Job Descrption
Our Purpose
We work to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments and businesses realize their greatest potential. Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. We cultivate a culture of inclusion for all employees that respects their individual strengths, views, and experiences. We believe that our differences enable us to be a better team – one that makes better decisions, drives innovation and delivers better business results.
Title and Summary
Director, Technology Risk Management
Responsibilities
The Security Compliance Senior Analyst will be responsible for designing, implementing and running security compliance programmes across the Vocalink UK business. This will involve being responsible for designing compliance programmes to confirm that controls are designed effectively (i.e. they mitigate the intended risk(s)), they are implemented correctly and they are operating effectively. The role will own the responsibility for all security compliance reporting. The role will also be responsible for technology innovation in controls monitoring.
Business Outcomes
To ensure security controls are suitably designed, implemented and operating effectively in order to identify security risks and issues so that they are managed correctly. This will also support ISO27001, PCI DSS and ISAE3000 compliance.
Key Tasks
• Lead all Security Compliance processes.
• Lead and maintain security compliance reporting including compliance metrics.
• Design, implement and run security compliance programmes against a range of frameworks.
• Perform risk and control assessments.
• Security compliance management in respect of the assessment and validation of Vocalink controls for both internal and external assessments against PCI DSS, ISO27001 and other security-related standards.
• Support the update of security policies to drive a robust security controls framework.
• Provide expertise in the identification of security risks and ensure they are assessed and reported.
• Hold collaborative working relationships with security control owners across the business.
Key Experience
• Understanding of Security Governance, Risk and Compliance roles and responsibilities.
• Understanding of ISO 27001 and PCI DSS requirements.
• Understanding of Information Security best practice.
• Understanding of security risk assessment and management techniques and methods.
• Ability to conduct security audits.
• Knowledge of ISMS, policies and procedures
• Broad knowledge on all areas of security.
• Ability to work autonomously with accountability.
• Ability to work as part of a team.
• Ability to influence and motivate others to achieve security objectives.
• Security-focused analytical skills.
• Communication skills, including report writing and telephone work.
• Diligent and thorough approach to problem solving.
• Ability to resolve varied and complex compliance issues.
Role specific Experiences
• Experience running security compliance programmes.
• Experience performing a range of different types of risk assessments.
• Experience resolving compliance challenges and implementing best practice compliance processes.
• Experience performing security audits and security risk assessments.
• Experience performing data analytics to support different approaches to compliance.
• Experience of working with internal and external audit teams.
Broadening Experiences
• Experience of a broad range of compliance technologies and toolsets.
• Experience delivering presentations and engaging with senior leadership.
• Experience growing and motivating a team; coaches members through career milestones and progression.
Corporate Security Responsibility
All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:
Abide by Mastercard’s security policies and practices;
Ensure the confidentiality and integrity of the information being accessed;
Report any suspected information security violation or breach, and
Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.
Your CV has been submitted successfully.