Technology Risk Management Analyst

at  MasterCard

Our Purpose
We work to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments and businesses realize their greatest potential. Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. We cultivate a
culture of inclusion
for all employees that respects their individual strengths, views, and experiences. We believe that our differences enable us to be a better team – one that makes better decisions, drives innovation and delivers better business results.
Title and Summary
Technology Risk Management Analyst
Overview
The Mastercard Technology Risk Team is looking for a Technology Risk Analyst to support and lead elements of the Risk Framework. Focus will be on providing risk support, risk analysis, reporting and training across the organisation helping build 2 Line of Defence capability. This role is a pivotal part of the second line Mastercard Technology Risk Function and supports Mastercard’s commitment operating a best practise Risk Framework.
A crucial element of the Risk Management Team is working with First Line Risk Management, Enterprise Risk Management, Operational Risk Management and Corporate Security Leaders to document acceptable levels of residual risk as it relates to the security program and the controls implemented for the purposes of risk reduction.

Role

• Support the development of the Technology Operational Risk Framework (4 Pillars); 1.Risk Governance, 2.Risk Hierarchy, 3.Risk Indicators/Tooling (inclusive of Risk Taxonomy, Impact & Likelihood scales, Control Criteria, Key Risk Indicators, Issues, Policy exceptions) and 4.Risk Analysis (RCSA, Bow Tie, FAIR)
• Develop and support the Maturity of the Risk Processes, including identifying and implementing best practices and ensuring all processes are documented, reviewed and updated regularly
• Perform Risk Assessment activities (Thematic & Deep Dive Risk Reviews), including the planning, reporting and recommending of appropriate remediation measures
• Provide data analysis and strategy execution across risk areas, leveraging an understanding of risk, control and regulation
• Support cross-functional initiatives to deliver on risk goals, policies and procedures
• Work directly with teams from enterprise risk management, operational risk management and corporate security departments to facilitate IT risk analysis, identify acceptable levels of residual risk and establish roles and responsibilities related to risk reduction and closing of gaps
• Maintain up-to-date understanding of industry best practices and monitor the legal and regulatory environment for developments that could require changes to established IT policies and practices
• Understand and support the Enterprise, Operational Risk /or Corporate Security risk strategies

All About You

• Experience or knowledge in using and implementing Risk and Control Frameworks (Enterprise, Operational & Security); ISO3100, COSO, SOC1/2, ISAE3402/3000, ISO27001, GDPR etc.
• Understanding of qualitative and quantitative Operational and/or Security Risk Assessment approaches i.e. RCSA, Bow Tie, FAIR
• Experience with the following (or similar) tools: Open Pages, Archer, Ostrich Cyber Risk.
• Bachelor’s degree or equivalent combination of education and experience/Bachelor’s degree in Risk Management, Computer science, Information technology or related field preferred
• Professional certification like The FAIR Insitute, The Risk Management Institute, a plus
• Professional memberships like AIRMIC, IRM, FAIR, FERMA, a plus
• The ability to understand the current organizational model and Strategic goals/direction and apply Strategic thinking
• Strong interpersonal, communication and presentation skills necessary for interaction with senior business leaders and teams across all levels of the organization
• Demonstrates ability to operate with independence and autonomy
• Contribute to work environment that encourages knowledge of, respect for, and the development of skills to engage with those of other cultures and backgrounds
• Familiarity with the financial services industry and payment processing industry, a plus

Mastercard is an inclusive equal opportunity employer that considers applicants without regard to gender, gender identity, sexual orientation, race, ethnicity, disabled or veteran status, or any other characteristic protected by law. In the US or Canada, if you require accommodations or assistance to complete the online application process or during the recruitment process, please contact reasonable_accommodation@mastercard.com and identify the type of accommodation or assistance you are requesting. Do not include any medical or health information in this email. The Reasonable Accommodations team will respond to your email promptly.
Corporate Security Responsibility

All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:

• Abide by Mastercard’s security policies and practices;
• Ensure the confidentiality and integrity of the information being accessed;
• Report any suspected information security violation or breach, and
• Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.

Role

• Support the development of the Technology Operational Risk Framework (4 Pillars); 1.Risk Governance, 2.Risk Hierarchy, 3.Risk Indicators/Tooling (inclusive of Risk Taxonomy, Impact & Likelihood scales, Control Criteria, Key Risk Indicators, Issues, Policy exceptions) and 4.Risk Analysis (RCSA, Bow Tie, FAIR)
• Develop and support the Maturity of the Risk Processes, including identifying and implementing best practices and ensuring all processes are documented, reviewed and updated regularly
• Perform Risk Assessment activities (Thematic & Deep Dive Risk Reviews), including the planning, reporting and recommending of appropriate remediation measures
• Provide data analysis and strategy execution across risk areas, leveraging an understanding of risk, control and regulation
• Support cross-functional initiatives to deliver on risk goals, policies and procedures
• Work directly with teams from enterprise risk management, operational risk management and corporate security departments to facilitate IT risk analysis, identify acceptable levels of residual risk and establish roles and responsibilities related to risk reduction and closing of gaps
• Maintain up-to-date understanding of industry best practices and monitor the legal and regulatory environment for developments that could require changes to established IT policies and practices
• Understand and support the Enterprise, Operational Risk /or Corporate Security risk strategie

All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:

• Abide by Mastercard’s security policies and practices;
• Ensure the confidentiality and integrity of the information being accessed;
• Report any suspected information security violation or breach, and
• Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines