Lead Technology Controls Governance

About The Position

Requirements

• Look at everything through the eyes of our internal stakeholders (who often do not have risk and control backgrounds) and work towards establishing guidance, processes and tools that enable our stakeholders in a simplified, standardized and intuitive fashion
• Have ADVANCED experience with documenting control guidance, control activities, test procedures, validation steps, issue write-up and disposition, and metrics reporting
• Be skilled at explaining both business and technical requirements / objectives succinctly and clearly. This role works with both business and technical stakeholders. Direct and often daily communications occur with engineering teams to build our products.
• Be a strong, confident, and exact writer and speaker, able to communicate your vision and roadmap effectively to a wide variety of stakeholders. Strong interpersonal communication and presentation skills necessary for interaction with business leaders and teams across all levels of the organization.
• Always look for potential solutions to solve problems. Anticipate nuances and problem statements and bring options to the table to solve for them.
• Demonstrated ability to operate with independence and autonomy. Very flexible and with a strong ability to see what needs done, take ownership and act on it without detailed supervision
• Contribute to work environment that encourages knowledge of, respect for, and the development of skills to engage with those of other cultures and backgrounds

Nice To Haves

• Familiarity with the financial services industry and payment processing industry
• Experience with technology audits over application, infrastructure, and processes
• Experience with industry, regulatory and customer control frameworks (e.g., SOC1/2, SOX, ISO 27000, ISAE 3000/3402, NIST, RBI, CROE, PCI, CRI, UCF)
• Bachelor’s degree or equivalent combination of education and experience in computer science, information technology, accounting, audit or related fields preferred
• Experience with agile development and work management tools (JIRA, Monday.com)
• Professional certification like CISSP/CISA/CRISC or similar, a plus

Responsibilities

• Support key initiatives to guide and enable Mastercard's first line of defense to mature our technology risk and control posture
• Directly lead efforts to maintain and enhance Mastercard’s existing internal technology control framework, inclusive of refining internal control expectations derived from Mastercard Technology Standards and performing /validating mappings of the internal control framework to regulatory, industry and customer requirements and frameworks.
• Partnering with Technology Standard Owners to understand the intent of their requirements and define key classifications that drive scope and ownership of each control expectation
• Directly lead efforts to drive and project manage the design and capabilities of new tooling solutions to enable centralized and standardized methods on how all stakeholders are informed of applicable control expectations and manage their controls (inventory, evidence and test)
• Partner directly with technology first line of defense product, risk, compliance teams as well as second line of defense oversight teams to inform and drive our team’s strategic initiatives
• Support the establishments and maintenance of our team’s formal procedure documents, user guides, SharePoint site, our own controls and reference materials.

Benefits

• insurance (including medical, prescription drug, dental, vision, disability, life insurance)
• flexible spending account and health savings account
• paid leaves (including 16 weeks of new parent leave and up to 20 days of bereavement leave)
• 80 hours of Paid Sick and Safe Time, 25 days of vacation time and 5 personal days, pro-rated based on date of hire
• 10 annual paid U.S. observed holidays
• 401k with a best-in-class company match
• deferred compensation for eligible roles
• fitness reimbursement or on-site fitness facilities
• eligibility for tuition reimbursement