Vice President, Software Supply Chain Security

MastercardO'fallon, MO
$212,000 - $339,000Onsite

About The Position

The Network Engineering Services team is looking for a Vice President of Software Supply Chain Security. The VP is senior leader responsible for protecting the integrity, provenance, and trustworthiness of all software that powers the company’s global payments ecosystem. This role ensures end-to-end security across internal development, third-party software, CI/CD pipelines, cloud workloads, vendor integrations, and payment processing platforms that require the highest levels of reliability, compliance, and resiliency.

Requirements

  • Demonstrated effectiveness leading Security, Platform/DevOps, or Software Engineering teams
  • Proven track record of implementing software supply chain controls across complex, multicloud and hybrid environments.
  • Demonstrated ability to balance regulatory, security, and developer experience requirements at enterprise scale.
  • Deep expertise in CI/CD, artifact registries, Kubernetes/container security, cryptographic signing, and OSS governance.
  • Strong knowledge of SLSA, NIST SSDF, OWASP SCVS/SCVST, ISO 27001/27036, and regulatory frameworks
  • Hands-on familiarity with SAST/DAST/IAST/SCA, secrets and dependency management, API security, and runtime protections
  • Strong stakeholder management and executive communication skills; proven record influencing Product and Engineering leaders.

Nice To Haves

  • National Initiative for Cybersecurity Education (NICE) competency proficiency levels of limited in leadership, limited to developing in operational and professional, and developing to proficient in technical.
  • This Mastercard role shares KSAs with related NICE work roles OV-SPP-002, OPM751, Cyber Policy and Strategy Planner
  • OV-EXL-001, OPM901, Executive Cyber Leadership
  • OV-MGT-001, OPM722, Information Systems Security Manager

Responsibilities

  • Define the Software Supply Chain Security Strategy aligned to the company’s global payments mission, regulatory obligations, and risk appetite.
  • Build and lead high performing global DevSecOps, platform engineering, and security automation teams.
  • Architect security for CI/CD pipelines, infrastructure-as-code frameworks, and automation platforms
  • Embed security controls into development workflows, including SAST/DAST, SBOM, dependency scanning, secrets management, to eliminate preventable exposure
  • Establish governance for software bill of materials (SBOM), artifact integrity, code provenance, and policy-as-code guardrails
  • Promote a secure-by-default engineering culture with paved roads for secure component consumption, signing, building, and deployment.
  • Partner with Vulnerability Management on strategy and outcomes for end-to-end detection, triage, risk acceptance, remediation, validation and overall exposure management
  • Partner with DevOps on cloud strategy and operations (AWS, Azure, GCP, or hybrid), ensuring resilient, scalable, and secure infrastructure.
  • Partner with Legal, Third-Party Risk Management (TPRM), and Procurement to enforce contractual obligations for secure development, reporting, incident notification, and replace/patch SLAs.

Benefits

  • insurance (including medical, prescription drug, dental, vision, disability, life insurance)
  • flexible spending account and health savings account
  • paid leaves (including 16 weeks of new parent leave and up to 20 days of bereavement leave)
  • 80 hours of Paid Sick and Safe Time, 25 days of vacation time and 5 personal days, pro-rated based on date of hire
  • 10 annual paid U.S. observed holidays
  • 401k with a best-in-class company match
  • deferred compensation for eligible roles
  • fitness reimbursement or on-site fitness facilities
  • eligibility for tuition reimbursement
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service