MasterCard Senior Information Security Engineer in London, United Kingdom
We work to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments and businesses realize their greatest potential. Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. We cultivate a culture of inclusion (https://www.mastercard.us/en-us/vision/who-we-are/diversity-inclusion.html) for all employees that respects their individual strengths, views, and experiences. We believe that our differences enable us to be a better team – one that makes better decisions, drives innovation and delivers better business results.
Senior Information Security Engineer
Who is Mastercard?
Mastercard is a global technology company in the payments industry. Our mission is to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart, and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments, and businesses realize their greatest potential.
Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. With connections across more than 210 countries and territories, we are building a sustainable world that unlocks priceless possibilities for all.
Provide consulting advice to product and development teams to integrate adequate security controls for web applications, web services and mobile applications.
Ensure information security requirements are effectively integrated into technology products, applications, and systems.
Define and assist with best practices for secure design, secure coding, secure development and secure configuration of Mastercard's information systems.
Mature Mastercard's development processes so that security continues to be a core component for all development staff, throughout the development lifecycle.
Perform risk-based analysis for multiple security processes related to product development and implementation.
Review current security posture to identify areas of weaknesses or potential security risks. Propose security controls to remediate identified gaps, while facilitating smooth ongoing operations and processes.
Provide technical design and architecture advice to internal teams on how to securely develop and build applications and supporting systems.
Define secure mechanisms for critical business functions hosted on-prem or cloud environments.
Work closely with developers to evaluate business requests and proposed designs to determine feasibility; work with software development teams to define alternatives and recommend optimal solutions to meet security and regulatory requirements in the design of new/enhanced systems.
Define security requirements and guidelines to ensure repeatable processes are followed by worldwide teams.
Assist in the strategy, standards, and architecture for the security aspects of the SDLC including application, mobile, web service and cloud.
Provide security advice in cryptography, including several of the following: encryption, hashing, key management, digital certificates, TLS.
Maintain effective working relationships with a variety of internal Mastercard stakeholders, including business owners, end-users, customers, project managers, engineers, and senior management.
All About You
The ideal candidate for this position will have:
Strong understanding of information security, risk and data privacy including relevant practical experience.
Demonstrate a broad awareness of security operations concepts and practices across all phases of the software development lifecycle.
Experience providing security advice for web-based network environments and secure communication, including mobile applications, web applications and web services.
Demonstrate technical competency in security engineering based on hands-on experience or relevant qualifications.
Knowledge of relevant industry standards and guidelines such as ISO27001, PCI-DSS, NIST SP800-53, COBIT.
Knowledge and some experience in the practical application of cryptography to protect data and communications, e.g., encryption, hashing, key management, digital certificates, TLS.
Demonstrate the ability to articulate and communicate effectively to diverse audiences and properly translates security and risk management terminology into business terms, and recommends alternative solutions to these stakeholders.
Knowledge of challenges of deploying cloud services securely.
Strong verbal and written communication skills, with ability to communicate clearly in a multi stakeholder environment.
In many locations, we’ve implemented a virtual hiring process and continue to interview candidates by video or phone. In addition, in our NYC offices, as required by law, only individuals who have been fully vaccinated against COVID-19 will be permitted inside Mastercard offices unless a reasonable accommodation has been approved in advance.
Corporate Security Responsibility
All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:
Abide by Mastercard’s security policies and practices;
Ensure the confidentiality and integrity of the information being accessed;
Report any suspected information security violation or breach, and
Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.
Requisition ID: R-165383