Vice President, Risk and Controls

Our Purpose Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.

Overview The principal responsibility of the role, within the first line of defence Risk team, consists of implementing and overseeing the risk management program and internal control framework for the RTP International (RTP INT) business. The appointee will be responsible for developing the risk strategy and help provide subject‑matter expertise.

About RTP International Real Time Payments International (RTP INT) is an operating programme under the Mastercard Core Payments model and an operating entity for six current international real time ‘live service’ markets as part of the overall Mastercard RTP portfolio. The services, whilst stated as RTP, also cover other products and these include Real Time payments, Bulk and Batch (BPS), Data Feed Manager (DFM), Proxy Database Services (PDS) and various User Interface solutions (UI). The market countries are a mix of four software supplied sales and 2 managed service hubs: BancNet - Philippines (IPS), CCE – Peru (IPS and BPS), ITMX – Thailand (IPS), BCS – Singapore (IPS), Saudi Payments (IPS and BPS), TCH – USA (IPS).

About The Position You will collaborate with a team of three or more staff and collaborate extensively with Regional and Global teams, including Group Risk and be integral to various North Star risk framework initiatives. Your focus will be on enterprise-wide risk management for the RTP International business, ensuring the operational resilience of our infrastructure and mitigating a broad spectrum of risks impacting our customers' services. This 1st line risk role requires you to partner with the 2nd line to identify, assess, and manage various risks, including cyber and security risks, third‑party risks, legal and regulatory risks, operational risks, financial risks, reputational risks, and strategic risks. By collaborating closely with the 2nd line, you will validate risk assessments, challenge assumptions, and enforce compliance with policies and procedures to uphold the integrity and stability of our services.

We seek a candidate with extensive risk management experience in the payments or financial services industry. You will mentor a team, working closely with Biz Ops and Engineering teams, proactively monitoring and managing technology risks to protect Mastercard and its customers. You will collaborate with business risk owners, the 1st Line risk team, Tech Risk Management (TRM), Biz Ops, and Engineering teams to establish robust governance frameworks for assessing, monitoring, and mitigating risks effectively. This involves validating risk assessments, challenging assumptions, and enforcing compliance with established policies and procedures. Additionally, you will enhance governance structures to foster a culture of risk awareness and accountability across the organization.

Responsibilities Include The Following:

• Provide guidance and support to the risk team, fostering professional growth and development.
• Partner with Mastercard Global Technology Risk Management, Regional Technology, Local technology (Service Management), and Biz Ops teams to align on risk management methodology and practices.
• Maintain and develop the enterprise‑wide risk management framework and culture, including risk policies and procedures in accordance with MA Group Risk requirements.
• Maintain quality of data within risk GRC systems (e.g., Open Pages, Archer, PlanView) for reporting and tracking purposes.
• Deliver an enterprise‑wide risk management awareness programme to ensure risk policies and procedures are understood and complied with by staff across the business.
• Support risk and control owners in resolving queries related to risks and controls.
• Provide risk briefings to management, ensuring risks, issues, and appetite breaches are monitored and escalated appropriately.
• Collect security and operational metrics for management reports and dashboards.
• Coordinate internal and external audits, including evidence gathering, meeting scheduling, and liaison with internal control owners and external auditors.
• Ensure the resilience and effectiveness of services through strong internal and external partner management.
• Collaborate with internal and external partners to establish frameworks with third parties to mitigate risks and deliver maximum value.
• Provide input to scenario testing, running pilots, and designing templates for vulnerabilities.
• Develop and deliver training and communications to reinforce and embed key requirements.
• Evaluate resilience solutions to find those that best meet business needs.
• Stay updated on relevant regulations and industry standards related to risk management and business continuity.
• Ensure compliance with regulatory requirements and internal policies related to risk management.
• Prepare and present regular reports on risk assessment findings, mitigation efforts, and organizational resilience to senior management.
• Develop and maintain business continuity plans to ensure the organization can continue critical operations during disruptions.
• Work with cross‑functional teams to identify key business processes and develop strategies to minimize downtime and mitigate the impact of disruptions.
• Conduct regular testing and exercises of business continuity plans to ensure effectiveness and identify areas for improvement.
• Lead the interaction and contributions to Group Risk and the North Star risk framework initiatives.
• Influence and work effectively beyond direct reports to drive risk management and resilience initiatives across the organization and the six live markets.

Corporate Security Responsibility Abide by Mastercard’s security policies and practices; Ensure the confidentiality and integrity of the information being accessed; Report any suspected information security violation or breach; and Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.