Certification and Assurance - Senior Security/Technology Risk Analyst

Our Purpose Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.

Main purpose of the role: The Vocalink Control Office function is seeking a Senior Technology Risk Analyst with Information Security knowledge and experience to support the Certification and Assurance team within Vocalink Limited. The role will be responsible for supporting Certifications, Certification Audits, and Assurance activities to support the retention of Vocalink Limited’s certifications and the delivery of assurance requirements including conducting control testing. The role requires an understanding of security and technology controls and frameworks, including working with a variety of standards, e.g. ISO27001, ISO22301, PCI DSS, PCI PIN, Swift, ISAE3000, etc. The applicant must have experience with at least one security standard and a proven ability to analyse or implement information security controls to ensure their design, implementation and operating effectiveness meet the requirements of the standard.

Key Responsibilities

• Support the preparation for annual certification audits.
• Support the assessment and validation of controls and processes against a variety of security standards and obligations.
• Assist in managing certifications (e.g., ISO27001, PCI DSS) and assurance activities (e.g., ISAE3000).
• Evaluate compliance with internal policies, standards, regulatory requirements, and customer obligations.
• Prepare clear and accurate control testing documentation, including test procedures, results, and supporting evidence.
• Support periodic testing of controls in line with a Control Testing Methodology.
• Timely collection of control testing evidence from relevant Control Owners to support scheduled testing activities.
• Identify and document control deficiencies, ensuring timely escalation to the Manager and support remediation follow-up activities.

Team Leadership, Collaboration and Stakeholder Engagement

• Support the team Director in delivering the Certification and Assurance plan.
• Maintain close working relationships with Control and Process Owners and Operators to operate certificate maintenance and assurance activities efficiently and effectively.
• Work closely with 1st Line teams to obtain evidence, clarify processes, and ensure accurate testing outcomes.
• Liaise with 2nd Line Security partners and Internal Audit as directed, ensuring transparency and alignment with control testing activities.
• Contribute to the preparation of management information, dashboards, and thematic analysis for governance forums.
• Support control owners by providing observations on control effectiveness and contributing to discussions on remediation approaches.

Governance and Continuous Improvement

• Support the development of certification management, assurance activities and control testing processes, standards, tools, and methodologies.
• Adhere to established control testing standards, procedures, and documentation requirements.
• Provide input on opportunities to streamline testing activities, improve efficiency, and enhance the consistency of outcomes.
• Contribute to the maturity of the 3 Lines of Defence model and promote a culture of proactive risk management.
• Stay informed on emerging risks, regulatory changes, certification changes and industry best practices with a focus on cybersecurity risks.

Knowledge, Skills and Expertise (technical / role specific)

• Experience of conducting security related audits/reviews.
• Knowledge and experience of all areas of security.
• Experience in control testing or assurance within security in a regulated environment.
• Experience operating good practice security audit management and assurance processes.
• Good investigative and analytical experience (e.g. enquiry, scanning, analysis, interviewing, testing), problem-solving, and decision-making skills.
• Experience of working with control frameworks and standards (e.g. ISO27001, NIST, CRI, or PCI-DSS).
• Ability to assess control design and operating effectiveness in complex environments and to identify control gaps and improvement opportunities.
• Good communication and stakeholder engagement skills.

Qualifications

• Professional certifications such as CISA, CISM, CISSP, PCI SSC ISA, CRISC, or equivalent is desirable.

Preferred Skills & Attributes

• Bachelor’s degree in Computer Science, Cyber Security, Information Technology, or a related field.
• Good Knowledge of security controls and IT general controls across a variety of platforms and environments.
• Knowledge of security related control frameworks and standards.
• Proficiency in Microsoft Office Suite (MS Word, MS Excel, MS Access and MS PowerPoint).
• Strong organisational skills with the ability to prioritise and manage multiple tasks.
• Self-starter with a continuous improvement mindset and a collaborative approach.

Corporate Security Responsibility

• Abide by Mastercard’s security policies and practices.
• Ensure the confidentiality and integrity of the information being accessed.
• Report any suspected information security violation or breach.
• Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.