Lead Technology Risk Analyst

Our Purpose

Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.

Title And Summary

Lead Technology Risk Analyst

Overview

Responsibilities include, but are not limited to, executing efforts in identifying control gaps, designing key control activities, monitoring such activities (via assessment and testing), and driving risk remediation within the Database Engineering platform team.

This is an exciting opportunity to be part of solving complex problems and working with great Mastercard technology leaders in operations and platforms. In this role youll combine your technical, risk, and control expertise with your keen eye for detail to assess, create, implement, and test robust control activities that fortify the Database Engineering team against threats and potential issues.

Role

• Conduct assessments and testing of IT controls and processes to identify deficiencies, deviations, and compliance gaps.
• Lead and perform IT and operational control walkthroughs to determine existing process controls and adherence to control framework.
• Consult with management in determining action items required for resolution of control issues, working directly with management as necessary
• Track and monitor management action plans to ensure sustainable resolution of control gaps
• Develop and update control and process documentation in support of complying with relevant standards, regulatory, industry, and customer expectations.
• Based on criticality and urgency, support remediation activities and link such activities back to monitor risk rating
• Partner with front line and second line technology risk management teams to ensure alignment on risk management methodology, practices, terminology, etc.
• Provide risk and control advice and education for the benefit of the organization, be a champion and advocate for strong risk management and governance controls, and partner with other control functions to strengthen our three lines of defence model
• Work with colleagues located both locally and in various offices around the world
  
  
  

All About You

• Technical Proficiency:
• Knowledge of IT general controls and related operations.
• Some experience in various Database technologies such as Oracle, SQL Server, Postgres and MongoDB environments.
• Understanding of IT security practices, PCI DSS compliance, and ISO 27001 standards
• Ability to both assess and test technology controls, vulnerabilities, and potential risks.
• General understanding of technology infrastructure.
• Risk Management Expertise:
• Experience in delivering technology risk assessments, testing and mitigation activities (e.g., understanding different steps in testing and how best to apply them).
• Demonstrated experience in both executing and leading technology risk and control assessment and testing activities as part of a larger team and as an individual contributor.
• General understanding of industry standards and regulatory requirements related to technology risk management (e.g., ISO 27001, NIST Cybersecurity Framework, CIS).
• Regulatory and Compliance Knowledge:
• Experience in developing, performing, and evaluating/assessing technology controls and testing/validation.
• Ability to align the organizations technology practices with legal and regulatory standards.
• Execution and Communication:
• Demonstrate strong execution skills, consistently meeting and exceeding team project deadlines, and goals both as an individual contributor and within a team dynamic.
• Demonstrate ability to work in a global team environment, ensuring tasks are completely, thoroughly and accurately executed.
• Strong analytical skills to identify potential risks, assess their potential impact, and devise effective mitigation strategies.
• Excellent communication skills to effectively convey technical concepts to both technical and non-technical stakeholders, including executive management.
• Ability to collaborate with cross-functional teams, including other technology, security, compliance, application / product teams, and business / regional teams.
• Qualifications (preferred but not required)
• Bachelors degree in Information Technology, Computer Science, or a related field.
• Experience in evaluating (assessing/testing) compliance with legal, regulatory, operational and IT requirements.
• Professional Certification or Designation (e.g., CISA, CIA, CISSP, or equivalent).
  
  
  

Corporate Security Responsibility

All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:

• Abide by Mastercard’s security policies and practices;
• Ensure the confidentiality and integrity of the information being accessed;
• Report any suspected information security violation or breach, and
• Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.

---