Director, Technology Risk and Control Framework

7 days ago


Toronto, Canada Mastercard Full time

Our Purpose
- Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re helping build _a sustainable economy_ where everyone can prosper. We support a wide range of digital payments choices, making _transactions secure,_ simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential._

Title and Summary

Director, Technology Risk and Control Framework (2LoD)

Overview:
The Mastercard Risk (2LoD) is looking for a Director to lead the implementation and roll out of a best practice Technology Control Framework and deliver independent test / validation of key controls across Mastercard’s Technology estate. The role requires a depth of knowledge and experience in Security and Operational risk approaches such as FAIR / RCSA / ISO31000 and of industry control standards such as Cyber Risk Institute Profile, NIST CSF, Unified Control Framework and SOC1/2. The role also requires knowledge of risk management expectations of payment industry regulators globally.

Role:

- Lead the 2LoD implementation / co-ordination of a Technology Control Framework based on the UCF and CRI Profile
- Deliver control sample testing on critical services or key business units leveraging industry best practices to assess control design and effectiveness
- Driver the establishment of a 1LoD Control Library that aligns to a co-ordinated Technology Control Framework
- Represent Technology Risk in relevant governance committees and facilitate the effectiveness of technology risk forums in supporting decision making
- Support the integration of the control framework into the technology risk assessment program for Mastercard
- Leverage industry standards to support the analysis of how controls affect risk i.e. via the FAIR CAM industry standard
- Align the Technology Control Framework to support decision making against the Mastercard Risk Appetite Framework inclusive of risk objectives and measurable tolerances.
- Manages collaborative working relationships with stakeholders at the regional or local level
- Support the development of risk processes that implement best practices and ensure all processes are documented, reviewed and updated regularly
- Co-ordinate the maintenance of risk registers, control libraries and issue management processes in order to support the monitoring and reporting of material risks

All About You:
Experience
Required
- Experience delivering control testing and assurance reviews
- Experience delivering presentations and engaging with senior leadership
- Experience managing the Technology risk strategies that maintain the status of industry compliance standards (e.g. CRI Profile, ISAE 3402, SOC, CPMI IOSCO etc)
- Experience engaging with banking and payment industry regulators and an understanding of their requirements in relation to risk management and assurance

Nice to have
- Experience with the FAIR Methodology and FAIR CAM
- Experience leveraging GRC tools
- Experience with regulatory and industry best practice and standards such as ISO 27001, PCI DSS, GLBA and CRI Profile, NIST CSF

Qualifications and Skills
Required
- Business Degree (or equivalent) in a relevant field to risk management
- Very strong knowledge of Risk Management best practice
- Knowledge of Risk Assessment methodologies such as RCSA (Risk Control Self Assessment) and control assurance approaches
- Systematic problem-solving approach, coupled with strong communication skills and a sense of ownership and drive.

Nice to have
- Masters Risk Management
- Strong IT technical knowledge or knowledge of payment systems
- Project Management Skills
- Knowledge of Quantitative Risk Approaches (i.e. Monte Carlo Simulation)

Corporate Security Responsibility

All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:
- Abide by Mastercard’s security policies and practices;- Ensure the confidentiality and integrity of the information being accessed;- Report any suspected information security violation or breach, and- Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.



  • Toronto, Canada CIBC Full time

    We’re building a relationship-oriented bank for the modern world. We need talented, passionate professionals who are dedicated to doing what’s right for our clients. At CIBC, we embrace your strengths and your ambitions, so you are empowered at work. Our team members have what they need to make a meaningful impact and are truly valued for who they are...


  • Toronto, Canada CIBC Full time

    We’re building a relationship-oriented bank for the modern world. We need talented, passionate professionals who are dedicated to doing what’s right for our clients. At CIBC, we embrace your strengths and your ambitions, so you are empowered at work. Our team members have what they need to make a meaningful impact and are truly valued for who they are...


  • Toronto, Canada Canada Life Assurance Company Full time

    Director, Technology Operational Risk **Description: - Permanent Full Time- We are looking for a **Director, Technology Operational Risk** - The Director, Technology Operational Risk plays a key role in providing independent advice, oversight, and challenge of the first line of defense with respect to business unit operational risk and regulatory compliance...


  • Toronto, Canada Royal Bank of Canada Full time

    **Job Summary** What is the opportunity? You will support Operational Risk Management leadership within Group Risk Management in delivering various oversight and challenge processes including: identifying issues with policy compliance through analysis and testing of controls; monitoring regulatory changes that impact cyber and technology, maintaining the...

  • IT Security Director

    2 weeks ago


    Old Toronto, Canada TD Bank Full time

    About the RoleTD Bank is seeking an experienced IT Security Director to lead our Technology Risk Management team. As a key member of our security leadership, you will be responsible for ensuring the bank's technology controls and information security programs are effective in mitigating risks and protecting our customers' data.Key...


  • Old Toronto, Canada Liquor Control Board of Ontario Full time

    Senior Manager - IT Audit We are seeking a highly skilled and experienced Senior Manager to lead our IT audit team. As a key member of the Internal Audit Services department, you will be responsible for developing and executing the annual IT audit plan, leading and managing complex IT audits, and providing expert advice on IT risk management and control...


  • Toronto, Canada Tangerine Full time

    **Requisition ID**: 196636 Tangerine is Canada’s leading direct bank. We offer flexible and accessible banking options, innovative products, and award-winning Client service. The reason why Tangerine employees come to work each day is to help Canadians live better lives. We focus on making a difference in our communities, and that includes our own...


  • Old Toronto, Canada Scotiabank Full time

    Title: Director and Head of Risk TechnologyRequisition ID: 212329Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.PurposeThe Director and Head of Risk Technology will be responsible for the strategic direction, leadership, and oversight of the Technology team with the focus of modernization of application...


  • Toronto, Canada University Pension Plan Full time

    ABOUT UPP UPP is the first pension plan of its kind in Ontario’s university sector, proudly serving over 40,000 members across four universities and fourteen sector organizations. Our purpose is to bring greater retirement peace of mind to the university sector by investing with integrity and serving members with care. As a sector-wide plan designed for...


  • Toronto, Canada Tangerine Full time

    **Requisition ID**: 191942 Tangerine is Canada’s leading direct bank. We offer flexible and accessible banking options, innovative products, and award-winning Client service. The reason why Tangerine employees come to work each day is to help Canadians live better lives. We focus on making a difference in our communities, and that includes our own...


  • Old Toronto, Canada EQ Bank | Equitable Bank Full time

    Job Title:Cyber Risk Management DirectorAbout the Role:We are seeking an experienced Cyber Risk Management Director to join our team at EQ Bank | Equitable Bank. As a key member of our organization, you will play a critical role in directing and managing our cyber risk management programs.Responsibilities:Develop and oversee the bank's Cyber Resilience...


  • Toronto, Canada Manulife Full time

    We are a leading financial services provider committed to making decisions easier and lives better for our customers and colleagues around the world. From our environmental initiatives to our community investments, we lead with values throughout our business. To help us stand out, we help you step up, because when colleagues are healthy, respected and...


  • Old Toronto, Canada Risk & Insurance Management Society Inc Full time

    Full-timeJob Location: Toronto or MontrealAt Fiera CapitalWe invest in creating a culture of purpose that makes our people feel valued, cared for, seen, and heard.Our approach to employee experience is tailored to your needs and ambitions:Your Inclusive Experience: We are committed to cultivating an inclusive, safe, and trusting work environment.Your Growth...


  • Toronto, Canada Scotiabank Full time

    Requisition ID: 207475 Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture. Contributes to the overall success of first line Technology as well as IT Risk and Resiliency ensuring specific individual goals, plans, initiatives are executed / delivered in support of IT&S and the businesses strategies and...


  • Toronto, Canada OMERS Full time

    Choose a workplace that empowers your impact.  Join a global workplace where employees thrive. One that embraces diversity of thought, expertise and experience. A place where you can personalize your employee journey to be — and deliver — your best. We are a purpose-driven, dynamic and sustainable pension plan. An industry leading global investor...


  • Toronto, Canada Mastercard Full time

    Our Purpose We work to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments and businesses realize their greatest potential. Our...


  • Toronto, Canada Mastercard Full time

    Our Purpose We work to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments and businesses realize their greatest potential. Our...


  • Toronto, Canada Infrastructure Ontario Full time

    IO’s Finance, Technology, and Lending Enterprise Team ensures that IO is a financially efficient and effectively managed organization and that the agency’s finances are monitored, reported, and managed appropriately. The team also manages the infrastructure lending program, which has supported more than $19 billion in local infrastructure development,...


  • Old Toronto, Canada Mnp Llp Full time

    Enterprise Risk ServicesWe are seeking a seasoned professional to lead our Enterprise Risk Services team. As a trusted advisor, you will establish effective systems of internal controls that safeguard clients' assets and maintain compliance.Key Responsibilities:Lead proposals, planning, and delivery of enterprise risk services engagements with a focus on...


  • Toronto, Canada Scotiabank Full time

    Requisition ID: 212329 Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture. **Purpose** You provide expertise and engineering excellence as an integral part of an agile team to enhance, build, and deliver trusted market-leading technology products in a secure, stable, and scalable way. Leverage your...