Vice President, Technology Risk Management in London

This is an exciting opportunity to help lead cyber security delivery for Vocalink Limited, a company that operates the Critical National Infrastructure enabling almost all salary payments, utility bill payments, most ATM transactions, and every cheque cleared in the UK. The successful candidate will become part of a high performing team, dedicated to delivering a secure and resilient service to 60+ million citizens every day with annual transactional value in excess of GBP12 Trillion. The UK depends on us and we are proud of the trust placed in us.

The VP, Cyber Security Risk & Control leads on articulating the firm’s risk appetite and actual posture relative to that appetite, using a blend of appropriate industry-standard techniques to describe appetite, inherent risk and threat vectors, control strength, residual risk, specific risks and issues. As such, the role translates the technical outcomes of the wider security team into consumable and actionable outputs for our stakeholders, and steers our cyber investment plans, strategy and operational execution. This is not an administrative or reporting role: We see appetite definition and well articulated execution against it as a foundational element of our strategy, sharing the risk and rewards of success across the entire team. When done well, this role retains and grows the confidence of our board, customers, shareholders, and regulators. As such it is a vital and part of our strategy to retain and grow our existing business, and earn our part in the future of the UK Payments ecosystem.

In this role, you will:

• Attract and retain a high performing team of cyber professionals across the whole security team - engaging and developing our talent
• Lead on the management and reporting of Cyber Risk for the firm, running the key governance committee (a sub committee of the firm’s ExCo)
• Lead on the design and production of all cyber MI for the firm, informing our board, customers, and regulators of our posture and residual risks - in many fora this role is the "face of security"
• Mature our nascent threat modelling and residual risk quantification techniques
• Design & deliver regular reports to the board, the Executive Committee, customers, often with in person presentations including Q&A
• Play a leading role in the security leadership team alongside technical specialists, delivering our overall strategy and operation
• Deputise for the Business Security Officer in internal, customer and regulator facing situations when necessary
• Lead on implementing cyber security policies and procedures to minimize risk exposure and drive control maturity
• Co-ordinate 1LOD activities around certifications such as PCI, SWIFT, ISO, ISAE3402, etc.
• Act as a central point of coordination for all assurance activities, working with 2LOD, 3LOD, and the 1LOD controls office
• Work with colleagues in technology and operations to find synergies, trade-offs, and the right outcome for the firm and its customers
• Drive cross functional initiatives to deliver on risk goals, policies and procedures - pushing forward our overall maturity
• Work with operations colleagues to oversee security aspects of third party risk

Proven ability to create outcomes or timely escalations with options, someone who rejects "drift". Can lead teams - attracting, engaging, and retaining talent. Minimises friction and can develop people. Breadth and depth of cyber security achievements in a highly regulated environment. Experience dealing with matrix organisations, ideally including large multinationals. Experience presenting to, and working with senior partners in regulators, boards and customer organisations. Able to simplify data, and to distil messages to create compelling accurate narratives for stakeholders of all seniorities. Able to work closely with risk and audit colleagues to deliver relevant and high value add assurance. Track record of embedding security controls in a complex organisation, managing competing demands to drive down aggregate residual risk. Strong influencing skills; organizationally savvy. Customer focus and commercially aware - a passion for excellence, balanced with pragmatism and agility. Motivated and conscientious, but with a sense of humour and perspective. Embodies and demonstrates all of the brand values required by Vocalink and Mastercard. Strategic thinker - able to develop and communicate direction.

Corporate Security Responsibility: All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:

• Abide by Mastercard’s security policies and practices;
• Ensure the confidentiality and integrity of the information being accessed;
• Report any suspected information security violation or breach, and
• Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.