Overview
On Site
USD 128,000.00 - 198,000.00 per year
Full Time
Skills
Payments
Innovation
Partnership
Streaming
Real-time
Mergers and Acquisitions
Evaluation
Software Development Methodology
Change Management
Workflow
EMEA
Internationalization And Localization
Privacy
Systems Architecture
Facilitation
DMP
Auditing
IT Program Management
Process Improvement
Dashboard
IT Governance
IT Operations
Testing
Stacks Blockchain
Business Rules
Artificial Intelligence
Leadership
Data Science
IT Risk
IT Risk Management
SAP GRC
Data Analysis
Incident Management
Regulatory Compliance
Caching
Big Data
Messaging
Management
Information Security Management
Database
Operating Systems
Analytical Skill
Critical Thinking
Risk Management
FFIEC
ISO/IEC 27001:2005
COBIT
PCI DSS
Cloud Computing
Payment Card Industry
Gramm-Leach-Bliley Act
Distributed File System
SEC
ISACA
CISA
CISM
CISSP
Communication
Writing
Presentations
Project Management
IT Audit
Law
Recruiting
Reporting
Information Security
Insurance
Life Insurance
Job Details
Our Purpose
Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we're helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.
Title and Summary
Principal, Technology Risk Manager
Overview
The AI & Decision Product Enablement Program (AI & DPE) is an internal product suite that enables intelligent decisions for market facing products. This program provides sophisticated, industry-leading intelligence with a range of capabilities that structure and apply complex business logic across the payment journey and beyond to inform and accelerate decisions at scale. This is achieved by leveraging supercomputing capabilities, sophisticated business rules, AI technologies, a streaming big data cluster, high speed in-memory data caching, APIs, & UIs to enrich data and provide real-time decisions. The Principal, Technical Risk Manager within the AI & DPE's team will manage initiatives spanning across the Services organization and MA Technology ensuring that international, national, regional, policies are understood and implemented. Where required, serve as a broker for engineering teams to influence internal and external regulatory policy interpretation and implementation while ensuring preparedness for internal and external audits or conducting pre-audit assessments.
We are looking for a Principal, Technical Risk Manager to join our St. Louis office.
Role:
The Principal, Technical Risk Manager will drive successful program outcomes by:
Embedding an understanding of technology risks through the evaluation and monitoring of IT policies, standard, and best practices and advising software developers on application designs required to support them
Overseeing compliance effectiveness by identifying and reviewing current AI & DPE as well as overall Client change management development process activities, current controls and design requirements inventories (e.g. Client policies, standards, procedures, technical baselines, architectural standards, and in scope regulatory requirements)
Establishing communication protocols and channels to handle risk, controls or compliance work related to the program
Documenting the integration approach for Policy, Standards and Regulatory Requirements support activities into existing SDLC and change management activities including establishing supporting workflows, procedure(s), impact assessment, reference materials and enablers
Supports program by interpretating regulatory obligations, internal policies, standards, technical baseline, methodology (in terms of its impact on the platform) to confirm adequacy of compliance against US, Canada, EMEA and India regulatory requirements (e.g., DORA, FBA cloud reviews, RBI, PCI, BoE entity governance, localization, privacy regulations). Relevant activities may include:
Facilitating scope and impact assessment to identify control and regulatory requirement applicability
Providing summarized control and regulatory requirements to design and development teams
Supporting the interpretation of control requirements in the context of impact to system architecture and designs
Facilitating review of design/development team's strategy to operationalize control and regulatory requirements
Performing validation of operationalization and coverage of control and regulatory requirements in developed DMP solutions
Helping to perform program level audits and prepare for enterprise or external audit
Representing engineering perspective on emerging policies (e.g. AI)
About You:
Demonstrated success in designing, implementing and assessing IT risk management programs, processes and methodologies
Demonstrated success in risk-based IT program management, business integration, process improvement, IT compliance, metrics, dashboard reporting, assessments, risk treatment, risk appetite, IT risk and security, IT governance, IT operations, automated control monitoring/testing and technology enablement
Demonstrated success at leading global program outcomes
Demonstrated success at leading IT risk management for programs with complex technical stacks including business rules engines, high-speed caching capabilities, big data lakes, and AI technologies
Adept at integrating IT risk program frameworks with enterprise risk functions, designing IT risk metrics, risk aggregation and reporting concepts
Adept at applying innovative IT risk management principles to a complex technology stack
Demonstrated success at IT issues management and applying various risk treatments
Adept at building consensus and leading resolution of contentious issues across senior leadership or regulatory partners levels
Thrives working with highly technical products in a fast-paced delivery environment
Ability to communicate effectively with cross-functional Data Science, Development teams, regulatory agents, and the core product business teams
To qualify for the role, you must have:
Experience in IT risk transformation services, including IT risk management, GRC, data analytics, policy and standard management, issues management, or IT regulation and compliance.
Experience in engineering services such as cloud services, high speed caching, big data messaging and distributed systems.
Experience managing/collaborating engineering teams, managing 200+ tech assets , multiple 5+ programs, 15+ internal products, and directly interacting with approx. 75 development/engineering teams
Proficiency in information security management principles.
Knowledge of IT controls across applications, databases, operating systems, data, and infrastructure.
Strong analytical and critical thinking abilities.
Understanding of risk management practices and extensive knowledge and experience with industry standards (FFIEC, NIST, ISO27001, COBIT, GLBA, CSA, PCI-DSS) and regulations (DORA, FBA cloud reviews, RBI, PCI, BoE entity governance, GLBA, NY-DFS, SEC, GDPR).
Possession of at least one relevant professional certification, such as CRISC, CISA, CISM, or CISSP.
Ability to translate complex information into business terms that can be understood at all organizational levels.
Excellent written and verbal communication skills for writing reports, client presentations, and project management.
Preferred IT Audit Experience
Mastercard is a merit-based, inclusive, equal opportunity employer that considers applicants without regard to gender, gender identity, sexual orientation, race, ethnicity, disabled or veteran status, or any other characteristic protected by law. We hire the most qualified candidate for the role. In the US or Canada, if you require accommodations or assistance to complete the online application process or during the recruitment process, please contact and identify the type of accommodation or assistance you are requesting. Do not include any medical or health information in this email. The Reasonable Accommodations team will respond to your email promptly.
Corporate Security Responsibility
All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:
In line with Mastercard's total compensation philosophy and assuming that the job will be performed in the US, the successful candidate will be offered a competitive base salary based on location, experience and other qualifications for the role and may be eligible for an annual bonus or commissions depending on the role. Mastercard benefits for full time (and certain part time) employees generally include: insurance (including medical, prescription drug, dental, vision, disability, life insurance), flexible spending account and health savings account, paid leaves (including 16 weeks new parent leave, up to 20 paid days bereavement leave), 10 annual paid sick days, 10 or more annual paid vacation days based on level, 5 personal days, 10 annual paid U.S. observed holidays, 401k with a best-in-class company match, deferred compensation for eligible roles, fitness reimbursement or on-site fitness facilities, eligibility for tuition reimbursement, gender-inclusive benefits and many more.
Pay Ranges
O'Fallon, Missouri: $128,000 - $198,000 USD
Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we're helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.
Title and Summary
Principal, Technology Risk Manager
Overview
The AI & Decision Product Enablement Program (AI & DPE) is an internal product suite that enables intelligent decisions for market facing products. This program provides sophisticated, industry-leading intelligence with a range of capabilities that structure and apply complex business logic across the payment journey and beyond to inform and accelerate decisions at scale. This is achieved by leveraging supercomputing capabilities, sophisticated business rules, AI technologies, a streaming big data cluster, high speed in-memory data caching, APIs, & UIs to enrich data and provide real-time decisions. The Principal, Technical Risk Manager within the AI & DPE's team will manage initiatives spanning across the Services organization and MA Technology ensuring that international, national, regional, policies are understood and implemented. Where required, serve as a broker for engineering teams to influence internal and external regulatory policy interpretation and implementation while ensuring preparedness for internal and external audits or conducting pre-audit assessments.
We are looking for a Principal, Technical Risk Manager to join our St. Louis office.
Role:
The Principal, Technical Risk Manager will drive successful program outcomes by:
Embedding an understanding of technology risks through the evaluation and monitoring of IT policies, standard, and best practices and advising software developers on application designs required to support them
Overseeing compliance effectiveness by identifying and reviewing current AI & DPE as well as overall Client change management development process activities, current controls and design requirements inventories (e.g. Client policies, standards, procedures, technical baselines, architectural standards, and in scope regulatory requirements)
Establishing communication protocols and channels to handle risk, controls or compliance work related to the program
Documenting the integration approach for Policy, Standards and Regulatory Requirements support activities into existing SDLC and change management activities including establishing supporting workflows, procedure(s), impact assessment, reference materials and enablers
Supports program by interpretating regulatory obligations, internal policies, standards, technical baseline, methodology (in terms of its impact on the platform) to confirm adequacy of compliance against US, Canada, EMEA and India regulatory requirements (e.g., DORA, FBA cloud reviews, RBI, PCI, BoE entity governance, localization, privacy regulations). Relevant activities may include:
Facilitating scope and impact assessment to identify control and regulatory requirement applicability
Providing summarized control and regulatory requirements to design and development teams
Supporting the interpretation of control requirements in the context of impact to system architecture and designs
Facilitating review of design/development team's strategy to operationalize control and regulatory requirements
Performing validation of operationalization and coverage of control and regulatory requirements in developed DMP solutions
Helping to perform program level audits and prepare for enterprise or external audit
Representing engineering perspective on emerging policies (e.g. AI)
About You:
Demonstrated success in designing, implementing and assessing IT risk management programs, processes and methodologies
Demonstrated success in risk-based IT program management, business integration, process improvement, IT compliance, metrics, dashboard reporting, assessments, risk treatment, risk appetite, IT risk and security, IT governance, IT operations, automated control monitoring/testing and technology enablement
Demonstrated success at leading global program outcomes
Demonstrated success at leading IT risk management for programs with complex technical stacks including business rules engines, high-speed caching capabilities, big data lakes, and AI technologies
Adept at integrating IT risk program frameworks with enterprise risk functions, designing IT risk metrics, risk aggregation and reporting concepts
Adept at applying innovative IT risk management principles to a complex technology stack
Demonstrated success at IT issues management and applying various risk treatments
Adept at building consensus and leading resolution of contentious issues across senior leadership or regulatory partners levels
Thrives working with highly technical products in a fast-paced delivery environment
Ability to communicate effectively with cross-functional Data Science, Development teams, regulatory agents, and the core product business teams
To qualify for the role, you must have:
Experience in IT risk transformation services, including IT risk management, GRC, data analytics, policy and standard management, issues management, or IT regulation and compliance.
Experience in engineering services such as cloud services, high speed caching, big data messaging and distributed systems.
Experience managing/collaborating engineering teams, managing 200+ tech assets , multiple 5+ programs, 15+ internal products, and directly interacting with approx. 75 development/engineering teams
Proficiency in information security management principles.
Knowledge of IT controls across applications, databases, operating systems, data, and infrastructure.
Strong analytical and critical thinking abilities.
Understanding of risk management practices and extensive knowledge and experience with industry standards (FFIEC, NIST, ISO27001, COBIT, GLBA, CSA, PCI-DSS) and regulations (DORA, FBA cloud reviews, RBI, PCI, BoE entity governance, GLBA, NY-DFS, SEC, GDPR).
Possession of at least one relevant professional certification, such as CRISC, CISA, CISM, or CISSP.
Ability to translate complex information into business terms that can be understood at all organizational levels.
Excellent written and verbal communication skills for writing reports, client presentations, and project management.
Preferred IT Audit Experience
Mastercard is a merit-based, inclusive, equal opportunity employer that considers applicants without regard to gender, gender identity, sexual orientation, race, ethnicity, disabled or veteran status, or any other characteristic protected by law. We hire the most qualified candidate for the role. In the US or Canada, if you require accommodations or assistance to complete the online application process or during the recruitment process, please contact and identify the type of accommodation or assistance you are requesting. Do not include any medical or health information in this email. The Reasonable Accommodations team will respond to your email promptly.
Corporate Security Responsibility
All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:
- Abide by Mastercard's security policies and practices;
- Ensure the confidentiality and integrity of the information being accessed;
- Report any suspected information security violation or breach, and
- Complete all periodic mandatory security trainings in accordance with Mastercard's guidelines.
In line with Mastercard's total compensation philosophy and assuming that the job will be performed in the US, the successful candidate will be offered a competitive base salary based on location, experience and other qualifications for the role and may be eligible for an annual bonus or commissions depending on the role. Mastercard benefits for full time (and certain part time) employees generally include: insurance (including medical, prescription drug, dental, vision, disability, life insurance), flexible spending account and health savings account, paid leaves (including 16 weeks new parent leave, up to 20 paid days bereavement leave), 10 annual paid sick days, 10 or more annual paid vacation days based on level, 5 personal days, 10 annual paid U.S. observed holidays, 401k with a best-in-class company match, deferred compensation for eligible roles, fitness reimbursement or on-site fitness facilities, eligibility for tuition reimbursement, gender-inclusive benefits and many more.
Pay Ranges
O'Fallon, Missouri: $128,000 - $198,000 USD
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.