Job Description

Our Purpose

We work to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments and businesses realize their greatest potential. Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. We cultivate a culture of inclusion for all employees that respects their individual strengths, views, and experiences. We believe that our differences enable us to be a better team one that makes better decisions, drives innovation and delivers better business results.

Job Title

Technology Risk Lead (PCI)

The mission of the PCI program at Mastercard is to protect our security posture. The PCI team ensures that all of our applications and platforms that handle payment data are PCI compliant and certified to PCI- DSS (Data Security Standards) as well as other PCI standards where applicable.
We are looking for someone to join our team to help us meet these compliance goals. This person will be a technically savvy person who likes to solve issues and drive outcomes.

Responsibilities include:
Act as primary technical liaison and subject matter expert for internal PCI team
Review data flows and architecture for new products to scope and determine PCI relevance
Provide technical support to PCI team ISAs during certifications
Address technical inquiries that are submitted through PCI group mailbox
Lead certification efforts that are not DSS: PIN, 3DS, TSP, P2PE etc.
Research, learn and applying knowledge about new technologies and environments that impact PCI e.g. PCF, Public Cloud, FPANs and tokens, expanded account ranges etc.
Work with app teams to help them develop technical remediation strategies and compensating controls
Participating in building the program to meet new requirements and rapid growth
Representing PCI in long term technical projects that were identified through the PCI process to ensure compliance with standards e.g. Mainframe encryption
Communicate security risks and gaps as related to or identified by PCI to stakeholders and executive management

Ability to:
Review security architecture of applications and determine PCI relevance
Employ strong research skills and problem-solving skills
Apply PCI standards to new and existing technologies
Identify and evaluate security gaps
Communicate business risk to stakeholders
Understand security findings (scanning/Pen test) and assess remediation strategies
Evaluate compensating controls
Conduct or facilitate meaningful meetings
Work in slightly chaotic, rapidly growing environment
Work both independently and as part of a very cohesive team

Working Knowledge of:
PCI standards and requirements
Latest information security protocols and standards
Mastercard environmentsphysical and cloud
Security controls, especially those that impact PCI (encryption, access, vulnerability testing etc.)
Security prevention and detection systems and other security event management systems
Data structures and classifications

Due to COVID-19, most of our employees are working from home. Weve implemented a virtual hiring process and continue to interview candidates by phone or video and are onboarding new hires remotely. We value the safety of each member of our community because we know were all in this together.

Mastercard is an inclusive Equal Employment Opportunity employer that considers applicants without regard to gender, gender identity, sexual orientation, race, ethnicity, disabled or veteran status, or any other characteristic protected by law.

If you require accommodations or assistance to complete the online application process, please contact reasonable.accommodation@mastercard.com and identify the type of accommodation or assistance you are requesting. Do not include any medical or health information in this email. The Reasonable Accommodations team will respond to your email promptly.