Skip to main contentA logo with &quat;the muse&quat; in dark blue text.

Director, Technology Risk and Control Framework (2LoD)

AT Mastercard
Mastercard

Director, Technology Risk and Control Framework (2LoD)

Toronto, Canada

Our Purpose

Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we're helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.

Title and Summary

Director, Technology Risk and Control Framework (2LoD)

Overview:

The Mastercard Risk (2LoD) is looking for a Director to lead the implementation and roll out of a best practice Technology Control Framework and deliver independent test / validation of key controls across Mastercard's Technology estate. The role requires a depth of knowledge and experience in Security and Operational risk approaches such as FAIR / RCSA / ISO31000 and of industry control standards such as Cyber Risk Institute Profile, NIST CSF, Unified Control Framework and SOC1/2. The role also requires knowledge of risk management expectations of payment industry regulators globally.

Want more jobs like this?

Get jobs in Toronto, Canada delivered to your inbox every week.

By signing up, you agree to our Terms of Service & Privacy Policy.


Role:
• Lead the 2LoD implementation / co-ordination of a Technology Control Framework based on the UCF and CRI Profile
• Deliver control sample testing on critical services or key business units leveraging industry best practices to assess control design and effectiveness
• Driver the establishment of a 1LoD Control Library that aligns to a co-ordinated Technology Control Framework
• Represent Technology Risk in relevant governance committees and facilitate the effectiveness of technology risk forums in supporting decision making
• Support the integration of the control framework into the technology risk assessment program for Mastercard
• Leverage industry standards to support the analysis of how controls affect risk i.e. via the FAIR CAM industry standard
• Align the Technology Control Framework to support decision making against the Mastercard Risk Appetite Framework inclusive of risk objectives and measurable tolerances.
• Manages collaborative working relationships with stakeholders at the regional or local level
• Support the development of risk processes that implement best practices and ensure all processes are documented, reviewed and updated regularly
• Co-ordinate the maintenance of risk registers, control libraries and issue management processes in order to support the monitoring and reporting of material risks

All About You:
Experience
Required
• Experience delivering control testing and assurance reviews
• Experience delivering presentations and engaging with senior leadership
• Experience managing the Technology risk strategies that maintain the status of industry compliance standards (e.g. CRI Profile, ISAE 3402, SOC, CPMI IOSCO etc)
• Experience engaging with banking and payment industry regulators and an understanding of their requirements in relation to risk management and assurance

Nice to have
• Experience with the FAIR Methodology and FAIR CAM
• Experience leveraging GRC tools
• Experience with regulatory and industry best practice and standards such as ISO 27001, PCI DSS, GLBA and CRI Profile, NIST CSF

Qualifications and Skills
Required
• Business Degree (or equivalent) in a relevant field to risk management
• Very strong knowledge of Risk Management best practice
• Knowledge of Risk Assessment methodologies such as RCSA (Risk Control Self Assessment) and control assurance approaches
• Systematic problem-solving approach, coupled with strong communication skills and a sense of ownership and drive.
Nice to have
• Masters Risk Management
• Strong IT technical knowledge or knowledge of payment systems
• Project Management Skills
• Knowledge of Quantitative Risk Approaches (i.e. Monte Carlo Simulation)

Mastercard is an inclusive equal opportunity employer that considers applicants without regard to gender, gender identity, sexual orientation, race, ethnicity, disabled or veteran status, or any other characteristic protected by law. In the US or Canada, if you require accommodations or assistance to complete the online application process or during the recruitment process, please contact reasonable_accommodation@mastercard.com and identify the type of accommodation or assistance you are requesting. Do not include any medical or health information in this email. The Reasonable Accommodations team will respond to your email promptly.

Corporate Security Responsibility

All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:

  • Abide by Mastercard's security policies and practices;
  • Ensure the confidentiality and integrity of the information being accessed;
  • Report any suspected information security violation or breach, and
  • Complete all periodic mandatory security trainings in accordance with Mastercard's guidelines.

Client-provided location(s): Toronto, ON, Canada
Job ID: Mastercard-22331_R-235632
Employment Type: Other

Perks and Benefits

  • Health and Wellness

    • Health Insurance
    • Dental Insurance
    • Vision Insurance
    • Life Insurance
    • Short-Term Disability
    • Long-Term Disability
    • FSA
    • FSA With Employer Contribution
    • HSA
    • HSA With Employer Contribution
    • Fitness Subsidies
    • On-Site Gym
    • Pet Insurance
    • Mental Health Benefits
    • Virtual Fitness Classes
    • Health Reimbursement Account
  • Parental Benefits

    • Birth Parent or Maternity Leave
    • Non-Birth Parent or Paternity Leave
    • Fertility Benefits
    • Adoption Assistance Program
    • Family Support Resources
    • On-site/Nearby Childcare
    • Adoption Leave
  • Work Flexibility

    • Flexible Work Hours
    • Remote Work Opportunities
    • Hybrid Work Opportunities
  • Office Life and Perks

    • Commuter Benefits Program
    • Casual Dress
    • Happy Hours
    • Snacks
    • Company Outings
    • On-Site Cafeteria
    • Holiday Events
    • Some Meals Provided
  • Vacation and Time Off

    • Paid Vacation
    • Paid Holidays
    • Personal/Sick Days
    • Leave of Absence
    • Volunteer Time Off
  • Financial and Retirement

    • 401(K) With Company Matching
    • Performance Bonus
    • Relocation Assistance
    • Financial Counseling
    • Stock Purchase Program
    • 401(K)
  • Professional Development

    • Tuition Reimbursement
    • Promote From Within
    • Mentor Program
    • Access to Online Courses
    • Lunch and Learns
    • Internship Program
    • Work Visa Sponsorship
    • Leadership Training Program
    • Associate or Rotational Training Program
    • Shadowing Opportunities
  • Diversity and Inclusion

    • Employee Resource Groups (ERG)
    • Diversity, Equity, and Inclusion Program