We work to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments and businesses realize their greatest potential. Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. We cultivate a culture of inclusion for all employees that respects their individual strengths, views, and experiences. We believe that our differences enable us to be a better team – one that makes better decisions, drives innovation and delivers better business results.
Job TitlePrincipal, PCI ProgramThe Technology Risk Management (TRM) organization is a business enabler and industry leader of technology and security risk management practices, supported by a multi-disciplinary team of top security, technology, and risk professionals. Our mission is to exceed stakeholder expectations by providing enhanced visibility and proactive management of technology risks and ensuring strong security and sound operational environment.
The mission of the PCI program at Mastercard is to protect our security posture. The PCI team ensures that all our applications and platforms that involve payments and payment data are PCI compliant and certified to PCI- DSS (Data Security Standards) as well as other PCI standards where applicable.
The ideal candidate will have the ability to think and act both strategically and tactically while ensuring that the corporation remains compliant with required security and technology standards, as well as industry best practices.
• Support the development of efficiencies that new work-flow processes to ensure scalability and sustainability of the program
• Partner with other MasterCard standard and compliance initiatives such as ISO, SOC1 to ensure consistency, cross standard efficiencies
• Support external Audits such as FBA, Bank of India, GBLA, SWIFT
• Work on day to day management of internal PCI Program processes and standard operating procedures
• Lead certification efforts that are not DSS (e.g., PIN, 3DS, TSP, P2PE etc.)
• Representing PCI in long term technical projects that were identified through the PCI process to ensure compliance with standards (e.g., Mainframe encryption)
• Communicate security risks and gaps as related to or identified by PCI to stakeholders and executive management
• Drive the identification of thematic and enterprise issues and provide visibility in appropriate forums
• Develop and manage key metrics
• Provide PCI guidance on inquiries for new products and technologies
• PCI standards and requirements
• Latest information security protocols and standards
• Mastercard environments—physical and cloud
• Security controls, especially those that impact PCI (encryption, access, vulnerability testing etc.)
• Security prevention and detection systems and other security event management systems
• Data structures and classifications
• Control frameworks (i.e. ISO 27001, NIST, Privacy, SOX, SOC1, SOC 2)
• Review security architecture of applications and determine PCI relevance
• Employ strong research skills and problem-solving skills
• Apply PCI standards to new and existing technologies
• Identify and evaluate security gaps
• Communicate business risk to stakeholders
• Understand security findings (scanning/Pen test) and assess remediation strategies
• Evaluate compensating controls
• Conduct or facilitate meaningful meetings
• Work in slightly chaotic, rapidly growing environment
• Must have the ability to perform confidently and quickly make a decision
• Work both independently and as part of a very cohesive team
• Preferably has CISA and/or CISSP certified
Due to COVID-19, most of our employees are working from home. We've implemented a virtual hiring process and continue to interview candidates by phone or video and are onboarding new hires remotely. We value the safety of each member of our community because we know we're all in this together.
Mastercard is an inclusive Equal Employment Opportunity employer that considers applicants without regard to gender, gender identity, sexual orientation, race, ethnicity, disabled or veteran status, or any other characteristic protected by law.
If you require accommodations or assistance to complete the online application process, please contact email@example.com and identify the type of accommodation or assistance you are requesting. Do not include any medical or health information in this email. The Reasonable Accommodations team will respond to your email promptly.
Apply on company website