MasterCard Director, Security Risk Management in O'Fallon, Missouri

Who is Mastercard?

We are the global technology company behind the world€™s fastest payments processing network. We are a vehicle for commerce, a connection to financial systems for the previously excluded, a technology innovation lab, and the home of Priceless ®. We ensure every employee has the opportunity to be a part of something bigger and to change lives. We believe as our company grows, so should you. We believe in connecting everyone to endless, priceless possibilities.

Job Title

Director, Security Risk Management


The Risk Management team is responsible for establishing and maintaining the Corporate Security risk management program at Mastercard.

The program is intended to ensure the company€™s information assets and systems are managed in accordance with corporate security policies and standards, providing adequate protection of the environment.

The risk manager is the \"process owner\" for all security related risk assessments as well as the identification and tracking of discrete risks and policy exceptions.

A crucial element of the risk manager's role is working with enterprise risk management, operational risk management and corporate security leaders to document acceptable levels of residual risk as it relates to the security program and the controls implemented for the purposes of risk reduction.

Do you possess in-depth knowledge of risk management from the financial services sector?

Are you a proven thought leader, problem solver and integrator of people and processes, as well as an effective internal consultant?

Do you possess domain competencies in a number of IT risk-related disciplines, including security, business continuity management, privacy and compliance?


Manage all the risk-related activities, including the planning, testing, reporting and recommending of appropriate remediation measures.

Manage the oversight and monitoring of risk mitigation and coordination of policy and controls to ensure that other managers are taking effective remediation steps.

Maintain up-to-date understanding of industry best practices and monitor the legal and regulatory environment for developments that could require changes to established IT policies and practices.

Work directly with teams from enterprise risk management, operational risk management and corporate security departments to facilitate IT risk analysis, identify acceptable levels of residual risk and establish roles and responsibilities related to risk reduction and closing of gaps.

Manage the oversight of technical risk assessments, such as vulnerability scanning, penetration testing and control validation.

All About You

Basic knowledge of a broad range of standards and frameworks €“ for example, International Standards Organization (ISO) 27001, IT Infrastructure Library and ISO 20000, Capability Maturity Integration and Six Sigma.

Knowledge of common risk management methodologies €“ for example, Control Objectives for Information and Related Technology and Committee of Sponsoring Organizations Enterprise Risk Management.

Significant management and communications skills, as well as business knowledge in order to implement a comprehensive risk management approach that aligns the controls and levels of protection with business needs.

Seasoned manager with strong people management effectiveness.

At a minimum, intermediate level of expertise in IT risk management or a related discipline €“ for example, security, privacy, business continuity management or compliance.

Education: Bachelor of Science, with a focus on IT or IT risk-related disciplines or equivalent experience.

Beneficial Professional Certifications:

Chartered Enterprise Risk Analyst (CERA)

Certified Risk Manager (CRM)

Professional Risk Manager (PRM)

Certified Information Security Manager

Certified Information Security Professional


Equal Opportunity Employer
Requisition ID: R-49632