Lead Data & AI Security Engineer

Mastercard•Arlington, VA

3d•Onsite

About The Position

Mastercard's Business Security Enablement (BSE) team is seeking a seasoned Lead Security Engineer (L6) – Data & AI to serve as the primary security advocate and advisor for our Data Commercialization and Artificial Intelligence initiatives. The BSE team is a worldwide group of information security experts focused on helping Mastercard achieve its goals by ensuring that security is at the heart of everything we do. In this role, you will collaborate with technology, engineering, and business teams to integrate strong security practices into Mastercard’s data-driven products and AI solutions. The ideal candidate possesses a high level of expertise in information security and secure engineering disciplines, enabling them to advise product and development teams on designing secure applications and services following industry best practices. You will apply deep knowledge of security principles, theories, and concepts throughout the business and development lifecycles. As an L6 Security Engineer, you are expected to take a lead security role in large, complex, global, cross-functional initiatives. You will work closely with developers and architects to evaluate business needs, determine feasibility, and recommend optimal security solutions that meet both security and regulatory requirements. Furthermore, you will champion a strong security risk culture across the organization, proactively managing risks in alignment with Mastercard’s risk appetite and ensuring data and AI innovations are secure by design.

Requirements

Typically, 7–10 years in information security, with hands-on secure software development and secure architecture/design, including reviewing code/systems for vulnerabilities. Experience with cloud platforms, APIs, and distributed systems preferred.
Proven ability to work effectively in a global environment, build strong relationships, and influence cross-functional and executive stakeholders across varying technical depth.
Advanced knowledge of security principles, domains, protocols, and standards, with familiarity with ISO 27001, PCI-DSS, NIST SP 800-53, and COBIT. Strong grounding in risk management and data privacy for data analytics, digital commerce, and AI solutions, and experience designing secure, multi-domain architectures.
Strong experience with cryptography and network security, including encryption, hashing, key management, PKI/certificates, TLS/SSL, VPN, IPsec, and related protocols.
Experience with DevOps/DevSecOps, including CI/CD and automated deployments, with security controls embedded throughout the SDLC.
Proficiency with data technologies, analytics platforms, and AI/ML frameworks; experience securing data platforms and/or AI/ML models.
Knowledge of the payments and e-commerce landscape and security considerations for data-centric and AI-powered products, including best practices for protecting data assets and algorithms and awareness of emerging threats.
Professional, proactive, and solutions-oriented, with strong problem-solving and continuous-learning mindset. Excellent communication skills to articulate security risks and mitigations to technical and business audiences, and comfort operating in a fast-paced, global environment.

Nice To Haves

Experience with cloud platforms, APIs, and distributed systems preferred.
NICE Framework References: This Mastercard role shares knowledge, skills, and abilities (KSAs) with several NICE Framework work roles, including: SP-DEV-002 (OPM622) – Secure Software Assessor, SP-ARC-002 (OPM652) – Security Architect, OV-SPP-002 (OPM751) – Cyber Policy and Strategy Planner.

Responsibilities

Serve as the primary security partner for Data Commercialization and AI programs. Provide security risk guidance from discovery through deployment, and advise product, engineering, and operations teams on secure design and delivery of data-driven and AI-powered solutions.
Translate Corporate Security policies, standards, and controls into actionable guidance for Data & AI teams. Partner with security champions and deliver targeted training. Maintain security dashboards/documentation and ensure requirements (secure coding, data protection, IAM controls) are embedded in the SDLC. Ensure adherence to security policy, regulatory requirements, and industry standards (e.g., PCI-DSS, privacy).
Partner with Business Security Officers (BSOs) and act as a bridge between Corporate Security and Data/AI product teams. Work with engineering and architecture to improve security of code, data pipelines, cloud services, and AI solutions. Promote a security-first culture across the domain.
Lead key security governance for Data & AI work, including design/code reviews, Solution Architecture approvals, Threat Model reviews, Third-Party technology reviews, Technical Architecture Diagram approvals, Network as a Service approval, and vulnerability management support. Drive security user stories in PI Planning and ensure requirements are tracked to closure.
Monitor emerging threats and best practices across data analytics and AI. Partner with cross-functional teams to strengthen protection for sensitive data and ML models. Improve architectures and processes through standardization and automation of security controls and tooling.

Benefits

insurance (including medical, prescription drug, dental, vision, disability, life insurance)
flexible spending account and health savings account
paid leaves (including 16 weeks of new parent leave and up to 20 days of bereavement leave)
80 hours of Paid Sick and Safe Time, 25 days of vacation time and 5 personal days, pro-rated based on date of hire
10 annual paid U.S. observed holidays
401k with a best-in-class company match
deferred compensation for eligible roles
fitness reimbursement or on-site fitness facilities
eligibility for tuition reimbursement

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume