MasterCard DevSecOps Manager in London, United Kingdom
We work to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments and businesses realize their greatest potential. Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. We cultivate a culture of inclusion (https://www.mastercard.us/en-us/vision/who-we-are/diversity-inclusion.html) for all employees that respects their individual strengths, views, and experiences. We believe that our differences enable us to be a better team – one that makes better decisions, drives innovation and delivers better business results.
The DevSecOps Manager leads a DevSecOps engineering function that focuses on the security of platforms and products through the design, build and operational lifecycle.
The role requires a focus across all components within the system to ensure continued adherence to security standards / best practices.
The role also requires thought leadership and an ability to drive initiatives that continually improve our security, efficiency, agility, performance, and operational excellence through automation and direct engagement with teams.
• Responsible for strategic planning and implementing the security roadmap. Review all product and platform designs, provide security requirements and act as a sign off point to ensure optimised security posture.
• Responsible for vulnerability management and reporting across platform and products
• Responsible for deploying controls for cloud-based platforms to prevent abuse, ensure compliance, reduce costs and enhanced operations
• Work closely with the product and platform delivery teams to ensure guardrails are well defined and are being followed to maintain a DevSecOps mindset throughout the development process.
• Define security standards and best practices ensuring a Zero trust approach is maintained.
• Review product and platform code to ensure best practices are followed. Review audit and security test results providing direction to local teams
• Develop and optimise automation systems for the business for cloud or on-premises systems so defences can evolve with emerging cyber threats
• Ensures all environments remain compliant and meet operational targets
• Define processes to manage incidents and breaches, working with local teams to manage any incidents
• Defining testing strategies and frameworks. Assess the security, quality, compliance of products, toolsets and processes.
• Perform risk management. Document all product/platform security threats and quantify the risk associated. Determining risk tolerance and conducting risk/benefit analysis
• Drive continual improvement within the team - across internal systems, vendor product usage, and ways of working
• Manages a team, conducts goal setting and performance appraisal processes, mentors and coaches top talent within own team.
• Detailed experience working to secure platforms and products working across design, development and the operations to ensure security best practices are applied.
• Experience leading a major work stream or multiple smaller work streams for a large platform initiative, often providing technical guidance and advice to ensure consistent deployment of solutions
• Experience setting priorities, objectives, and driving deliverables within global technology domains and sub-domains
• Experience engaging with the broader technical community to anticipate developments in innovation, often evaluating new solutions and recommending future business platform system requirements
• Experience performing process improvements and automation activities for operational and financial value, applying tools and technologies
• Successfully served as a go-to-person to resolve and prevent security issues, deriving impactful solutions.
• Experience partnering with internal customers across development verticals to support project completion, performing platform system initiatives and provide technical advice to the project team
• Experience creating and delivering presentations for internal learning, training events, and/or business discussions
Technical and Professional Skills:-
• Security Standards & best practices – Advanced
• Operational Security – Advanced
• Security tooling and automation – Advanced
• Cloud Services (AWS & Azure) – Advanced
• Kubernetes – Advanced
• DevOps Tooling (Terraform, Ansible, Git, Azure DevOps, Jenkins) – Advanced
• Automation and exposure to scripting (Python, Bash) – Advanced
• Logging and Monitoring - Intermediate
• Infrastructure & Network awareness – Advanced
• Unix / Linux – Advanced
• Backup technologies – Intermediate
• Previous experience implementing large scale data centre, infrastructure and platform solutions - Intermediate
• Innovation & thought leadership - Advanced
• Agile methodology awareness (Scrum/Kanban) – Advanced
• People leadership – Advanced
• Business acumen – Advanced
• Commercial focus – Advanced
Corporate Security Responsibility
All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:
Abide by Mastercard’s security policies and practices;
Ensure the confidentiality and integrity of the information being accessed;
Report any suspected information security violation or breach, and
Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.
Everyone wants easier ways to pay;
we invent them.
Checkout lines are slow;
we speed them along.
Merchants want more sales;
we give them data and insights.
People need financial access;
we connect them.
Corporate purchasing is complicated;
we make it simple.
Commuters are busy;
we speed them on their way.
Governments need greater efficiencies;
we help create them.
Small businesses are virtual;
we give them access to a world of buyers.
Retailers want to fight fraud;
we provide the tools.
Requisition ID: R-184767