Senior Technology Controls Governance Analyst

About The Position

Requirements

• Look at everything through the eyes of our internal stakeholders (who often do not have risk and control backgrounds) and work towards establishing guidance, processes, and tools that enable our stakeholders in a simplified, standardized, and intuitive fashion
• Have ADVANCED experience with documenting control guidance, control activities, test procedures, issue write-up and disposition, and metrics reporting
• Be skilled at explaining business and technical requirements succinctly and clearly. This role works and frequently meets with both business and technical stakeholders, our partners in the development of risk and control tooling.
• Be a strong, confident, and precise writer and speaker, enabling you to communicate your vision and roadmap effectively to a wide variety of stakeholders. Strong interpersonal communication and presentation skills necessary for interaction with business leaders and teams across all levels of the organization.
• Anticipate challenges and always look for potential solutions to solve them.
• Demonstrated ability to operate with independence and autonomy, and has a strong sense of initiative to see what needs to be done, take ownership, and act on it without detailed instruction or supervision
• Contribute to a work environment that encourages knowledge of, respect for, and the development of skills to engage with those of other cultures and backgrounds

Nice To Haves

• Familiarity with the financial services industry and payment processing industry
• Experience with technology audits over application, infrastructure, and processes
• Experience with industry, regulatory and customer control frameworks (e.g., SOC1/2, SOX, ISO 27000, ISAE 3000/3402, NIST, RBI, CROE, PCI, CRI, UCF)
• Bachelor’s degree or equivalent combination of education and experience in computer science, information technology, accounting, audit or related fields preferred
• Experience with agile development and work management tools (JIRA, Monday.com)
• Professional certification like CISSP/CISA/CRISC or similar, a plus

Responsibilities

• Support key initiatives to guide and enable Mastercard's technology product teams to mature our technology risk and control posture.
• Support efforts to maintain and enhance Mastercard’s existing internal technology control framework, including refining internal control expectations derived from Mastercard Technology Standards, and performing and validating mappings of the internal control framework to regulatory, industry and customer requirements and frameworks.
• Partner with Technology Standard Owners to understand the intent of their requirements and define key classifications that drive scope and ownership of each control expectation
• Manage the development and enhancement of risk and control tooling
• Partner directly with technology product, risk, compliance teams as well as second line of defense oversight teams to inform and drive our team’s strategic initiatives
• Support the establishment and maintenance of our team’s formal standards, procedure documents, user guides, SharePoint site, our own controls and reference materials.

Benefits

• insurance (including medical, prescription drug, dental, vision, disability, life insurance)
• flexible spending account and health savings account
• paid leaves (including 16 weeks of new parent leave and up to 20 days of bereavement leave)
• 80 hours of Paid Sick and Safe Time, 25 days of vacation time and 5 personal days, pro-rated based on date of hire
• 10 annual paid U.S. observed holidays
• 401k with a best-in-class company match
• deferred compensation for eligible roles
• fitness reimbursement or on-site fitness facilities
• eligibility for tuition reimbursement