Skip to content
Security Risk Analyst II
| Company | Mastercard |
|---|
| Location | White Plains, NY, USA |
|---|
| Salary | $63000 – $113000 |
|---|
| Type | Full-Time |
|---|
| Degrees | |
|---|
| Experience Level | Mid Level |
|---|
Requirements
- Experience supporting information security, IT audit and/or IT risk management principles.
- Familiarity with risk management processes (e.g., methods for assessing and mitigating risk)
- Conceptual understanding of IT and security controls, networking and information security technologies.
- Knowledge of Risk and Control Framework standards such as ISO 27001, NIST CSF, PCI-DSS.
- Background in developing, and maintaining security policies, processes, procedures and standards.
- Strong analytical and problem-solving skills for design, creation and testing of security controls and systems.
Responsibilities
- Oversee compliance and the implementation of design (up-to-date standard operating procedures) and operational effectiveness (testing the validity of procedures periodically).
- Participate in the gathering, documenting, monitoring and preliminary analysis of the information security and technology metrics.
- Identify, test, and report security weaknesses in systems and applications. Participate in the risk management process, including documenting, reviewing and updating systems on a regular basis; contribute in the preparations of internal risk reports.
- Maintaining an understanding of security policies and regulatory compliance (i.e. ISO 27001, PCI, GDPR)
- Monitor technology risk and compliance, and develop, deliver, maintain and monitor IT policies, standards, and best practices.
- Oversee governance and compliance of vulnerability remediation enterprise wide.
- Support special projects as requested; provides ad-hoc support to management.
- Develop effective working relationships with internal and external stakeholders, auditors, process and control owners and functional staff.
- Understand and interact with related disciplines through different committees to ensure the consistent application of policies and standards across all technology functions.
Preferred Qualifications
- Experience creating ISMS documentation to integrate the ISO 27001 requirements within the overall organization.
- Successfully completed ISO 27001:2022 Lead Auditor/Lead Implementer certification.
- Successfully completed CISA/CISM Certification.
- Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and IT management (e.g., GDPR, NY DFS Part 500 , MAS TRM etc.)
- Knowledge of Mastercard products and technology, security and other risk management programs and practices. (desired, not required)
- Experience using RSA Archer or equivalent risk tool sets.
