Lead Information Security Consultant

Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re helping build a sustainable economy where everyone can prosper, supporting a wide range of digital payments choices and delivering secure, simple, smart, and accessible transactions. Our technology, innovation, partnerships and networks combine to provide a unique set of products and services that help people, businesses and governments realize their greatest potential.

Lead Information Security Consultant

Mastercard is looking for a Lead Information Security Consultant based in London, Dunstable or Harrogate. This exciting position is within Vocalink, which is developing strategic products used across the organization. The successful candidate will strongly influence the security of Mastercard products and work with many stakeholders to ensure security is built‑in to our services.

• Deliver a quality service within the enterprise.
• Contribute to maturing the Security Consultancy team by building skills, improving consistency, and enabling scalability.
• Guide product and business teams on security best practices and Corporate Security policies and procedures to ensure secure products are developed.
• Provide assurance that products are developed and deployed with the right balance of security to protect against threats to the business, built upon reliable processes and procedures.
• Develop and improve security standards and frameworks to meet Mastercard’s future needs.

You will need to be able to do, and have experience of, the following:

• Strong security mindset and knowledge of current best practices, common exploits and threat landscape.
• Broad security experience across a range of disciplines with demonstrable experience of implementing technology or business process solutions across software development, architecture, network security and assurance testing.
• Natural ability to negotiate with business to balance risk and security requirements with business opportunity, while ensuring ongoing compliance and regulatory needs.
• The ability to work with teams and manage expectations while building strong business relationships.
• Confidence in providing technical guidance to team members for complex decisions including cryptography, network design, application security, data protection, identity and access management, etc.
• Experience of security governance frameworks and producing required outputs, including documentation and threat models over the course of projects to meet deadlines.
• Experience working with security standards such as ISO27001, NIST SP800-53, PCI‑DSS and others.
• Motivated self‑starter with agility, ability to manage ambiguity, anticipate change, and meet business objectives.
• Organisation of security assurance testing, using third‑party vendors.
• Proactive approach to helping develop the maturity of the security team’s capabilities.

• Relevant security certifications (CISSP, CISM, CSSLP, CISA).
• Experience in threat modelling and security risk assessment.
• Experience with Privileged Access Management, Secrets Management, PKI, Cryptography or Security Logging.
• Experienced in using JIRA and Confluence.

Every person working for, or on behalf of, Mastercard is responsible for information security. All activities involving access to Mastercard assets, information and networks carry inherent risk to the organization, and it is expected that the successful candidate will:

• Abide by Mastercard’s security policies and practices.
• Ensure the confidentiality and integrity of accessed information.
• Report any suspected information security violation or breach.
• Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.