Lead - Security Monitoring and Response-R-247232

Our Purpose

Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart, and accessible. Our technology and innovation, partnerships, and networks combine to deliver a unique set of products and services that help people, businesses, and governments realize their greatest potential.

Title and Summary

Lead - Security Monitoring and Response

Lead Analyst responsible for the Third Party Supplier Resilience program within the Operational Resilience team, reporting to the Director of Business Continuity.

Who is Mastercard?

Mastercard is a global technology company in the payments industry. Our mission is to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart, and accessible. Using secure data and networks, partnerships, and passion, our innovations and solutions help individuals, financial institutions, governments, and businesses realize their greatest potential.

Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. With connections across more than 210 countries and territories, we are building a sustainable world that unlocks priceless possibilities for all.

Mission First, People Always

As Corporate Security, we are responsible for keeping Mastercard safe and secure from cyber and physical threats, and it is our people on the frontlines who make this happen every day.

By taking care of our people, their wellbeing, and career development, we provide them the necessary tools and environment to ensure the success of our mission.

Overview

Reports to the Director Business Continuity Resilience as a member of Mastercard’s Corporate Security Enterprise Resilience Team. Primarily responsible for supporting Supplier (Third Party) Resilience across Mastercard. This ‘hands-on’ execution role is expected to work independently while receiving support, processes, and procedures from a global Enterprise Resilience team at Mastercard. Some travel (including international) may be required.

Role:

1. Partner with the global Enterprise Resilience team to design and implement the Operational Resilience Supplier (Third Party) Resilience solution across Mastercard.
2. Embed Operational Resilience Supplier Resilience as a program within the organization, built off the foundation of the Enterprise Resilience Disciplines (Operational Resilience, Business Continuity, Crisis Management, Technical Recovery).
3. Partner with global Enterprise Resilience staff to understand resilience and to guide Supplier Resilience standardization where appropriate.
4. Have a high level of understanding and comprehension of global Operational Resilience Supplier Resilience regulation and guidelines.
5. Implement the Enterprise Resilience Supplier Resilience program structure to align with relevant certification standards (ISO, NIS2, NIST, ITIL, ITSM).
6. Partner with team members within the Resilience Planning (RP) function to support regulatory compliance for all jurisdictions in which this business entity operates.
7. Perform Critical Service (CS) Supplier Resilience identification and analysis in line with all appropriate regulatory expectations.
8. Assess (criticality) and clarify / confirm Impact Tolerance/ Maximum Tolerable Period of Disruption (MTPD) levels for those all Services deemed in scope.
9. Partner with appropriate Risk and other (Stakeholder Assurance / Regulatory Affairs) functions to ensure required attestations to regulators and other bodies are made in line with program framework and regulatory expectations.
10. Partner with and hold responsibility for other Supplier Resilience tasks such as Service Impact Analysis and risk assessment coordination, business continuity planning, and exercises while applying detailed Quality Assurance and support for your business partners.
11. Ensure Supplier Resilience capabilities of third parties are compliant with risk management mandates.
12. Perform as a Supplier Resilience subject matter expert to set up this entity with the proper construct and response model including plans and exercises (some with its’ strategic partners), while supporting the Crisis Management Team during crises.
13. Partner with the team’s technology recovery contact to ensure system impact analysis, recovery plans, and exercises are performed as designated by policy.
14. Train business partners on the program’s roles and responsibilities and ensure all staff within the entity are knowledgeable of our requirements.
15. Build key business relationships within the entity and become a trusted partner to further embed a Supplier Resilience Business Continuity culture.
16. Provide consultation to management and identify opportunities to implement process improvements.

Experience & Qualifications:

• Practitioner level knowledge of Supplier Resilience and the developing global regulatory landscape.
• Practitioner level knowledge of ITSM and ITIL standards.
• Practitioner level knowledge of Supplier Resilience End to End (E2E) exercising and testing (including Stressed and Non-Stressed Exit).
• Practitioner level of knowledge of Cyber Resilience.
• Practitioner level knowledge of Supplier Management Frameworks including but not limited to: Supplier Contracts, Service Levels, and the Regulatory requirements.
• Experience in impact analysis & risk assessment design and process.
• Experience in designing, facilitating, and reporting on complex, scenario-based Supplier Resilience exercises.
• Capable of executing or fully understanding technology recovery exercises; a technology background is advantageous.
• Demonstrable experience managing business continuity third-party risk processes.

Personal Qualities:

• Ability to influence key stakeholders.
• Confident decision maker and demonstrates task and objective ownership.
• Ability to drive consistent and repeatable results with limited supervision.
• Excellent oral and written communication and presentation skills.
• Strong Relationship Management at all levels.
• High attention to detail, accurate and consistent (on time) delivery.
• Ability to define and implement solutions based on strategic direction.
• Passion for personal development and learning.

#NM3Mastercard is a merit-based, inclusive, equal opportunity employer that considers applicants without regard to gender, gender identity, sexual orientation, race, ethnicity, disabled or veteran status, or any other characteristic protected by law. We hire the most qualified candidate for the role. In the US or Canada, if you require accommodations or assistance to complete the online application process or during the recruitment process, please contact reasonable_accommodation@mastercard.com and identify the type of accommodation or assistance you are requesting. Do not include any medical or health information in this email. The Reasonable Accommodations team will respond to your email promptly.

Corporate Security Responsibility

All activities involving access to Mastercard assets, information, and networks come with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:

• Abide by Mastercard’s security policies and practices;
• Ensure the confidentiality and integrity of the information being accessed;
• Report any suspected information security violation or breach, and
• Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.

In line with Mastercard’s total compensation philosophy and assuming that the job will be performed in the US, the successful candidate will be offered a competitive base salary based on location, experience, and other qualifications for the role and may be eligible for an annual bonus or commissions depending on the role. Mastercard benefits for full-time (and certain part-time) employees generally include: insurance (including medical, prescription drug, dental, vision, disability, life insurance), flexible spending account and health savings account, paid leaves (including 16 weeks new parent leave, up to 20 paid days bereavement leave), 10 annual paid sick days, 10 or more annual paid vacation days based on level, 5 personal days, 10 annual paid U.S. observed holidays, 401k with a best-in-class company match, deferred compensation for eligible roles, fitness reimbursement or on-site fitness facilities, eligibility for tuition reimbursement, gender-inclusive benefits, and many more.

Pay Ranges

Purchase, New York: $129,000 - $215,000 USD