Director, Technology Risk

Our Purpose
Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we're helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.
Title and Summary
Director, Technology Risk
Director, Second Line of Defence - Technology Risk
Who is Mastercard?
Mastercard is a global technology company in the payments industry. Our mission is to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart, and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments, and businesses realize their greatest potential.
Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. With connections across more than 210 countries and territories, we are building a sustainable world that unlocks priceless possibilities for all.
Overview
The Technology Risk team is looking for a Director, Technology Risk, who will be responsible for providing independent Second Line technology risk oversight of Mastercard's International Markets and maintaining a robust technology risk management framework for the Company. The ideal candidate is passionate about risk, technology and security controls and has experience working autonomously and in a global environment. The role will report to the Vice President, Technology Risk, who leads the Framework and Markets Oversight team.
The role will partner closely with the other technology risk teams as well as with other risk functions (e.g., Enterprise Risk Management, Operational Risk and Controls). The role will engage directly with several key stakeholder groups across the organization, including the First Line of Defence technology risk, regional technology and security teams as well as regulatory affairs in support of regulatory engagements.
Role
Technology Risk Oversight:
Provides independent Second Line oversight and constructive review of regional operational resilience and security risks, technology product and security risk assessments and risk assessments related to material product / technology changes and significant third-party or outsourcing arrangements.
Provides Second Line oversight across key technology control areas in support of regional governance, including reviewing control design, assessing operating effectiveness, and examining control testing results and assurance outcomes. Escalates and monitors material control deficiencies / remediation delays and risk acceptance items where residual risk exceeds tolerance until closure.
Oversees the development of technology and security risk metrics, ensuring they are meaningful and outcomes focused, and aligned with approved risk appetite and tolerance thresholds.
Ensures technology teams develop a regionally relevant strategy and policies / standards, supporting risk reduction and promoting the implementation of robust IT and security controls.
Risk Management and Control Framework:
Support the creation and evolution of a robust technology risk framework in line with the Enterprise Risk Management framework and the Operational Risk Framework and ensure its regional adoption. This includes developing policies, standards, procedures and / or guidelines setting out Second Line expectations of the First Line.
Review and support local technology risk processes, ensuring its alignment with the Group technology risk framework and its alignment with local regulatory needs.
Provides support and validation of the global technology control framework in coordination with Group First Line of Defence Technology and Security Risk teams.
Technology Risk Governance:
Acts as the Technology Risk representative at regional governance forums, risk committees, and senior management discussions, providing clear, evidence-based insights to support effective decision making.
Reviews the effectiveness of technology risk reporting inclusive of technology key risk indicators and risk acceptance to management and governance committees and promotes alignment with Group standards.
Regulatory Engagement:
Supports regulatory examinations where required, on matters related to technology and security risk and controls, and reviews and supports other technology related submissions to regulatory authorities.
Maintains awareness of evolving regulatory and supervisory expectations related to technology risk, cyber security, operational resilience, and third-party risk.
All About You:
Proven experience collaborating with cross functional and global teams, managing multiple stakeholders, and navigating various regulatory environments.
Ability to manage multiple priorities, deliverables, and initiatives simultaneously in a fast-paced environment.
Preferably some experience in First and Or Second Line of Defence risk roles, providing independent oversight
Proactive and curious mindset, with the ability to engage broadly across the business while maintaining focus on core responsibilities.
Experience advocating for policy and procedure enhancements when necessary.
Strong ability to identify opportunities for improvement and driving continuous enhancement.
Familiarity with enterprise risk and control frameworks such as ISO, NIST CSF, COBIT, CRI, FAIR or other equivalent International standards.
Experience working with, and presenting to, senior management and governance forums, including executive level and Board adjacent committees.
Excellent verbal and written communication abilities, with the ability to translate complex technology risk topics into concise, executive ready messaging.
Mastercard is a merit-based, inclusive, equal opportunity employer that considers applicants without regard to gender, gender identity, sexual orientation, race, ethnicity, disabled or veteran status, or any other characteristic protected by law. We hire the most qualified candidate for the role. In the US or Canada, if you require accommodations or assistance to complete the online application process or during the recruitment process, please contact [email protected] and identify the type of accommodation or assistance you are requesting. Do not include any medical or health information in this email. The Reasonable Accommodations team will respond to your email promptly.
Corporate Security Responsibility
All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:

• Abide by Mastercard's security policies and practices;
• Ensure the confidentiality and integrity of the information being accessed;
• Report any suspected information security violation or breach, and
• Complete all periodic mandatory security trainings in accordance with Mastercard's guidelines.

In line with Mastercard's total compensation philosophy and assuming that the job will be performed in the US, the successful candidate will be offered a competitive base salary and may be eligible for an annual bonus or commissions depending on the role. The base salary offered may vary depending on multiple factors, including but not limited to location, job-related knowledge, skills, and experience. Mastercard benefits for full time (and certain part time) employees generally include: insurance (including medical, prescription drug, dental, vision, disability, life insurance); flexible spending account and health savings account; paid leaves (including 16 weeks of new parent leave and up to 20 days of bereavement leave); 80 hours of Paid Sick and Safe Time, 25 days of vacation time and 5 personal days, pro-rated based on date of hire; 10 annual paid U.S. observed holidays; 401k with a best-in-class company match; deferred compensation for eligible roles; fitness reimbursement or on-site fitness facilities; eligibility for tuition reimbursement; and many more. Mastercard benefits for interns generally include: 56 hours of Paid Sick and Safe Time; jury duty leave; and on-site fitness facilities in some locations.
Pay Ranges
Purchase, New York: $163,000 - $269,000 USD