Director IT Auditor - Cyber Security SME (10 month FTC)

Our Purpose Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart, and accessible. Our technology and innovation, partnerships, and networks combine to deliver a unique set of products and services that help people, businesses, and governments realize their greatest potential.

Overview: Do you thrive in a fast-paced environment where both attention to detail and big picture focus are equally and critically important? Are you eager to understand Mastercard’s global business and provide senior management with insight and perspective on governance, risk management, and internal controls? Have you been successful as part of a global team with diverse skills and experiences? Mastercard’s global Internal Audit team provides independent and objective assurance and advisory services to assess and enhance the effectiveness and efficiency of Mastercard’s governance, risk management, and internal control processes. This position will be responsible for leading and/or providing day-to-day support with risk assessment and IT audit and advisory projects.

Role:

• Review cyber related technical projects and provide challenge to ensure key risks are mitigated and compensating controls are implemented.
• Identify cyber security control gaps and process improvement opportunities, and evaluate compliance with operational, legal, regulatory, and IT policies and procedures.
• Develop and communicate meaningful, value-added cyber security related audit findings and reports that provide clarity to, and stimulate action from, senior management.
• Consult with management in determining action items required for resolution of control issues, working directly with senior management as necessary.
• Track and monitor management action plans to ensure sustainable resolution of control gaps.
• Provide risk and control advice and education for the benefit of the organization, be a champion and advocate for strong risk management and governance controls, and partner with other control functions to strengthen our three lines of defence model.
• Work with colleagues located both locally and in various offices around the world.

All About You:

• A deep knowledge of cyber security risks including multiple years of experience implementing/challenging cyber security controls.
• Ability to quickly understand and critically analyze complex IT processes, identify and assess potential risks, and determine whether those risks are appropriately mitigated (using various techniques, such as problem solving, root cause, and data analysis).
• Demonstrated experience in, and commitment to, the fields of internal/external IT audit, through work experience, or experience working in operations, or IT within a major global organization with a focus on risk management.
• Bachelor's degree with concentration in information systems, information technology, computer science or engineering. Technology certifications desirable (e.g. CISSP, CISA).
• Excellent interpersonal communication skills, both written and verbal.
• Intellectually curious, self-motivated, passionate, works well both independently and as part of a team.
• Committed to self-development; encourages constructive criticism, and seeks opportunities to capitalize on demonstrated strengths and to identify and address development areas.
• Able to deliver high-quality work, within budget and on time.
• Ability to travel up to 10%.

Knowledge/Experience (preferred):

• Strong knowledge of Cyber security, IT general computer controls and related operations, including UNIX, HP Nonstop and Windows environments.
• Strong understanding of IT security practices, PCI DSS compliance, and ISO 27001 standards.
• Understanding of software engineering concepts and methodologies.
• Sound understanding of the Standards for Professional Practice of Internal Audit of the Institute of Internal Auditors, auditing procedures and techniques.
• Proficient with data analytics, MS Word, MS Excel, MS Access, ACL or similar audit tool.

Corporate Security Responsibility: All activities involving access to Mastercard assets, information, and networks come with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:

• Abide by Mastercard’s security policies and practices;
• Ensure the confidentiality and integrity of the information being accessed;
• Report any suspected information security violation or breach;
• Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.