Job Description

Our Purpose
We work to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments and businesses realize their greatest potential. Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. We cultivate a
culture of inclusion for all employees that respects their individual strengths, views, and experiences. We believe that our differences enable us to be a better team – one that makes better decisions, drives innovation and delivers better business results.
Job Title
Director, Regulatory and Customer Assurance (India)
Overview
The Technology Risk Management (TRM) organization is a business enabler and industry leader of technology and security risk management practices, supported by a multi-disciplinary team of top security, technology, and risk professionals. Our mission is to exceed stakeholder expectations by providing enhanced visibility and proactive management of technology risks and ensuring strong security and sound operational environment.
The Security Assurance team is responsible for working with, and demonstrating to, our stakeholders (e.g., regulators, customers, Mastercard businesses) how Mastercard complies with our security and technology promises, commitments, and obligations. India is a highly regulated environment requiring a strong risk management program to meet new and existing obligations, including audits of security processes and controls, tokenization practices and data localization compliance.
Responsibilities
Risk Management Framework/Governance

• Maintain a consolidated control framework and update it depending on guideline requirements
• Support maintenance of centralized inventory of security and technology risk management requirements and assurance expectations

Risk Management Guidance/Direction

• Advise business owners on analysis of business and functional requirements resulting from regulation and customer contracts; and help identify technology and security risk cpntrols
• Support Market, Technology and Product Risk Leads understand and respond to regulatory and customer inquiries
• Monitor business, market and regulatory landscape to identify potential changes in external requirements and internal standards, policies and potential implications to company

Audit Support

• Lead complex customer and regulatory examinations; provide documentation and evidence to demonstrate how Mastercard satisfies obligations and commitments
• Oversee customer and regulatory inquiries and requests for information
• Facilitate periodic customer and regulator meetings and reporting
• Drive auditor selection and on-boarding and manage the audit life-cycle through the year
• Compliance monitoring and pre audit readiness reviews
• Collection, sorting and maintaining audit evidence repository and tracking open items to closure
• Coordinate/align with other certification efforts (e.g., SOC, ISO, PCI) and internal audit
• Obtaining and reviewing reports of related parties and review System Audit Reports (SARs) and System Audit Questionnaires (SAQs) to track ecosystem compliance

Experience

• Have knowledge of relevant regulations (e.g., payment and settlement systems, tokenization, Data localization) applicable to India business
• Have strong understanding of technology and information security risk management practices.
• Experience in handling regulatory and customer audits, conducting assessments and good understanding of governance, risk and compliance practices
• Be seen as a trusted advisor who understands business processes and can provide security consultation and advisory
• Possess excellent communication and people management skills and stakeholder management experience
• Be culturally aware, sensitive and able to collaborate with cross-regional teams
• Be a team player with strong business and operations focus
• Knowledge of Risk and Control Framework standards such as NIST, ISO, PCI-DDS, SOC
• Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and IT management (e.g., GDPR, FBA, CBA, PFMI, etc.)
• Knowledge of Mastercard products and technology, security and other risk management programs and practices desired, a plus but not required

COVID-19 Considerations
We value the safety of each member of our community because we know we’re all in this together. In many locations, which may change over time, we’ve implemented a virtual hiring process and continue to interview candidates by video or phone. In addition, in some locations, only individuals who have been fully vaccinated will be permitted inside Mastercard offices until further notice.
In the US, Mastercard is a government contractor, which may legally require most Mastercard employees to be vaccinated unless a verified approved medical or religious exemption is granted. Further, we are currently making every effort towards having employees return to work in the office 2 days per week, if that makes sense for their team. Everyone must be vaccinated to enter Mastercard offices at this time. Therefore, we expect all candidates to be vaccinated or to be approved for a medical or religious accommodation prior to commencing work at Mastercard.
Corporate Security Responsibility
All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:

• Abide by Mastercard’s security policies and practices;
• Ensure the confidentiality and integrity of the information being accessed;
• Report any suspected information security violation or breach, and
• Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.