Analyst, Information Security and Compliance

**Our Purpose**
- Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we're helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential._
**Title and Summary**
Analyst, Information Security and Compliance
**Responsibilities**:
Internal Compliance
- Identifying control gaps and process improvement opportunities; evaluating compliance with
operational, legal, regulatory and IT policies and procedures
- Maintaining and managing the controls list
- Tracking and monitoring management action plans to ensure sustainable resolution of control gaps
- Providing risk and control advice and education for the benefit of the organization, being a "champion" and advocate for strong risk management and governance controls and partnering with
other control functions to strengthen our three lines of defense model
- Understanding and critically analyzing complex IT processes, identifying and assessing potential risks and determining whether those risks are appropriately mitigated (using various techniques
such as problem solving, root cause and data analysis)
Security Due Diligence Questionnaires
- Managing the security/due-diligence questionnaires lifecycle and ensuring compliant,
accurate and timely completion of all responses
- Responding to clients due-diligence questionnaires and audits
- Identifying the needs, requirements and risks associated with questionnaires received
- Maintaining a library of content to help ensure responses are up-to-date; contributing to
developing and improving the process and the existing knowledge-base to streamline the
responses
- Responsible for managing regular scheduled internal reviews of key control areas
- Excellent communication skills, both written and verbal; strong presentation
Skills required
Must have a positive attitude, an excellent critical thinking and problem-solving skills to supports the business working with cross-functional teams on projects and initiatives. Liaise with internal and external stakeholders on an ongoing basis during the audit, relative to plans, objectives, evidence collection and results documenting, presenting and tracking findings and remediation actions.
- Preferably 3 - 5 years' experience with/in:
IT security controls
IT Audit, and/or
Compliance management, and/or
Project management/ coordination (document collections, coordination, tracking, customer partnership), and/or
Information management
- Understanding of risk management and Information Security frameworks
- Certified Professional designation (CSA CCM, CISSP, CISA, CRISC) or willingness to work towards one or more of these certifications
- Experience with GDPR and/or PIPEDA and/or similar Data Privacy frameworks
- Experience with information management/ RFP platforms (e.g., Loopio, RFPIO, RFP360, etc.)
- Experience working with auditors and other stakeholders, managing audits, collecting evidence and tracking findings to a resolution
- Intellectually curious, self-motivated, passionate works well both independently and as part of a team
- Ability to influence change through effective communication and interpersonal skills
- Ability to work and partner with others in different levels of the organization
- Ability to multi-task, be organized and take initiative audit management.
- Managing the PCI, SOC-2 and other compliance programs end-to-end
- Evaluating internal stakeholders' response to audits and reporting to management on appropriateness
- Acting in a consultative capacity, providing advice and clarity to teams on compliance requirements and audits
**Corporate Security Responsibility**
All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:
- Abide by Mastercard's security policies and practices;
- Ensure the confidentiality and integrity of the information being accessed;
- Report any suspected information security violation or breach, and
- Complete all periodic mandatory security trainings in accordance with Mastercard's guidelines.

---