Lead, Technology Risk Manager

at  MasterCard

Our Purpose
We work to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments and businesses realize their greatest potential. Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. We cultivate a
culture of inclusion
for all employees that respects their individual strengths, views, and experiences. We believe that our differences enable us to be a better team – one that makes better decisions, drives innovation and delivers better business results.
Title and Summary
Lead, Technology Risk Manager
Overview
The AI & Decision Product Enablement Program (AI & DPE) is an internal product suite that enables intelligent decisions for market facing products. This program provides sophisticated, industry-leading intelligence with a range of capabilities that structure and apply complex business logic across the payment journey and beyond to inform and accelerate decisions at scale. This is achieved by leveraging supercomputing capabilities, sophisticated business rules, AI technologies, a streaming big data cluster, high speed in-memory data caching, APIs, & UIs to enrich data and provide real-time decisions. The Principal, Technical Risk Manager on Mastercard’s AI & DPE’s team will manage initiatives spanning across the Services organization and MA Technology ensuring that international, national, regional, policies are understood and implemented. Where required, server as a broker for engineering teams to influence internal and external regulatory policy interpretation and implementation while ensuring preparedness for internal and external audits.
We are looking for a Lead, Technical Risk Manager to join our Vancouver office.

Role:

• The Principal, Technical Risk Manager will drive successful program outcomes by:
• Embedding an understanding of technology risks through the evaluation and monitoring of IT policies, standard, and best practices and advising software developers on applications designs required to support them
• Overseeing compliance effectiveness by identifying and reviewing current AI & DPE as well as overall Mastercard change management development process activities, current controls and design requirements inventories (e.g. Mastercard policies, standards, procedures, technical baselines, architectural standards, and in scope regulatory requirements)
• Establishing communication protocols and channels to handle risk, controls or compliance work related to the program
• Documenting the integration approach for Policy, Standards and Regulatory Requirements support activities into existing SDLC and change management activities including establishing supporting workflows, procedure(s), impact assessment, reference materials and enablers
• Supports program by interpretating regulatory obligations, internal policies, standards, technical baseline, methodology( in terms of its impact on the platform) to confirm adequacy of compliance against US, Canada, EMEA and India regulatory requirements (e.g., DORA, FBA cloud reviews, RBI, PCI, BoE entity governance, localization, privacy regulations). Relevant activities may include:
• Facilitating scope and impact assessment to identify control and regulatory requirement applicability
• Providing summarized control and regulatory requirements to design and development teams
• Supporting the interpretation of control requirements in the context of impact to system architecture and designs
• Facilitate review of design/development team’s strategy to operationalize control and regulatory requirements
• Performing validation of operationalization and coverage of control and regulatory requirements in developed DMP solutions
• Helping to perform program level audits and prepare for enterprise or external audit
• Representing engineering perspective on emerging policies (e.g. AI)

About You:

• Demonstrated success in designing, implementing and assessing IT risk management programs, processes and methodologies
• Demonstrated success in risk-based IT program management, business integration, process improvement, IT compliance, metrics, dashboard reporting, assessments, risk treatment, risk appetite, IT risk and security, IT governance, IT operations, automated control monitoring/testing and technology enablement
• Demonstrated success at leading global program outcomes
• Demonstrated success at leading IT risk management for programs with complex technical stacks including business rules engines, high-speed caching capabilities, big data lakes, and AI technologies
• Adept at building consensus and leading resolution of contentious issues across senior leadership or regulatory partners levels
• Thrives working with highly technical products in a fast-paced delivery environment

Ability to communicate effectively with cross-functional Data Science, Development teams, regulatory agents, and the core product business teams
Mastercard is an inclusive equal opportunity employer that considers applicants without regard to gender, gender identity, sexual orientation, race, ethnicity, disabled or veteran status, or any other characteristic protected by law. In the US or Canada, if you require accommodations or assistance to complete the online application process or during the recruitment process, please contact reasonable_accommodation@mastercard.com and identify the type of accommodation or assistance you are requesting. Do not include any medical or health information in this email. The Reasonable Accommodations team will respond to your email promptly.
Corporate Security Responsibility

All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:

• Abide by Mastercard’s security policies and practices;
• Ensure the confidentiality and integrity of the information being accessed;
• Report any suspected information security violation or breach, and
• Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.

Role:

• The Principal, Technical Risk Manager will drive successful program outcomes by:
• Embedding an understanding of technology risks through the evaluation and monitoring of IT policies, standard, and best practices and advising software developers on applications designs required to support them
• Overseeing compliance effectiveness by identifying and reviewing current AI & DPE as well as overall Mastercard change management development process activities, current controls and design requirements inventories (e.g. Mastercard policies, standards, procedures, technical baselines, architectural standards, and in scope regulatory requirements)
• Establishing communication protocols and channels to handle risk, controls or compliance work related to the program
• Documenting the integration approach for Policy, Standards and Regulatory Requirements support activities into existing SDLC and change management activities including establishing supporting workflows, procedure(s), impact assessment, reference materials and enablers
• Supports program by interpretating regulatory obligations, internal policies, standards, technical baseline, methodology( in terms of its impact on the platform) to confirm adequacy of compliance against US, Canada, EMEA and India regulatory requirements (e.g., DORA, FBA cloud reviews, RBI, PCI, BoE entity governance, localization, privacy regulations). Relevant activities may include:
• Facilitating scope and impact assessment to identify control and regulatory requirement applicability
• Providing summarized control and regulatory requirements to design and development teams
• Supporting the interpretation of control requirements in the context of impact to system architecture and designs
• Facilitate review of design/development team’s strategy to operationalize control and regulatory requirements
• Performing validation of operationalization and coverage of control and regulatory requirements in developed DMP solutions
• Helping to perform program level audits and prepare for enterprise or external audit
• Representing engineering perspective on emerging policies (e.g. AI

All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:

• Abide by Mastercard’s security policies and practices;
• Ensure the confidentiality and integrity of the information being accessed;
• Report any suspected information security violation or breach, and
• Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines