Information Security Engineer II

Our Purpose Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential. Title And Summary Information Security Engineer II To support our continued growth and success, we are actively recruiting for an Information Security Compliance Professional to assist in and support all aspects of our program. The ideal candidate will have solid experience in developing and/or maintaining information security policies and procedures, as well as familiarity with security frameworks and standards including CSA CCM, PCI-DSS, SOC2, ISO27001, etc. Excellent communication skills, both verbal and written, are essential. If you are looking for a challenge that will allow you to collaborate within dynamic teams and work in a fast‑paced environment, this position is for you. Responsibilities Maintaining and managing the controls list. Identifying control gaps and process improvement opportunities; evaluating compliance with operational, legal, regulatory and IT policies and procedures. Document risk and mitigation controls, including policy/procedure updates; tracking and monitoring management action plans to ensure sustainable resolution of control gaps. Providing risk and control advice and education for the benefit of the organization, being a "champion" and advocate for strong risk management and governance controls and partnering with other control functions to strengthen our three lines of defense model. Understanding and critically analyzing complex IT processes, identifying and assessing potential risks and determining whether those risks are appropriately mitigated using techniques such as problem solving, root cause and data analysis. Managing the security/due‑diligence questionnaires lifecycle and ensuring compliant, accurate and timely completion of all responses. Responding to clients due‑diligence questionnaires and audits. Identifying the needs, requirements and risks associated with questionnaires received. Maintaining a library of content to help ensure responses are up‑to‑date; contributing to developing and improving the process and the existing knowledge‑base to streamline the responses. Responsible for managing regular scheduled internal reviews of key control areas. Excellent communication skills, both written and verbal; strong presentation abilities. Skills Required Preferably 3 - 5 years’ experience with/in: IT security controls IT Audit, and/or Compliance management, and/or Project management/ coordination (document collections, coordination, tracking, customer partnership), and/or Information management Understanding of risk management and Information Security frameworks Certified Professional designation (CSA CCM, CISSP, CISA, CRISC) or willingness to work towards one or more of these certifications Experience with GDPR and/or PIPEDA and/or similar Data Privacy frameworks Experience with information management/ RFP platforms (e.g., Loopio, RFPIO, RFP360, etc.) Experience working with auditors and other stakeholders, managing audits, collecting evidence and tracking findings to a resolution Intellectually curious, self‑motivated, passionate works well both independently and as part of a team Ability to influence change through effective communication and interpersonal skills Ability to work and partner with others in different levels of the organization Ability to multi‑task, be organized and take initiative in audit management. Managing the PCI, SOC‑2 and other compliance programs end‑to‑end Evaluating internal stakeholders’ response to audits and reporting to management on appropriateness Acting in a consultative capacity, providing advice and clarity to teams on compliance requirements and audits. Corporate Security Responsibility Abide by Mastercard’s security policies and practices; Ensure the confidentiality and integrity of the information being accessed; Report any suspected information security violation or breach, and Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines. Pay Ranges Vancouver, Canada: $91,000 - $140,000 CAD Mastercard is a merit‑based, inclusive, equal opportunity employer that considers applicants without regard to gender, gender identity, sexual orientation, race, ethnicity, disabled or veteran status, or any other characteristic protected by law. We hire the most qualified candidate for the role. In the US or Canada, if you require accommodations or assistance to complete the online application process or during the recruitment process, please contact and identify the type of accommodation or assistance you are requesting. Do not include any medical or health information in this email. The Reasonable Accommodations team will respond to your email promptly. #J-18808-Ljbffr