Director of Technology Risk Management

Director, Technology Risk Management

Our Purpose

Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.

Title and Summary

Director, Technology Risk ManagementWho is Mastercard?
Mastercard is a global technology company in the payments industry. Our mission is to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart, and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments, and businesses realize their greatest potential.

Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. With connections across more than 210 countries and territories, we are building a sustainable world that unlocks priceless possibilities for all.

Mission First, People Always
As Corporate Security, we are responsible for keeping Mastercard safe and secure from cyber and physical threats, and it is our people on the frontlines who make this happen every day.
By taking care of our people, their wellbeing, and career development, we provide them the necessary tools and environment to ensure the success of our mission.

Overview
The Corporate Security Regulatory Risk team is looking for a Director, Technology Risk Management, to support India CISO in driving security related regulatory and statutory compliance obligations mandated by Reserve Bank of India (RBI) and Unique Identification Authority of India (UIDAI). This role requires end-to-end oversight of security regulatory compliance, security governance, Information Security risk monitoring and Board appointed committee level reporting for India operations. The ideal candidate should be passionate about information security, cybersecurity, intellectually curious and analytical with strong exposure to business and regulatory environment.

In this highly visible role, you will:
1. Drive and monitor compliance with Security requirements within the RBI Master Directions on Cyber Resilience and Digital Payments Security Controls.
2. Manage and support regulatory inspections and annual compliance audits, driving and tracking remediation actions for Security domains.
3. Oversee information security governance and compliance for UIDAI ASA operations, including ICT infrastructure risk assessments and quarterly Board reporting on compliance status per UIDAI requirements.
4. Own and maintain India specific security policies and procedure documents including Cyber Crisis Management Plan, Cyber Risk Assessment framework and ensuring annual revisions and alignment with RBI, UIDAI, and DPDPA regulatory requirements.
5. Maintain oversight of security incident detection, response, and reporting processes, including mandatory reporting to RBI, CERT-In and the Data Protection Board of India within prescribed timelines.
6. Track and monitor security KRIs, Information Security risks, open vulnerabilities and internal audit security findings for India operations, driving closures and reporting to Board appointed risk committees.
7. Manage outsourcing circular compliance, annual self-assessments for intercompany entities and SLA monitoring for security services delivered to regulated entities.
8. Provide oversight of SOC incidents and operational metrics for India, review external compliance audit scope per CERT-In obligations, deliver Board-level cyber security training and oversee security awareness programs for India in-scope users.

All About You
The ideal candidate for this position should have:
• Strong knowledge of information/cyber security domains and controls, understanding of secure system design, defense-in-depth strategies, governance and risk management framework and practices within regulated financial institutions.
• Experience managing security compliance programs, supervisory inspections and audit readiness, proven ability to lead cross-functional teams and manage complex projects, senior stakeholder management, regulatory enquiries.
• Ability to provide independent and clear input to management bodies, translate technical risk into business and systemic impact and engaging with supervisory authorities and oversight bodies.
• Leadership capabilities around strategic thinking, cross functional collaboration with 1st and 2nd Line Risk teams, strong communication skills, building trust and credibility and executive presence, strong analytical and problem-solving abilities
• Strong understanding of ISO/IEC 27001, 27002, and related security standards, with experience leading ISMS implementation and certifications. Preferred security certification e.g. CISSP, CISM, CISA, CRISC or equivalent.
• Good understanding of payment systems, and interdependencies within the wider financial ecosystem.

NICE Framework References
This Mastercard role shares Knowledge, Skills, and Abilities with related National Initiative for Cybersecurity Education (NICE) work roles:
• Systems Security Management
• Cybersecurity Policy and Planning
• Information Assurance
• Program Management
• Cybersecurity Instruction

Corporate Security Responsibility
Every person working for, or on behalf of, Mastercard is responsible for information security. All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and therefore, it is expected that the successful candidate for this position must:
• Abide by Mastercard’s security policies and practices;
• Ensure the confidentiality and integrity of the information being accessed;
• Report any suspected information security violation or breach, and
• Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.

Corporate Security Responsibility

All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:

• Abide by Mastercard’s security policies and practices;

• Ensure the confidentiality and integrity of the information being accessed;

• Report any suspected information security violation or breach, and

• Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.

Experience Level

Executive Level