Company: Mastercard
Location: O'Fallon, MO
Career Level: Mid-Senior Level
Industries: Banking, Insurance, Financial Services
Description
Our Purpose
Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we're helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.
Title and Summary
Principal, Technology Risk Manager OverviewThe AI & Decision Product Enablement Program (AI & DPE) is an internal product suite that enables intelligent decisions for market facing products. This program provides sophisticated, industry-leading intelligence with a range of capabilities that structure and apply complex business logic across the payment journey and beyond to inform and accelerate decisions at scale. This is achieved by leveraging supercomputing capabilities, sophisticated business rules, AI technologies, a streaming big data cluster, high speed in-memory data caching, APIs, & UIs to enrich data and provide real-time decisions. The Principal, Technical Risk Manager within the AI & DPE's team will manage initiatives spanning across the Services organization and MA Technology ensuring that international, national, regional, policies are understood and implemented. Where required, serve as a broker for engineering teams to influence internal and external regulatory policy interpretation and implementation while ensuring preparedness for internal and external audits or conducting pre-audit assessments.
We are looking for a Principal, Technical Risk Manager to join our St. Louis office.
Role:
The Principal, Technical Risk Manager will drive successful program outcomes by:
• Embedding an understanding of technology risks through the evaluation and monitoring of IT policies, standard, and best practices and advising software developers on application designs required to support them
• Overseeing compliance effectiveness by identifying and reviewing current AI & DPE as well as overall Client change management development process activities, current controls and design requirements inventories (e.g. Client policies, standards, procedures, technical baselines, architectural standards, and in scope regulatory requirements)
• Establishing communication protocols and channels to handle risk, controls or compliance work related to the program
• Documenting the integration approach for Policy, Standards and Regulatory Requirements support activities into existing SDLC and change management activities including establishing supporting workflows, procedure(s), impact assessment, reference materials and enablers
• Supports program by interpretating regulatory obligations, internal policies, standards, technical baseline, methodology (in terms of its impact on the platform) to confirm adequacy of compliance against US, Canada, EMEA and India regulatory requirements (e.g., DORA, FBA cloud reviews, RBI, PCI, BoE entity governance, localization, privacy regulations). Relevant activities may include:
• Facilitating scope and impact assessment to identify control and regulatory requirement applicability
• Providing summarized control and regulatory requirements to design and development teams
• Supporting the interpretation of control requirements in the context of impact to system architecture and designs
• Facilitating review of design/development team's strategy to operationalize control and regulatory requirements
• Performing validation of operationalization and coverage of control and regulatory requirements in developed DMP solutions
• Helping to perform program level audits and prepare for enterprise or external audit
• Representing engineering perspective on emerging policies (e.g. AI)
About You:
• Demonstrated success in designing, implementing and assessing IT risk management programs, processes and methodologies
• Demonstrated success in risk-based IT program management, business integration, process improvement, IT compliance, metrics, dashboard reporting, assessments, risk treatment, risk appetite, IT risk and security, IT governance, IT operations, automated control monitoring/testing and technology enablement
• Demonstrated success at leading global program outcomes
• Demonstrated success at leading IT risk management for programs with complex technical stacks including business rules engines, high-speed caching capabilities, big data lakes, and AI technologies
• Adept at integrating IT risk program frameworks with enterprise risk functions, designing IT risk metrics, risk aggregation and reporting concepts
• Adept at applying innovative IT risk management principles to a complex technology stack
• Demonstrated success at IT issues management and applying various risk treatments
• Adept at building consensus and leading resolution of contentious issues across senior leadership or regulatory partners levels
• Thrives working with highly technical products in a fast-paced delivery environment
• Ability to communicate effectively with cross-functional Data Science, Development teams, regulatory agents, and the core product business teams
To qualify for the role, you must have:
Experience in IT risk transformation services, including IT risk management, GRC, data analytics, policy and standard management, issues management, or IT regulation and compliance.
Experience in engineering services such as cloud services, high speed caching, big data messaging and distributed systems.
Experience managing/collaborating engineering teams, managing 200+ tech assets , multiple 5+ programs, 15+ internal products, and directly interacting with approx. 75 development/engineering teams
Proficiency in information security management principles.
Knowledge of IT controls across applications, databases, operating systems, data, and infrastructure.
Strong analytical and critical thinking abilities.
Understanding of risk management practices and extensive knowledge and experience with industry standards (FFIEC, NIST, ISO27001, COBIT, GLBA, CSA, PCI-DSS) and regulations (DORA, FBA cloud reviews, RBI, PCI, BoE entity governance, GLBA, NY-DFS, SEC, GDPR).
Possession of at least one relevant professional certification, such as CRISC, CISA, CISM, or CISSP.
Ability to translate complex information into business terms that can be understood at all organizational levels.
Excellent written and verbal communication skills for writing reports, client presentations, and project management.
Preferred IT Audit Experience Mastercard is a merit-based, inclusive, equal opportunity employer that considers applicants without regard to gender, gender identity, sexual orientation, race, ethnicity, disabled or veteran status, or any other characteristic protected by law. We hire the most qualified candidate for the role. In the US or Canada, if you require accommodations or assistance to complete the online application process or during the recruitment process, please contact reasonable_accommodation@mastercard.com and identify the type of accommodation or assistance you are requesting. Do not include any medical or health information in this email. The Reasonable Accommodations team will respond to your email promptly.
Corporate Security Responsibility
All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:
Abide by Mastercard's security policies and practices;
Ensure the confidentiality and integrity of the information being accessed;
Report any suspected information security violation or breach, and
Complete all periodic mandatory security trainings in accordance with Mastercard's guidelines.
Pay Ranges
O'Fallon, Missouri: $128,000 - $198,000 USDApply on company website
Find Connections via Linkedin
