Be an Early Applicant
We are a global technology company in the payments industry.
The Role
The Risk Assurance Manager will lead IT and security risk assurance projects, evaluate compliance with frameworks, and collaborate with stakeholders to improve risk management processes.
Summary Generated by Built In
Our Purpose
Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we're helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.
Title and Summary
Risk Assurance Manager, Second Line Risk Assurance
Overview
The Vocalink 2nd Line Risk Assurance team is seeking an IT and Security Risk Assurance Manager to provide independent and objective assurance and advisory services that assess and enhance the effectiveness of Vocalink's governance, risk management, and internal control environment.
This is an individual contributor role that may lead projects and influence stakeholders but does not have direct people management responsibilities. You will plan and execute IT, Security, and operational assurance projects, support risk assessments, and contribute to the annual Risk and Control Assurance plan.
You will also lead delivery of external and internal audits (e.g., ISAE 3000, ISO 27001, ISO 22301) and provide credible challenge to stakeholders across the business.
Role Responsibilities• Lead and execute assurance projects end-to-end, from planning through fieldwork to reporting, ensuring clarity of scope, timely delivery, and high-quality outcomes.• Contribute to the annual risk assessment process and development of the 2nd Line Risk and Control Assurance plan.• Evaluate compliance against legal, regulatory, policy, and industry frameworks (e.g., NIST, COBIT, COSO, ISO).• Assess design and operating effectiveness of controls through inquiry, observation, and testing.• Identify, draft, and validate issues with business partners, articulating impact, root cause, and risk severity.• Collaborate with issue owners to develop sustainable remediation actions; monitor progress and validate closure.• Provide credible check and challenge to 1st Line stakeholders and influence risk/control improvements.• Liaise with external auditors and internal teams to support audits and ensure fair presentation of the control environment.• Perform internal audits of ISO 27001 and ISO 22301, identifying areas for improvement and validating corrective actions.• Deliver independent attestations to meet UK payment scheme and client requirements.
What Success Looks Like• You create value by innovating and improving assurance processes, delivering scalable solutions that strengthen risk management.• You grow together by collaborating across teams, inviting diverse perspectives, and helping colleagues succeed.• You move fast by prioritizing what matters, adapting quickly to new information, and owning outcomes with accountability.
All About You• Experience in Technology Risk Management (1st or 2nd Line of Defence, internal/external audit) or equivalent experience in a large, regulated organization.• Strong understanding of IT general controls, information security frameworks, and risk methodologies.• Experience performing ISAE 3000, SOC, and SOX testing of internal controls.• Ability to lead projects and influence stakeholders without direct people management responsibilities.• Excellent written and verbal communication skills; able to communicate with candor and care.• Professional certifications (e.g., CISA, CISM, CISSP, ISO 27001 Lead Auditor) preferred.• Self-starter with ability to work independently and collaboratively.
Corporate Security Responsibility
All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:
Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we're helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.
Title and Summary
Risk Assurance Manager, Second Line Risk Assurance
Overview
The Vocalink 2nd Line Risk Assurance team is seeking an IT and Security Risk Assurance Manager to provide independent and objective assurance and advisory services that assess and enhance the effectiveness of Vocalink's governance, risk management, and internal control environment.
This is an individual contributor role that may lead projects and influence stakeholders but does not have direct people management responsibilities. You will plan and execute IT, Security, and operational assurance projects, support risk assessments, and contribute to the annual Risk and Control Assurance plan.
You will also lead delivery of external and internal audits (e.g., ISAE 3000, ISO 27001, ISO 22301) and provide credible challenge to stakeholders across the business.
Role Responsibilities• Lead and execute assurance projects end-to-end, from planning through fieldwork to reporting, ensuring clarity of scope, timely delivery, and high-quality outcomes.• Contribute to the annual risk assessment process and development of the 2nd Line Risk and Control Assurance plan.• Evaluate compliance against legal, regulatory, policy, and industry frameworks (e.g., NIST, COBIT, COSO, ISO).• Assess design and operating effectiveness of controls through inquiry, observation, and testing.• Identify, draft, and validate issues with business partners, articulating impact, root cause, and risk severity.• Collaborate with issue owners to develop sustainable remediation actions; monitor progress and validate closure.• Provide credible check and challenge to 1st Line stakeholders and influence risk/control improvements.• Liaise with external auditors and internal teams to support audits and ensure fair presentation of the control environment.• Perform internal audits of ISO 27001 and ISO 22301, identifying areas for improvement and validating corrective actions.• Deliver independent attestations to meet UK payment scheme and client requirements.
What Success Looks Like• You create value by innovating and improving assurance processes, delivering scalable solutions that strengthen risk management.• You grow together by collaborating across teams, inviting diverse perspectives, and helping colleagues succeed.• You move fast by prioritizing what matters, adapting quickly to new information, and owning outcomes with accountability.
All About You• Experience in Technology Risk Management (1st or 2nd Line of Defence, internal/external audit) or equivalent experience in a large, regulated organization.• Strong understanding of IT general controls, information security frameworks, and risk methodologies.• Experience performing ISAE 3000, SOC, and SOX testing of internal controls.• Ability to lead projects and influence stakeholders without direct people management responsibilities.• Excellent written and verbal communication skills; able to communicate with candor and care.• Professional certifications (e.g., CISA, CISM, CISSP, ISO 27001 Lead Auditor) preferred.• Self-starter with ability to work independently and collaboratively.
Corporate Security Responsibility
All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:
- Abide by Mastercard's security policies and practices;
- Ensure the confidentiality and integrity of the information being accessed;
- Report any suspected information security violation or breach, and
- Complete all periodic mandatory security trainings in accordance with Mastercard's guidelines.
Top Skills
Cobit
Coso
Isae 3000
Iso 22301
Iso 27001
Nist
Am I A Good Fit?
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.
Success! Refresh the page to see how your skills align with this role.
The Company
What We Do
Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re building a resilient economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.
Why Work With Us
We live the Mastercard Way: creating value in the communities we touch, growing together through the opportunities we see, and moving fast to innovate and scale. Our collaborative culture and our passionate people are the key to what we do, driving meaningful change as one team and connecting everyone to priceless possibilities.
Gallery
Mastercard Teams
Technology
About our Teams
Mastercard Offices
Hybrid Workspace
Employees engage in a combination of remote and on-site work.
In our ongoing workplace evolution, we’ve introduced hybrid work, Work-From-Elsewhere Weeks and Meeting-Free Days.
Typical time on-site:
3 days a week
Purchase, NY
SG
Arlington, VA
Atlanta, GA
Bogotá, CO
Boston, MA
Chicago, IL
Dublin, Dublin
Gurugram, Gurugram
London, GB
Miami, FL
Mumbai, Maharashtra
New York, NY
O'Fallon, MO
Pune, Maharashtra
Ramat Gan, IL
Saint Leonards, St Leonards
San Francisco, CA
São Paulo, SP
Seattle, WA
Toronto, Ontario
Vancouver, BC
Learn more
