Director, Exposure Management

About The Position

Requirements

• Proven experience leading enterprise‑scale security, risk, or exposure management programs in a large, complex organization
• Deep understanding of vulnerability management, application security (SAST/SCA), and modern software delivery environments
• Demonstrated ability to move programs from operational execution to strategic, outcome‑driven models
• Strong data‑driven mindset, with experience using metrics and analytics to influence decisions and behavior
• Track record of leading transformation initiatives across people, process, and technology
• Comfortable operating at both strategic and execution levels, with the ability to translate vision into measurable results
• Strong communication skills, with the ability to convey complex technical risk in business‑relevant terms

Responsibilities

• Exposure Management Strategy & Execution Define and own Mastercard’s enterprise exposure management strategy, aligning vulnerability, application, and software supply chain risks into a unified risk view
• Shift the program from volume‑based vulnerability tracking to risk‑based prioritization grounded in exploitability, asset criticality, and business impact
• Establish clear ownership models and engagement patterns with technology and engineering teams to drive timely and effective remediation
• Vulnerability Operations & Secure Development Leadership Lead global teams responsible for vulnerability operations, SAST, and SCA capabilities
• Ensure consistent, scalable execution of vulnerability discovery, validation, prioritization, and tracking across technology domains
• Evolve secure development capabilities to better support engineering velocity while improving security outcomes earlier in the SDLC
• Data, Metrics & Risk Intelligence Build and mature exposure‑focused metrics that enable leadership to understand risk posture, trends, and remediation effectiveness
• Partner with data and analytics teams to leverage security telemetry, automation, and correlation across multiple data sources
• Translate technical findings into clear, decision‑ready insights for senior leaders and risk partners
• Technology & Transformation Drive modernization of exposure management tooling, workflows, and integrations
• Partner with Product, Engineering, and Architecture teams to influence platform capabilities and security-by-design practices
• Identify opportunities for automation, orchestration, and scale across vulnerability and secure development processes
• Leadership & Stakeholder Engagement Lead, coach, and develop high‑performing teams across multiple disciplines and geographies
• Serve as a trusted advisor to Technology, Security, and Risk leadership on exposure trends and remediation priorities
• Influence cross‑functional stakeholders without direct authority in a complex, matrixed environment

Benefits

• insurance (including medical, prescription drug, dental, vision, disability, life insurance)
• flexible spending account and health savings account
• paid leaves (including 16 weeks of new parent leave and up to 20 days of bereavement leave)
• 80 hours of Paid Sick and Safe Time, 25 days of vacation time and 5 personal days, pro-rated based on date of hire
• 10 annual paid U.S. observed holidays
• 401k with a best-in-class company match
• deferred compensation for eligible roles
• fitness reimbursement or on-site fitness facilities
• eligibility for tuition reimbursement