Our Purpose

Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.

Title and Summary

Director, Technology Risk Management

The mission of the PCI program at Mastercard is to protect our security posture. The PCI team ensures that all of our applications and platforms that involve payments and payment data are PCI compliant and certified to PCI- DSS (Data Security Standards) as well as other PCI standards where applicable.
We are looking for someone to join our team to help us drive and meet these compliance goals. This person will be a technically savvy person who likes to solve issues and drive outcomes.

Responsibilities include:
•\tSupport the development of efficiencies that new work-flow processes to ensure scalability and sustainability of the program
•\tPartner with other MasterCard standard and compliance initiatives such as ISO, SOC1 to ensure consistency, cross standard efficiencies
•\tSupport external Audits such as FBA, Bank of India, GBLA, SWIFT
•\tWork on day to day management of internal PCI Program processes and standard operating procedures
•\tLead certification efforts that are not DSS: PIN, 3DS, TSP, P2PE etc.
•\tRepresenting PCI in long term technical projects that were identified through the PCI process to ensure compliance with standards e.g. Mainframe encryption
•\tCommunicate security risks and gaps as related to or identified by PCI to stakeholders and executive management
•\tDrive the identification of thematic and enterprise issues and provide visibility in appropriate forums
•\tDevelop and manage key metrics
•\tProvide PCI guidance on inquiries for new products and technologies

Knowledge of:
•\tPCI standards and requirements
•\tLatest information security protocols and standards
•\tMastercard environments—physical and cloud
•\tSecurity controls, especially those that impact PCI (encryption, access, vulnerability testing etc.)
•\tSecurity prevention and detection systems and other security event management systems
•\tData structures and classifications

Ability to:
•\tReview security architecture of applications and determine PCI relevance
•\tEmploy strong research skills and problem-solving skills
•\tApply PCI standards to new and existing technologies
•\tIdentify and evaluate security gaps
•\tCommunicate business risk to stakeholders
•\tUnderstand security findings (scanning/Pen test) and assess remediation strategies
•\tEvaluate compensating controls
•\tConduct or facilitate meaningful meetings
•\tWork in slightly chaotic, rapidly growing environment
•\tMust have the ability to confidently and quickly make a decision is the hustle-bustle environment
•\tWork both independently and as part of a very cohesive team

Mastercard is a merit-based, inclusive, equal opportunity employer that considers applicants without regard to gender, gender identity, sexual orientation, race, ethnicity, disabled or veteran status, or any other characteristic protected by law. We hire the most qualified candidate for the role. In the US or Canada, if you require accommodations or assistance to complete the online application process or during the recruitment process, please contact reasonable_accommodation@mastercard.com and identify the type of accommodation or assistance you are requesting. Do not include any medical or health information in this email. The Reasonable Accommodations team will respond to your email promptly.

Corporate Security Responsibility

All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:

Abide by Mastercard’s security policies and practices;

Ensure the confidentiality and integrity of the information being accessed;

Report any suspected information security violation or breach, and

Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.

In line with Mastercard’s total compensation philosophy and assuming that the job will be performed in the US, the successful candidate will be offered a competitive base salary and may be eligible for an annual bonus or commissions depending on the role. The base salary offered may vary depending on multiple factors, including but not limited to location, job-related knowledge, skills, and experience. Mastercard benefits for full time (and certain part time) employees generally include: insurance (including medical, prescription drug, dental, vision, disability, life insurance); flexible spending account and health savings account; paid leaves (including 16 weeks of new parent leave and up to 20 days of bereavement leave); 80 hours of Paid Sick and Safe Time, 25 days of vacation time and 5 personal days, pro-rated based on date of hire; 10 annual paid U.S. observed holidays; 401k with a best-in-class company match; deferred compensation for eligible roles; fitness reimbursement or on-site fitness facilities; eligibility for tuition reimbursement; and many more.

Pay Ranges

O'Fallon, Missouri: $128,000 - $198,000 USD