Director, Controls & Issue Advisory

Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.

Director, Controls & Issue Advisory Director, Controls and Issues Advisory, Controls Office

This is an exciting opportunity to build and lead the Controls and Issues Advisory team within the Vocalink Controls Office function. The Director, Controls and Issues Advisory role within the Controls Office leads the team that will ensure Vocalink Limited’s operations are compliant with relevant policies, procedures and regulations, while also identifying and addressing any control weakness or issues. This involves overseeing a team of colleagues who will be responsible for assessing and supporting the implementation of controls, monitoring their effectiveness and providing recommendations for improvement. The team is dedicated to ensuring that Vocalink’s services remains robust, secure, and seamless for 60+million citizens every day – in numbers, that is 11 billion transactions every year with a value of over £6 trillion. We are seeking an experienced and talented risk and controls leader to manage the continuous improvement of controls robustness, and to support the delivery of actions that are required to remediate identified issues. The successful candidate is likely to have an understanding of key technology risk and information security related industry frameworks and supporting guidelines (e.g. ISO/IEC27001 and ISO/IEC27002, COBIT, ITIL, NIST). The Vocalink Director, Controls and Issues Advisory reports to the Head of Controls Office at Vocalink Limited.

• Lead the team’s approach to analysing existing controls, identifying gaps and providing control and issue advice to 1LOD functions in line with Vocalink Limited’s Enterprise Risk Management Framework
• Review new and amended controls and issues to ensure fitness for purpose ahead of them being implemented, in line with agreed processes
• Drive the Controls Issue and Advisory team to deliver proactive support and constructive challenge to 1st line teams, to promote continuous improvement on controls and issues
• Support the implementation of applicable procedures to enable effective 1LOD adoption of Vocalink’s control and Issue management policies and processes
• Manage and maintain the focused Controls Library domain(L1-L3) on behalf of Vocalink
• Complete control effectiveness assessments to provide continuous assurance
• Provide issues triage, track and monitor issues management (including internal / external audits) and undertake closure validation
• Recommend and support the implementation of improvements to the control environment, including exploring control and control testing automation
• Develop and maintain strong, collaborative working relationships with stakeholders at all levels of the organisational hierarchy (function, entity and group)
• Develop and implement strategies to enhance the management of issues and controls across all first line teams
• Participate in Risk and Control Self-Assessment (RCSA) processes to ensure required actions on controls and issues are identified and progressed
• Work with 2nd line risk teams to collaboratively deliver continuous improvement across 1st line teams
• Support the Head of Controls Office: Drive delivery of priorities requiring supports as required and deputise as appropriate, including in key senior committees (e.g. those related to operational resilience and corporate security)

Essential

• A proven record of success as a risk and controls leader in a risk partnering or similar capacity
• Significant experience in applying operational risk frameworks and risk assessment methodologies
• A detailed understanding of internal controls frameworks
• Experience of managing or playing a leading role in the RCSA process, ideally in a banking, financial services, IT or payments context
• Experience of working with any of the following disciplines, not necessarily in a financial services environment: Technology (e.g. Hardware and Software engineering), Operations (e.g. incident, change and problem management), Information Security (e.g. SOC, vulnerability mgmt. etc), or Operational Resilience (e.g. Third-party management, scenario analysis etc)
• Excellent written and verbal communication skills
• The ability to engage, influence and challenge stakeholders at all levels of an organisation, highly effectively
• Strong analytical, reporting and presentation skills
• Ability to motivate, inspire and lead people effectively, both to deliver BAU and change
• Able to effectively prioritise the team’s workload
• Ability to remain calm and focused when working under pressure
• A proven record of driving robust and timely delivery of activities

Desirable

• An understanding of key technology risk and information security related industry frameworks and supporting guidelines (e.g. ISO/IEC27001 and ISO/IEC27002, COBIT, ITIL, NIST) is highly desirable
• Experience of working across various lines of defence
• Experienced across the key pillars of the Controls Office – Controls Governance, Controls Management, Controls Testing, Assurance, and Issues Management, preferably in a regulated firm
• Experience within Critical National Infrastructure responsible organisations

All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:

• Abide by Mastercard’s security policies and practices
• Ensure the confidentiality and integrity of the information being accessed
• Report any suspected information security violation or breach, and
• Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines