment) and control assurance approaches
• Systematic problem-solving approach, coupled with strong communication skills and a sense of ownership and drive.
Nice to have
• Masters Risk Management
• Strong IT technical knowledge or knowledge of payment systems
• Project Management Skills
• Knowledge of Quantitative Risk Approaches (i.e. Monte Carlo Simulation)

Mastercard is an inclusive equal opportunity employer that considers applicants without regard to gender, gender identity, sexual orientation, race, ethnicity, disabled or veteran status, or any other characteristic protected by law. In the US or Canada, if you require accommodations or assistance to complete the online application process or during the recruitment process, please contact [email protected] and identify the type of accommodation or assistance you are requesting. Do not include any medical or health information in this email. The Reasonable Accommodations team will respond to your email promptly.

Corporate Security Responsibility

All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:

• Abide by Mastercard's security policies and practices;
• Ensure the confidentiality and integrity of the information being accessed;
• Report any suspected information security violation or breach, and
• Complete all periodic mandatory security trainings in accordance with Mastercard's guidelines.