Manager, 1st Line Controls Testing, Certification and Assurance in London

Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we're helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.

Main purpose of the role

The newly established 1st Line Control Office function within Vocalink Limited (VLL) is seeking a Manager to join the Control Testing, Certification and Assurance team. This role will be responsible for managing Certifications, Certification Audits, and other Assurance activities including conducting control testing to support the retention of VLL's certifications across multiple frameworks and the delivery of assurance obligations. This position requires a broad understanding of security and technology control frameworks, with hands-on experience across standards such as ISO 27001, ISO 22301, PCI DSS, PCI PIN, SWIFT CSP, ISAE 3000 etc. The successful candidate must have proven expertise in analysing and assessing control design, implementation and operating effectiveness against at least one of these standards, ensuring compliance and identifying gaps. The role will also include coordinating and managing external audits to ensure smooth execution, therefore, experience of this is needed.

Key Responsibilities

• Maintain certification and assurance related documentation.
• Prepare the organisation for annual certification audits.
• Support the assessment and validation of controls and processes against a variety of security standards and obligations.
• Support the team in the management of VLL certifications, e.g. ISO27001 and PCI DSS.
• Support the team in the management of other assurance activities, e.g. ISAE3000.
• Conduct periodic testing of key and non-key controls in line with the Control Testing Methodology.
• Evaluate compliance with internal policies, standards, regulatory requirements, and customer obligations.
• Prepare and review control testing documentation, including test procedures, results, and identified gaps.
• Ensure timely escalation of control deficiencies and support remediation tracking.
• Create and quality assure reports and team outputs.

Team Leadership, Collaboration & Stakeholder Engagement

• Supervise and mentor junior team members (e.g. Senior Analysts), providing guidance on certification requirements, assurance requirements, testing execution and quality assurance.
• Support the Vice President and Director of Certification and Assurance in the development and maintenance of the annual Control Testing, Certification and Assurance plan.
• Build and maintain strong partnerships with Control and Process Owners and Operators to ensure efficient and effective execution of certification maintenance and assurance activities.
• Contribute to reporting for governance forums, including dashboards, thematic reviews, and trend analysis.

Governance & Continuous Improvement

• Support the development and refinement of certification management, assurance/control testing processes, standards, tools, and methodologies.
• Contribute to the maturity of the 3 Lines of Defence model and promote a culture of proactive risk management.
• Stay informed on emerging risks, regulatory changes, certification changes and industry best practices with a focus on cybersecurity risks.

Knowledge, Skills and Expertise (technical / role specific)

• Experience of working with security related control frameworks and standards (e.g. ISO27001, NIST, CRI, or PCI-DSS).
• Experience of conducting security related audits/reviews and managing/coordinating external audits including certification audits.
• Ability to assess control design and operating effectiveness in complex environments and to identify control gaps and improvement opportunities.
• Experience of resolving certification and assurance issues.
• Knowledge and experience of all areas of security.
• Strong investigative and analytical experience (e.g. enquiry, scanning, analysis, interviewing, testing), problem-solving, and decision-making skills.
• Experience collaborating cross-functionally to identify and implement good practice security audit management and assurance processes.
• Excellent communication and stakeholder engagement skills.

Qualifications

• Certifications such as ISO27001 Lead Auditor, CISA, CISM, CISSP, PCI SSC ISA, CRISC, or equivalent is desirable.
• Bachelor's degree in Computer Science, Cyber Security, Information Technology, or a related field.
• Good Knowledge of security controls and IT general controls across a variety of technologies and environments.
• Proficiency in Microsoft Office Suite (MS Word, MS Excel, MS Access and MS PowerPoint).
• Strong organisational skills with the ability to prioritise and manage multiple tasks.
• Self-starter with a continuous improvement mindset and a collaborative approach.
• Experience creating presentations for business discussions and reporting.
• Experience of Risk Management / GRC related technologies and toolsets.
• Experience working in cross-functional large projects with dispersed teams.

Corporate Security Responsibility

All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:

• Abide by Mastercard's security policies and practices;
• Ensure the confidentiality and integrity of the information being accessed;
• Report any suspected information security violation or breach, and
• Complete all periodic mandatory security trainings in accordance with Mastercard's guidelines.