Principal Analyst, Control Testing, Certification and Assurance

Our Purpose

Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.

Title and Summary

Principal Analyst, Control Testing, Certification and Assurance

The Role

The newly created 1st Line Control Office function within Vocalink Limited (VLL) is seeking a Principal Analyst (Director‑level equivalent) to join the Control Testing, Certification and Assurance team. This senior technical role requires a deep and broad understanding of security and technology control frameworks, with hands‑on experience across standards such as ISO 27001, ISO 22301, PCI DSS, PCI PIN, SWIFT CSP, ISAE 3000, etc. The successful candidate will analyse and assess control design, implementation and operating effectiveness against these standards, ensuring compliance and identifying gaps. The role also involves end‑to‑end management of external audits, requiring strong coordination skills and experience in audit readiness and stakeholder engagement. A significant emphasis is placed on PCI DSS, including extensive experience in understanding, testing and managing all aspects of the PCI DSS external audit process.

Key Responsibilities

• Lead and manage external audits for technical standards, e.g. PCI DSS and PCI PIN.
• Support the Vice President and Director of Certification and Assurance in the development and maintenance of the annual Control Testing, Certification and Assurance plan.
• Deputise for the Director of Certification and Assurance as required.
• Provide strategic input into the evolution and continuous improvement of team processes and procedures.
• Maintain certification‑related documentation and prepare the organisation for annual certification audits.
• Assess and validate controls and processes against a variety of security standards and obligations.
• Manage certifications (e.g., ISO 27001, PCI DSS) and assurance activities (e.g., ISAE 3000).
• Conduct periodic testing of key and non‑key controls in line with the Control Testing Methodology.
• Evaluate compliance with internal policies, standards, regulatory requirements and customer obligations.
• Prepare and review control testing documentation, including test procedures, results and identified gaps.
• Ensure timely escalation of control deficiencies and support remediation tracking.
• Create and quality‑assure reports and team outputs.
• Supervise and mentor junior team members (Senior Analysts and Managers), guiding them on certification requirements, assurance requirements, testing execution and quality assurance.
• Maintain close working relationships with Control and Process Owners and Operators to operate certificate maintenance and assurance activities efficiently.
• Contribute to governance forum reporting, including dashboards, thematic reviews and trend analysis.
• Support the development and refinement of certification management, assurance activities and control testing processes, standards, tools and methodologies.
• Promote a culture of proactive risk management within the 3 Lines of Defence model.
• Stay informed on emerging risks, regulatory changes, certification changes and industry best practices with a focus on cybersecurity risks.

Knowledge, Skills and Expertise

• Strong understanding and experience of control frameworks and standards (e.g. ISO 27001, NIST, CRI, or PCI DSS).
• Experience conducting security‑related audits/reviews and managing/coordinating external certification audits.
• Ability to resolve varied and complex certification and assurance issues.
• Knowledge of all areas of security and IT general controls across a variety of platforms and environments.
• Proven experience in control testing or assurance within a regulated environment.
• Strong investigative and analytical skills, problem‑solving and decision‑making.
• Experience collaborating cross‑functionally to identify and implement best‑practice security audit management and assurance processes.
• Ability to assess control design and operating effectiveness in complex environments and identify control gaps and improvement opportunities.
• Excellent communication and stakeholder engagement skills.
• Experience managing and coaching junior team members.
• Strong organisational skills with the ability to prioritise and manage multiple tasks.

Qualifications

• Certifications such as ISO 27001, CISA, CISM, CISSP, PCI SSC ISA, CRISC or equivalent are desirable.

Preferred Skills & Attributes

• Bachelor’s degree in Computer Science, Cyber Security, Information Technology or a related field.
• Experience engaging with senior leadership at the Executive level and above.
• Proficiency in data analytics and Microsoft Office Suite (MS Word, MS Excel, MS Access, MS PowerPoint).
• Self‑starter with a continuous‑improvement mindset and a collaborative approach.
• Experience creating presentations for business discussions and reporting.
• Experience with Risk Management / GRC related technologies and toolsets.
• Experience working in cross‑functional large projects with dispersed teams.

Corporate Security Responsibility

• Abide by Mastercard’s security policies and practices.
• Ensure the confidentiality and integrity of the information accessed.
• Report any suspected information security violation or breach.
• Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.

#J-18808-Ljbffr