Security Risk Analyst II

Our Purpose

Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.

Title and Summary

Security Risk Analyst II

Overview
The Mastercard Technology Risk Team is looking for a security analyst to support the implementation of international standards, processes, best practices and IT frameworks thereby helping the organization to enhance its current security posture.
Responsibilities:

• Oversee compliance and the implementation of design (up-to-date standard operating procedures) and operational effectiveness (testing the validity of procedures periodically).
• Participate in the gathering, documenting, monitoring and preliminary analysis of the information security and technology metrics.
• Identify, test, and report security weaknesses in systems and applications. Participate in the risk management process, including documenting, reviewing and updating systems on a regular basis; contribute in the preparations of internal risk reports.
• Maintaining an understanding of security policies and regulatory compliance (i.e. ISO 27001, PCI, GDPR)
• Monitor technology risk and compliance, and develop, deliver, maintain and monitor IT policies, standards, and best practices.
• Oversee governance and compliance of vulnerability remediation enterprise wide.
• Support special projects as requested; provides ad-hoc support to management.
• Develop effective working relationships with internal and external stakeholders, auditors, process and control owners and functional staff
• Understand and interact with related disciplines through different committees to ensure the consistent application of policies and standards across all technology functions.

Experience Required

• Experience supporting information security, IT audit and/or IT risk management principles.
• Familiarity with risk management processes (e.g., methods for assessing and mitigating risk)
• Conceptual understanding of IT and security controls, networking and information security technologies.
• Knowledge of Risk and Control Framework standards such as ISO 27001, NIST CSF, PCI-DSS.
• Background in developing, and maintaining security policies, processes, procedures and standards.
• Strong analytical and problem-solving skills for design, creation and testing of security controls and systems.

Nice to have

• Experience creating ISMS documentation to integrate the ISO 27001 requirements within the overall organization.
• Successfully completed ISO 27001:2022 Lead Auditor/Lead Implementer certification.
• Successfully completed CISA/CISM Certification.
• Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and IT management (e.g., GDPR, NY DFS Part 500 , MAS TRM etc.)
• Knowledge of Mastercard products and technology, security and other risk management programs and practices. (desired, not required)
• Experience using RSA Archer or equivalent risk tool sets.

Qualifications and Skills

• Bachelor’s degree or equivalent combination of education and experience/bachelor’s degree in information systems management, computer science, information technology or related field preferred
• Experience in handling certifications, compliance and internal/external information security/cyber security audits.
• Excellent written as well as verbal communication skills. Strong interpersonal skills, including good communication with the ability to articulate ideas in a 2 of 2 precise and concise manner.
• Contribute to work environment that encourages knowledge of, respect for and development of skills to engage with those of other cultures and backgrounds.
• Ability to handle multiple tasks simultaneously and switch between tasks quickly

Corporate Security Responsibility

All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:

• Abide by Mastercard’s security policies and practices;

• Ensure the confidentiality and integrity of the information being accessed;

• Report any suspected information security violation or breach, and

• Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.