MasterCard Director, Information Security Operations in London, United Kingdom
We work to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments and businesses realize their greatest potential. Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. We cultivate a culture of inclusion (https://www.mastercard.us/en-us/vision/who-we-are/diversity-inclusion.html) for all employees that respects their individual strengths, views, and experiences. We believe that our differences enable us to be a better team – one that makes better decisions, drives innovation and delivers better business results.
Director, Information Security Operations
Who is Mastercard?
Mastercard is a global technology company in the payments industry. Our mission is to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart, and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments, and businesses realize their greatest potential.
Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. With connections across more than 210 countries and territories, we are building a sustainable world that unlocks priceless possibilities for all.
The Mastercard RTP Cyber Security team is looking for a Protective Security Officer. Your responsibility will be to drive, operationalise and report on all matters relating to Protective Security to help ensure the organisation mitigate security risks and maintain compliance with the act.
The Swedish Protective Security Act is a security law that aims to protect critical activities, assets, and infrastructure against espionage, cyberattacks, sabotage, terrorism, and other threats. The Act covers any organization conducting "security-sensitive activities that are critical to Sweden’s national infrastructure.
• Lead, drive and control the activities for proactive and systematic protective security.
• Managing the day-to-day delivery of the Corporate Security plan, addressing any conflicts, prioritization and rescheduling of activities and/or milestones and escalations to the RTP Business Security Officer.
• Develop a strong understanding of the cross border services and applications to provide appropriate security decisions and advice.
• Providing security support for customer meetings.
• Delivering/ reporting of compliance metrics and tracking key remediation/improvement of security to ensure they are delivering to the contractual obligations.
• Lead complex compliance testing across the organisation periodically as agreed with regulators & customer.
• Lead complex remediation/improvement activities across the organisation.
• Apply technical capabilities within own discipline and use expert knowledge to support the delivery team solve and evolve implementation solutions.
• Liaise with business leaders to proactively identify the Security impact of implementations across the organization.
• Liaise among the information security team and corporate compliance, audit, legal and HR management teams as required.
• Ensure ongoing compliance to Protective Security Instructions as they pertain to the Swedish Protective Security Act. Lead regular stakeholder meetings to facilitate open, efficient communication. Lead technical collaboration with other teams. Assist in security Metrics and Maturity – Provide and track Dashboard / Reports as per defined parameters
All About You
In this role you will need to be able to do, and have experience of, the following:
• Ability to improve efficiency through both process and technical enhancements.
• Experience reviewing compliance evidence and communicating findings to owners.
• Knowledge of global Security and reporting standards such as NIST, CRI, IOSCO, PCI, ISO and MITRE.
• Knowledge of Swedish Financial Supervisory Authority (SFSA) and Swedish Protective Security Act beneficial.
• Strategic mind-set supported by ability to deliver in a complex technical environment.
• Managing complex cross-functional projects, teams or committees.
• Collaborating cross-functionally to identify and implement best practice Security, across all aspects of Security.
• Working with industry and regulatory frameworks and standards.
• Relevant years of experience with protective security in regulated industries i.e. Finance, Government Agency, ISP or Energy advantageous.
• At least 3 years of ISO/IEC 27001 audit or implementation experience.
• Proven track record in planning, designing and implementing an ISMS as well as leading the operations and management thereof.
• Supporting the corporate risk function where appropriate and ensure that it is aligned with the ISMS.
• A bachelor or master’s degree, and/or certifications such as ISO27001 LA/LI, CISSP, CPP, CISA, CISM, CRISC
• Relevant background, from risk, security and law enforcement, legal or similar education and experience advantageous. Competencies within security protective security, physical security, personnel security and information security advantageous.
• Fluency in Swedish beneficial.
In many locations, we’ve implemented a virtual hiring process and continue to interview candidates by video or phone. In addition, in our NYC offices, as required by law, only individuals who have been fully vaccinated against COVID-19 will be permitted inside Mastercard offices unless a reasonable accommodation has been approved in advance.
Corporate Security Responsibility
All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:
Abide by Mastercard’s security policies and practices;
Ensure the confidentiality and integrity of the information being accessed;
Report any suspected information security violation or breach, and
Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.
Requisition ID: R-169200