Job Title:

Risk Analyst, Technology Regulatory Relations and Market Compliance

Overview:

Overview
The Technology Regulatory Relations and Market Compliance (RRMC) organization is a business enabler and industry leader of technology and security risk management practices, supported by a multi-disciplinary team of top security, technology, and risk professionals. Our mission is to exceed stakeholder expectations by providing enhanced visibility and proactive management of technology risks and ensuring strong security and sound operational environment.
The team is responsible for working with, and demonstrating to, our stakeholders (e.g., regulators, customers, Mastercard businesses) how Mastercard complies with our security and technology promises, commitments, and obligations. As the Asia Pacific region is gaining much scrutiny across the regulators, a strong risk management program is required to meet new and existing obligations, including audits of security processes and controls, tokenization practices and data localization compliance.
Responsibilities
Risk Management Framework/Governance
• Assist in preparation and maintenance of a consolidated control framework
• Support preparation of a centralized inventory of security and technology risk management requirements and assurance expectations
Risk Management Guidance/Direction
• Support business owners in analysis of business and functional requirements resulting from regulation and customer contracts; and help identify technology and security risk controls
• Help assess impact of business, market and regulatory landscape changes on controls and practices
Customer Assurance and Audit Support
• Support customer and regulatory examinations; provide accurate information, related documentation and evidence for the purpose of the audit request to demonstrate how Mastercard satisfies obligations and commitments
• Assist in completing customer and regulatory inquiries and requests for information
• Prepare periodic customer and regulator meetings and reporting
• Perform compliance monitoring and pre audit readiness reviews
• Collection, sorting and maintaining audit evidence repository and tracking open items to closure
• Assist with certification efforts (e.g., SOC, ISO, PCI)
• Assist in reviewing reports of related parties and review System Audit Reports (SARs) and System Audit Questionnaires (SAQs) to track ecosystem compliance
Experience
• Have knowledge of relevant regulations (e.g., payment and settlement systems, tokenization, Data localization)
• Have a strong understanding of technology and cybersecurity risk management practices.
• Experience in handling regulatory and customer audits, conducting assessments and good understanding of governance, risk and compliance practices
• Be seen as a trusted advisor who understands business processes and can provide security consultation and advisory
• Possess excellent communication and people management skills and stakeholder management experience
• Ability to navigate around ambiguities and be culturally aware, sensitive and able to collaborate with cross-regional teams
• Be a team player with strong business and operations focus
• Knowledge of Risk and Control Framework standards such as NIST, ISO, PCI-DDS, SOC
• Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and IT management (e.g., GDPR, FBA, CBA, PFMI, etc.)
• Knowledge of Mastercard products and technology, security and other risk management programs and practices desired, a plus but not required.