Principal Analyst, Control Testing, Certification and Assurance (Director Level) in Harrogate

The newly created 1st Line Control Office function within Vocalink Limited (VLL) is seeking a Principal Analyst (Director-level equivalent), to join the Control Testing, Certification and Assurance team. This senior technical role is for an experienced technical subject matter expert who will be responsible for leading and managing Certifications, Certification Audits, and other Assurance activities including conducting control testing to drive the retention of VLL’s certifications across multiple frameworks and the delivery of assurance obligations to its customers and Regulators.

This position requires a deep and broad understanding of security and technology control frameworks, with hands-on experience across standards such as: ISO 27001, ISO 22301, PCI DSS, PCI PIN, SWIFT CSP, ISAE 3000 etc. The successful candidate must have proven expertise in analysing and assessing control design, implementation and operating effectiveness against these standards, ensuring compliance and identifying gaps. The role also involves end-to-end management of external audits, requiring strong coordination skills and experience in audit readiness and stakeholder engagement.

The role has a significant emphasis on PCI DSS, so the successful candidate must have extensive experience in understanding and testing against PCI DSS requirements, and managing all aspects of the PCI DSS external audit process.

• Lead and manage external audits for technical standards, e.g. PCI DSS and PCI PIN.
• Support the Vice President and Director of Certification and Assurance in the development and maintenance of the annual Control Testing, Certification and Assurance plan.
• Provide strategic input into the evolution and continuous improvement of Certification and Assurance team processes and procedures.
• Maintain certification related documentation.
• Prepare and lead the organisation for annual certification audits.
• Lead the assessment and validation of controls and processes against a variety of security standards and obligations.
• Conduct periodic testing of key and non-key controls in line with the Control Testing Methodology.
• Evaluate compliance with internal policies, standards, regulatory requirements, and customer obligations.
• Prepare and review control testing documentation, including test procedures, results, and identified gaps.
• Ensure timely escalation of control deficiencies and support remediation tracking.
• Create and quality assure reports and team outputs.

• Supervise and mentor junior team members (Senior Analysts and Managers), providing guidance on certification requirements, assurance requirements, testing execution and quality assurance.
• Maintain close working relationships with Control and Process Owners and Operators to operate certificate maintenance and assurance activities efficiently and effectively.
• Contribute to reporting for governance forums, including dashboards, thematic reviews, and trend analysis.

• Support the development and refinement of certification management, Assurance activities and control testing processes, standards, tools, and methodologies.
• Stay informed on emerging risks, regulatory changes, certification changes and industry best practices with a focus on cybersecurity risks.

• Strong understanding and experience of working with control frameworks and standards (e.g. ISO27001, NIST, CRI, or PCI DSS).
• Strong understanding and experience of conducting security related audits/reviews and managing/coordinating external audits including certification audits.
• Experience of resolving varied and complex certification and assurance issues.
• Proven experience in control testing or assurance within security in a regulated environment.
• Excellent communication and stakeholder engagement skills.
• Strong organisational skills with the ability to prioritise and manage multiple tasks.

• Certifications such as ISO27001, CISA, CISM, CISSP, PCI SSC ISA, CRISC, or equivalent is desirable.
• Bachelor’s degree in Computer Science, Cyber Security, Information Technology, or a related field.
• Experience engaging with senior leadership at the Executive level and above.
• Proficiency in data analytics and Microsoft Office Suite (MS Word, MS Excel, MS Access and MS PowerPoint).
• Self-starter with a continuous improvement mindset and a collaborative approach.

All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must abide by Mastercard’s security policies and practices.