MasterCard Lead Security Consultant in Dunstable, United Kingdom
We work to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments and businesses realize their greatest potential. Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. We cultivate a culture of inclusion (https://www.mastercard.us/en-us/vision/who-we-are/diversity-inclusion.html) for all employees that respects their individual strengths, views, and experiences. We believe that our differences enable us to be a better team – one that makes better decisions, drives innovation and delivers better business results.
Lead Security Consultant
• Provide consulting advice to product and development teams to integrate adequate security controls for web applications, web services and mobile applications.
• Ensure information security requirements are effectively integrated into technology products, applications, and systems.
• Define and assist with best practices for secure design, secure coding, secure development and secure configuration of Mastercard's information systems.
• Mature Mastercard's development processes so that security continues to be a core component for all development staff, throughout the development lifecycle.
• Perform risk-based analysis for multiple security processes related to product development and implementation.
• Review current security posture to identify areas of weaknesses or potential security risks. Propose security controls to remediate identified gaps, while facilitating smooth ongoing operations and processes.
• Provide technical design and architecture advice to internal teams on how to securely develop and build applications and supporting systems.
• Define secure mechanisms for critical business functions hosted on-prem or cloud environments.
• Work closely with developers to evaluate business requests and proposed designs to determine feasibility; work with software development teams to define alternatives and recommend optimal solutions to meet security and regulatory requirements in the design of new/enhanced systems.
• Define security requirements and guidelines to ensure repeatable processes are followed by worldwide teams.
• Assist in the strategy, standards, and architecture for the security aspects of the SDLC including application, mobile, web service and cloud.
• Provide security advice in cryptography, including several of the following: encryption, hashing, key management, digital certificates, TLS.
• Maintain effective working relationships with a variety of internal Mastercard stakeholders, including business owners, end-users, customers, project managers, engineers, and senior management.
All About You
• Strong understanding of information security, risk and data privacy including relevant practical experience.
• Demonstrate a broad awareness of security operations concepts and practices across all phases of the software development lifecycle.
• Experience providing security advice for web-based network environments and secure communication, including mobile applications, web applications and web services.
• Demonstrate technical competency in security engineering based on hands-on experience or relevant qualifications.
• Knowledge of relevant industry standards and guidelines such as ISO27001, PCI-DSS, NIST SP800-53, COBIT.
• Knowledge and some experience in the practical application of cryptography to protect data and communications, e.g., encryption, hashing, key management, digital certificates, TLS.
• Demonstrate the ability to articulate and communicate effectively to diverse audiences and properly translates security and risk management terminology into business terms, and recommends alternative solutions to these stakeholders.
• Knowledge of challenges of deploying cloud services securely.
• Strong verbal and written communication skills, with ability to communicate clearly in a multi stakeholder environment.
We value the safety of each member of our community because we know we’re all in this together. In many locations, which may change over time, we’ve implemented a virtual hiring process and continue to interview candidates by video or phone. In addition, in some locations, only individuals who have been fully vaccinated will be permitted inside Mastercard offices until further notice.
In the US, Mastercard is a government contractor, which may legally require most Mastercard employees to be vaccinated unless a verified approved medical or religious exemption is granted. Further, we are currently making every effort towards having employees return to work in the office 2 days per week, if that makes sense for their team. Everyone must be vaccinated to enter Mastercard offices at this time. Therefore, we expect all candidates to be vaccinated or to be approved for a medical or religious accommodation prior to commencing work at Mastercard.
Corporate Security Responsibility
All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:
Abide by Mastercard’s security policies and practices;
Ensure the confidentiality and integrity of the information being accessed;
Report any suspected information security violation or breach, and
Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.
Requisition ID: R-153280