1st Line Security Controls Testing Manager

Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.

1st Line Security Controls Testing Manager Main Purpose of role:

The newly created Vocalink Control Office function is seeking a Manager within the 1st Line Control Testing team to support the delivery of control testing activities across Security control domains, within Vocalink Limited (VLL). VLL is a Bank of England regulated, Critical National Infrastructure (CNI) company that enables the payments of 90% of salaries, 70% of utility bills, most ATM transactions and every cheque cleared in the UK.

This role plays a key part in embedding a strong control environment by executing control testing, identifying control gaps, and supporting continuous improvement in risk management practices.

• Conduct periodic testing of key and non-key controls in line with the Control Testing Methodology.
• Evaluate compliance with internal policies, standards, regulatory requirements, and customer obligations.
• Prepare and review control testing documentation, including test procedures, results, and identified gaps.
• Ensure timely escalation of control deficiencies and support remediation tracking.

• Supervise and mentor junior team members (Senior Analysts), providing guidance on testing execution and quality assurance.
• Support the Director of Control Testing in delivering the annual testing plan and contributing to team development.
• Engage with 1st Line teams while coordinating closely with 2nd Line Security partners and maintaining effective liaison with Internal Audit.
• Contribute to reporting for governance forums, including dashboards, thematic reviews, and trend analysis.
• Partner with control owners, providing guidance on control effectiveness and remediation.

• Support the development and refinement of control testing standards, tools, and methodologies.
• Contribute to the maturity of the 3 Lines of Defence model and promote a culture of proactive risk management.
• Stay informed on emerging risks, regulatory changes, and industry best practices with a focus on cybersecurity risks.

• Experience in control testing, or assurance, and risk management within security in a regulated environment.
• Strong investigative and analytical experience (e.g. enquiry, scanning, analysis, interviewing, testing), problem-solving, and decision‑making skills.
• Strong understanding of control frameworks and standards (e.g., NIST, CRI, ISO and PCI‑DSS).
• Ability to assess control design and operating effectiveness in complex environments and to identify control gaps and improvement opportunities.
• Excellent communication and stakeholder engagement skills.
• Professional certifications such as CISA, CISM, CISSP, CRISC, ISO 27001 or equivalent is desirable.

• Bachelor’s degree in Computer Science, Cyber Security, Information Technology, or related field.
• Good Knowledge of security controls and IT general controls across platforms such as UNIX, HP Nonstop, and Windows.
• Understanding of software development lifecycle (SDLC), DevOps, and cloud technologies.
• Proficiency in data analytics tools such as ACL or similar control testing tools.
• Proficiency in Microsoft Office Suite (MS Word, MS Excel, MS Access and MS PowerPoint).
• Strong organisational skills with the ability to prioritise and manage multiple tasks.
• Self-starter with a continuous improvement mindset and a collaborative approach.

• Abide by Mastercard’s security policies and practices;
• Ensure the confidentiality and integrity of the information being accessed;
• Report any suspected information security violation or breach, and
• Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.