Senior Technology Risk Analyst

Our Purpose
Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we're helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.
Title and Summary
Senior Technology Risk Analyst
The Commercial & New Payment Flows Technology Risk team is seeking a Technology Risk Analyst II role. The role will be responsible for assessing the effectiveness of controls for the first line business, which is crucial for adhering to customer and regulatory mandates. In addition, the role would also include providing compliance support and monitoring and reporting on the ongoing operational efficacy of Mastercard's Technology control framework as well as performing data analysis and aggregation across other tech risk initiatives. . This role will be a pivotal component of the Mastercard Technology Regulatory Execution function.
Mastercard is committed to striking a balance between innovation and safeguarding its internal control posture. The team conducts assessments of internal controls to proactively identify risks, define remediation actions, and monitor remediation progress. We are seeking an individual to join our team and assist us in achieving these compliance objectives. This person will possess technical expertise, a propensity for problem-solving, and a drive to achieve outcomes.
Job Responsibilities
* Provide consultancy and central coordination for security and compliance activities, encompassing the implementation of ISO 27001, ISO 9001, and ISO 27701, as well as PCI standards within the organisation.
* Identify potential security risks and issues through control assessments and ensure their resolution within specified timelines.
* Establish and monitor remediation efforts both internally and externally until resolution, while simultaneously enhancing the design and operational efficiency of controls.
* Document the outcomes of assessments and prepare assessment reports for key stakeholders.
* Prepare compliance status reports and dashboards for key initiatives, plans, and audit tracking of current processes in accordance with management requirements.
* Data Aggregation & reporting for various risk & compliance activities in support of the larger risk management practices.
About You:
• Experience:
- Ideal experience working within digital and technology functions, preferably in a compliance role.
- Reasonable understanding of security and quality management frameworks such as ISO 27001/27002, ISO 9001, ISO 27701, and PCI.
- Bachelor's degree or equivalent combination of education and experience, or a Bachelor's degree in computer science, information technology, or a related field is preferred.
- One or more professional certifications like CISA or CISSP (desirable)
- Professional certifications ISO 27001, ISO 9001 Lead Auditor, and Implementer
- Reasonable understanding of information security domains and possesses a well-rounded technical background. Basic knowledge of infrastructure and application security would be desirable.
- Experience working on GRC tools like Archer would be a significant advantage.
- Excellent communication and problem-solving skills and able to collaborate across global team.
- Demonstrated experience in managing complex projects related to information security.
Ability to:
Review security architecture of applications and determine PCI/ISO relevance
Employ strong research skills and problem solving skills
Apply PCI/ISO standards to new and existing technologies
Identify and evaluate security gaps
Communicate business risk to stakeholders
Understand security findings (scanning/Pen test) and assess remediation strategy
Evaluate compensating controls
Conduct or facilitate meaningful meetings
Work in slightly chaotic, rapidly growing environment
Corporate Security Responsibility
All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:

• Abide by Mastercard's security policies and practices;
• Ensure the confidentiality and integrity of the information being accessed;
• Report any suspected information security violation or breach, and
• Complete all periodic mandatory security trainings in accordance with Mastercard's guidelines.