Lead Information Security Consultant

Our Purpose

Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re helping build asustainableeconomy where everyone can prosper. We support a wide range of digital payments choices, making transactionssecure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.

Mastercard are looking for a Lead Information Security Consultant based in either London, Dunstable or Harrogate. This is an exciting position within Vocalink which is building strategic products that are used across the organization. The successful candidate will strongly influence the security of products within Mastercard and work with many stakeholders to ensure security is built-in to our services.

• Deliver a quality service within the enterprise.
• Contribute to maturing the Security Consultancy team; building skills, improving consistency and allowing scalability.
• Guide product and business teams on security best practices, and Corporate Security policies and procedures to ensure secure products are developed.
• Provide assurance that products are developed and deployed with the right balance of security to protect against threats to the business, built upon reliable processes and procedures.
• Develop and improve security standards and frameworks to meet the future needs of Mastercard.

• Strong security mindset and knowledge of current best practices, common exploits and threat landscape.
• Broad security experience across a range of disciplines with demonstrable experience of implementing technology or business process solutions across software development, architecture, network security, assurance testing.
• Natural ability to negotiate with business to balance risk and security requirements with business opportunity, while ensuring ongoing compliance and regulatory needs.
• The ability to work with teams and manage expectations while building strong business relationships.
• Confident in providing technical guidance to team members for complex decisions including cryptography, network design, application security, data protection, identity and access management etc.
• Experience of security governance frameworks as well as producing required security outputs, including documentation and threat models over the course of projects to meet deadlines.
• Experience working with a range of security standards, such as ISO27001, NIST SP800-53, PCI-DSS etc.
• Motivated self-starter with agility, ability to manage ambiguity, deal with and anticipate change, while still meeting business objectives.
• Organisation of security assurance testing, using third party vendors.
• Natural ability to negotiate with business to balance risk with business opportunity, while ensuring ongoing compliance and regulatory needs.
• Proactive approach to helping develop the maturity of the security team’s capabilities.

• Relevant security certifications (CISSP, CISM, CSSLP, CISA).
• Experience of threat modelling and security risk assessment.
• Experience of Privileged Access Management, Secrets Management, PKI, Cryptography or Security Logging.
• Experienced in the use of JIRA/Confluence.

Every person working for, or on behalf of, Mastercard is responsible for information security. All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and therefore, it is expected that the successful candidate for this position must:

• Abide by Mastercard’s security policies and practices;
• Ensure the confidentiality and integrity of the information being accessed;
• Report any suspected information security violation or breach, and
• Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.