Manage certifications and assurance activities within the 1st Line Control Office, coordinating audits and evaluating compliance with security standards.
Our Purpose
Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we're helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.
Title and Summary
Manager, 1st Line Controls Testing, Certification and Assurance
Main purpose of the role
The newly established 1st Line Control Office function within Vocalink Limited (VLL) is seeking a Manager to join the Control Testing, Certification and Assurance team.
This role will be responsible for managing Certifications, Certification Audits, and other Assurance activities including conducting control testing to support the retention of VLL's certifications across multiple frameworks and the delivery of assurance obligations.
This position requires a broad understanding of security and technology control frameworks, with hands-on experience across standards such as: ISO 27001, ISO 22301, PCI DSS, PCI PIN, SWIFT CSP, ISAE 3000 etc. The successful candidate must have proven expertise in analysing and assessing control design, implementation and operating effectiveness against at least one of these standards, ensuring compliance and identifying gaps.
The role will also include coordinating and managing external audits to ensure smooth execution, therefore, experience of this is needed.
Key Responsibilities:• Certification and Assurance Responsibilities • Maintain certification and assurance related documentation.• Prepare the organisation for annual certification audits.• Support the assessment and validation of controls and processes against a variety of security standards and obligations. • Support the team in the management of VLL certifications, e.g. ISO27001 and PCI DSS.• Support the team in the management of other assurance activities, e.g. ISAE3000.• Conduct periodic testing of key and non-key controls in line with the Control Testing Methodology.• Evaluate compliance with internal policies, standards, regulatory requirements, and customer obligations.• Prepare and review control testing documentation, including test procedures, results, and identified gaps.• Ensure timely escalation of control deficiencies and support remediation tracking.• Create and quality assure reports and team outputs. • Team Leadership, Collaboration & Stakeholder Engagement• Supervise and mentor junior team members (e.g. Senior Analysts), providing guidance on certification requirements, assurance requirements, testing execution and quality assurance.• Support the Vice President and Director of Certification and Assurance in the development and maintenance of the annual Control Testing, Certification and Assurance plan. • Build and maintain strong partnerships with Control and Process Owners and Operators to ensure efficient and effective execution of certification maintenance and assurance activities.• Contribute to reporting for governance forums, including dashboards, thematic reviews, and trend analysis.• Governance & Continuous Improvement• Support the development and refinement of certification management, assurance/control testing processes, standards, tools, and methodologies.• Contribute to the maturity of the 3 Lines of Defence model and promote a culture of proactive risk management.• Stay informed on emerging risks, regulatory changes, certification changes and industry best practices with a focus on cybersecurity risks.
Knowledge, Skills and Expertise (technical / role specific)
1 Experience • Experience of working with security related control frameworks and standards (e.g. ISO27001, NIST, CRI, or PCI-DSS).• Experience of conducting security related audits/reviews and managing/coordinating external audits including certification audits.• Ability to assess control design and operating effectiveness in complex environments and to identify control gaps and improvement opportunities.• Experience of resolving certification and assurance issues.• Knowledge and experience of all areas of security.• Strong investigative and analytical experience (e.g. enquiry, scanning, analysis, interviewing, testing), problem-solving, and decision-making skills.• Experience collaborating cross-functionally to identify and implement good practice security audit management and assurance processes.• Excellent communication and stakeholder engagement skills.
2 Qualifications• Certifications such as ISO27001 Lead Auditor, CISA, CISM, CISSP, PCI SSC ISA, CRISC, or equivalent is desirable.
3 Preferred Skills & Attributes• Bachelor's degree in Computer Science, Cyber Security, Information Technology, or a related field.• Good Knowledge of security controls and IT general controls across a variety of technologies and environments.• Proficiency in Microsoft Office Suite (MS Word, MS Excel, MS Access and MS PowerPoint)• Strong organisational skills with the ability to prioritise and manage multiple tasks.• Self-starter with a continuous improvement mindset and a collaborative approach.• Experience creating presentations for business discussions and reporting.• Experience of Risk Management / GRC related technologies and toolsets. • Experience working in cross-functional large projects with dispersed teams.
Corporate Security Responsibility
All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:
Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we're helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.
Title and Summary
Manager, 1st Line Controls Testing, Certification and Assurance
Main purpose of the role
The newly established 1st Line Control Office function within Vocalink Limited (VLL) is seeking a Manager to join the Control Testing, Certification and Assurance team.
This role will be responsible for managing Certifications, Certification Audits, and other Assurance activities including conducting control testing to support the retention of VLL's certifications across multiple frameworks and the delivery of assurance obligations.
This position requires a broad understanding of security and technology control frameworks, with hands-on experience across standards such as: ISO 27001, ISO 22301, PCI DSS, PCI PIN, SWIFT CSP, ISAE 3000 etc. The successful candidate must have proven expertise in analysing and assessing control design, implementation and operating effectiveness against at least one of these standards, ensuring compliance and identifying gaps.
The role will also include coordinating and managing external audits to ensure smooth execution, therefore, experience of this is needed.
Key Responsibilities:• Certification and Assurance Responsibilities • Maintain certification and assurance related documentation.• Prepare the organisation for annual certification audits.• Support the assessment and validation of controls and processes against a variety of security standards and obligations. • Support the team in the management of VLL certifications, e.g. ISO27001 and PCI DSS.• Support the team in the management of other assurance activities, e.g. ISAE3000.• Conduct periodic testing of key and non-key controls in line with the Control Testing Methodology.• Evaluate compliance with internal policies, standards, regulatory requirements, and customer obligations.• Prepare and review control testing documentation, including test procedures, results, and identified gaps.• Ensure timely escalation of control deficiencies and support remediation tracking.• Create and quality assure reports and team outputs. • Team Leadership, Collaboration & Stakeholder Engagement• Supervise and mentor junior team members (e.g. Senior Analysts), providing guidance on certification requirements, assurance requirements, testing execution and quality assurance.• Support the Vice President and Director of Certification and Assurance in the development and maintenance of the annual Control Testing, Certification and Assurance plan. • Build and maintain strong partnerships with Control and Process Owners and Operators to ensure efficient and effective execution of certification maintenance and assurance activities.• Contribute to reporting for governance forums, including dashboards, thematic reviews, and trend analysis.• Governance & Continuous Improvement• Support the development and refinement of certification management, assurance/control testing processes, standards, tools, and methodologies.• Contribute to the maturity of the 3 Lines of Defence model and promote a culture of proactive risk management.• Stay informed on emerging risks, regulatory changes, certification changes and industry best practices with a focus on cybersecurity risks.
Knowledge, Skills and Expertise (technical / role specific)
1 Experience • Experience of working with security related control frameworks and standards (e.g. ISO27001, NIST, CRI, or PCI-DSS).• Experience of conducting security related audits/reviews and managing/coordinating external audits including certification audits.• Ability to assess control design and operating effectiveness in complex environments and to identify control gaps and improvement opportunities.• Experience of resolving certification and assurance issues.• Knowledge and experience of all areas of security.• Strong investigative and analytical experience (e.g. enquiry, scanning, analysis, interviewing, testing), problem-solving, and decision-making skills.• Experience collaborating cross-functionally to identify and implement good practice security audit management and assurance processes.• Excellent communication and stakeholder engagement skills.
2 Qualifications• Certifications such as ISO27001 Lead Auditor, CISA, CISM, CISSP, PCI SSC ISA, CRISC, or equivalent is desirable.
3 Preferred Skills & Attributes• Bachelor's degree in Computer Science, Cyber Security, Information Technology, or a related field.• Good Knowledge of security controls and IT general controls across a variety of technologies and environments.• Proficiency in Microsoft Office Suite (MS Word, MS Excel, MS Access and MS PowerPoint)• Strong organisational skills with the ability to prioritise and manage multiple tasks.• Self-starter with a continuous improvement mindset and a collaborative approach.• Experience creating presentations for business discussions and reporting.• Experience of Risk Management / GRC related technologies and toolsets. • Experience working in cross-functional large projects with dispersed teams.
Corporate Security Responsibility
All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:
- Abide by Mastercard's security policies and practices;
- Ensure the confidentiality and integrity of the information being accessed;
- Report any suspected information security violation or breach, and
- Complete all periodic mandatory security trainings in accordance with Mastercard's guidelines.
Top Skills
Isae 3000
Iso 22301
Iso 27001
Microsoft Office Suite
Pci Dss
Pci Pin
Swift Csp
Similar Jobs at Mastercard
Blockchain • Fintech • Payments • Consulting • Cryptocurrency • Cybersecurity • Quantum Computing
Lead development and implementation of an enterprise-wide fraud risk framework for MTS, manage fraud assessments, incidents, losses budget, fraud system selection, regulatory inventory, product fraud reviews, and industry outreach. Investigate crypto and cyber fraud, analyze external fraud patterns, and recommend controls to minimize losses.
Top Skills:
Blockchain,Cryptocurrency,Blockchain Analysis
Blockchain • Fintech • Payments • Consulting • Cryptocurrency • Cybersecurity • Quantum Computing
Lead enterprise strategy for Mastercard's Commercial and New Payment Flows. Partner with business leaders to design, prioritize, and execute cross-functional initiatives, develop go-to-market and product strategies for payments and money movement, manage cross-functional teams, and share insights with regional and divisional leadership to drive in-market delivery.
Blockchain • Fintech • Payments • Consulting • Cryptocurrency • Cybersecurity • Quantum Computing
The VP, Risk Management will lead a team overseeing risk management for Commercial & New Payment Flows, enhancing capabilities and driving strategic projects. Responsibilities include implementing risk frameworks, engaging stakeholders, and providing insights to senior leadership.
Top Skills:
Data AnalyticsRisk Management Frameworks
What you need to know about the Belfast Tech Scene
If asked to name the birthplace of the RMS Titanic, you might not say Belfast. Similarly, if asked to name Europe's leading destination for foreign direct investment in new software development, Belfast might not come to mind. Yet, both are true. The city has emerged as a tech powerhouse, recently ranked among the best in the U.K. for tech careers — especially for software developers. It also leads the U.K. with the highest percentage of software development jobs advertised.
