Director, Assurance Lead (Europe)

Our Purpose

We work to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments and businesses realize their greatest potential. Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. We cultivate a culture of inclusion for all employees that respects their individual strengths, views, and experiences. We believe that our differences enable us to be a better team – one that makes better decisions, drives innovation and delivers better business results.

Job Title

• Help build and manage Technology Risk Management market engagement model in Europe (i.e., core and regulated businesses); future expectation to implement model globally
• Engage with customers to develop control frameworks to ensure needs and expectations over service assurance is met for various certifications (e.g., PCI, ISO, ISAEs)
• Engage with the auditors to develop, mature, and then test the control framework to ensure objectives are met and risk is managed effectively
• Communicate security risks and gaps as related to or identified by control frameworks (PCI, ISO, etc.) to stakeholders and executive management
• Support the development of efficiencies that new work-flow processes to ensure scalability and sustainability of the control programs
• Develop, plan, and execute control assessments of various operational and business areas to assess potential risks or control gaps
• Establish and track remediation internally and externally through to resolution whilst improving design and operational effectiveness of controls
• Develop and manage risk processes, including identifying and implementing best practices and ensuring all processes are documented, reviewed and updated regularly
• Manage internal control inquiries from both internal and external stakeholders
• Advise business owners in determining strategy and implementing policies and procedures to minimize risk exposure and drive proper controls
• Supports leadership, leveraging subject matter expertise regarding PCI and vendor management principles, generally accepted industry (regulatory) standards and internal control concepts
• Supports leadership, leveraging a solid understanding of industry audit and compliance standards and internal control concepts and principles, risks and regulations
• Manages cross-functional initiatives to deliver on risk goals, policies and procedures
• Facilitate periodic customer and regulator meetings and reporting
• Manages collaborative working relationships with stakeholders at the regional or local level
• Liaises with business partners to develop, manage and document best practices for risk processes
• Understand and Advocate the Technology risk strategies that maintain the status of industry compliance standards (e.g., PCI, SOC, ISO, PFMI) for applications that process, store or transfer credit card information and the enterprise infrastructure where they reside

• Experience successfully implementing control frameworks e.g., ISO 27001, PCI DSS, and ISAE 3000
• Strong interpersonal, communication and presentation skills necessary for interaction with business leaders and teams across all levels of the organization
• Must have a professional certification like CISSP/CISA/CRISC or similar
• Contribute to work environment that encourages knowledge of, respect for and development of skills to engage with those of other cultures and backgrounds.
• Strong negotiation and consensus building skills
• Familiarity with the financial services industry and payment processing industry, a plus.
• Experience managing complex cross-functional projects
• Experience collaborating cross-functionally to identify and implement best practice risk processes
• Experience delivering presentations and engaging with senior leadership
• Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and IT management (e.g., GDPR, FBA, CBA, PFMI, etc.)
• Strong IT technical knowledge, including emerging technologies and potential for exploitation

Due to COVID-19, most of our employees are working from home. We’ve implemented a virtual hiring process and continue to interview candidates by phone or video and are onboarding new hires remotely. We value the safety of each member of our community because we know we’re all in this together.

Mastercard is an inclusive Equal Employment Opportunity employer that considers applicants without regard to gender, gender identity, sexual orientation, race, ethnicity, disabled or veteran status, or any other characteristic protected by law.

If you require accommodations or assistance to complete the online application process, please contactreasonable.accommodation@mastercard.comand identify the type of accommodation or assistance you are requesting. Do not include any medical or health information in this email. The Reasonable Accommodations team will respond to your email promptly.

Corporate Security Responsibility

Every person working for, or on behalf of, Mastercard is responsible for information security. All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and therefore, it is expected that the successful candidate for this position must:

• Abide by Mastercard’s security policies and practices;
• Ensure the confidentiality and integrity of the information being accessed;
• Report any suspected information security violation or breach, and
• Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.