Job Title:

Director, Technology Risk Management

Overview:

Overview: The Payment Gateway Team is seeking a Principal, Technology Risk Management to lead and build our strategy for designing and implementing assurance requirements to meet customer and regulatory expectations regarding security and availability risk and controls via assurance products such as SOC 2. The individual will coordinate and advise management to ensure customer and regulatory obligations are considered for the Payment Gateway Service. The individual will be responsible for reviewing and analyzing strategic plans and identifying risk and controls required to meet Mastercard policies and standards and apply the design of relevant risk and control assessments that meet our assessment obligations.
Key Responsibilities:
• Lead the development of strategy, objectives, and action plans for assurance obligations.
• Conduct multi-stakeholder meetings and participate in senior-level discussions.
• Engage with internal and external stakeholders, and customers
• Plan and manage multiple initiatives and projects.
• Maintain a deep understanding of the business domain and assurance obligations to shape successful execution plans.
• Recognize complexity within the program and propose simplified solutions.
• Assist stakeholders in making trade-off decisions by considering all data, including business goals, technical platform strategy, customer experience, and maintainability, with a relentless focus on the customer.
• Ensure ongoing compliance with statutory and regulatory requirements, anticipate future legislation, enforce adherence to requirements, and advise management on needed actions.
• Identify, collect, synthesize, and communicate risks and blockers concisely, accurately, and professionally for senior leadership to ensure alignment.
• Regularly define and review key success metrics for data-focused tracking and proactively seek out new and improved mechanisms for visibility, ensuring the program stays aligned with organizational objectives.
• Conduct risk assessments to identify potential security and availability risks and advise on the design and governance of controls to mitigate these risks.

About You:
• Bachelor's degree or equivalent combination of education and experience; a degree in computer science, information technology, or a related field is preferred.
• Professional certification like CISSP, CISA, CRISC, CIPP, or similar is a plus.
• Strong knowledge of IT general computer controls and related operations.
• Experience with control frameworks (e.g., SOC1, SOC2, ISAE3402/3000, ISO27001, GDPR).
• Strong interpersonal, communication, and presentation skills necessary for interaction with business leaders and teams across all levels of the organization.
• Strong negotiation and consensus-building skills.
• Previous experience in significant process improvements, with the ability to meet project deliverables.
• Contribute to a work environment that encourages knowledge of, respect for, and the development of skills to engage with those of other cultures and backgrounds.