galaxy venture portfolio, portfolio company, venture investing, stage-agnostic, investments, protocols, scaling solutions, DeFi, web3, infrastructure,

Galaxy Ventures

Portfolio Jobs

Apply to jobs in the Galaxy Ventures portfolio.

Senior Technology Risk Analyst (ISAE 3000 / SOC 2)



Peterborough, UK
Posted on Friday, May 24, 2024

Our Purpose

We work to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments and businesses realize their greatest potential. Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. We cultivate a culture of inclusion for all employees that respects their individual strengths, views, and experiences. We believe that our differences enable us to be a better team – one that makes better decisions, drives innovation and delivers better business results.

Title and Summary

Senior Technology Risk Analyst (ISAE 3000 / SOC 2)

The Mastercard Technology Risk Team in Europe is looking for a Senior Technology Risk Analyst to support assurance and controls programs supporting security requirements to meet customer and regulatory obligations. Emphasis will be placed on providing compliance support, monitoring, and reporting of the ongoing operating effectiveness of the internal control environment. This role is a pivotal part of the Mastercard technology risk function and supports Mastercard's commitment to balancing innovation while protecting the internal control posture. The team assesses internal controls to proactively identify risks, define remediation actions and track remediation efforts. We are looking for someone to join our team and help us meet these goals.

The ideal candidate will have the ability to think and act both strategically and tactically while ensuring that the corporation remains compliant with required security, technology, and financial standards, as well as industry best practices.

- Support assurance programs, engage with internal partners to help build control frameworks to ensure needs and expectations over services are met for various attestations / certifications and aligned with regulatory requirements (e.g., ISAE 3402, ISAE 3000, SOC 2, ISO 27001, etc.)
- Engage with the auditors to test the control framework to ensure objectives are met and risk is managed effectively
- Evaluate compliance with operational IT policies and procedures
- Execute control assessments of various operational and business areas to assess potential risks or control gaps
- Track remediation internally and externally through to resolution to help improve design and operational effectiveness of controls
- Reduce error ratings and risk exposure as a result of gaps in control performance
- Report formally on the results of assurance/certification objectives, controls, and risk assessments
- Help develop and maintain reports, metrics and presentations of progress and results for meetings with customers and regulators
- Provide data analysis and strategy execution across risk areas, leveraging an understanding of risk and regulation

About you:
- You have experience in IT compliance or IT audit; this assumes an advanced understanding of IT controls in a technical environment, including network topologies and management, application interfacing, vulnerability management, system development lifecycle, database management and project management
- You have a Bachelor’s or Master’s degree or equivalent combination of education and experience/Bachelor’s or Master’s degree in computer science, information technology or related field preferred
- You have the ability to operate with independence and autonomy
- You have the ability to accurately and concisely write up controls evaluation results and explain them to internal and external stakeholders
- You have experience in implementing and evaluating of control frameworks (e.g., SOC 2, ISAE 3402 / 3000, ISO 27001, etc.)
- You have strong interpersonal, communication and presentation skills necessary for influencing business leaders and teams across all levels of the organization
- You will contribute to a work environment that encourages knowledge of, respect for, and the development of skills to engage with those of other cultures and backgrounds
- Proficiency in Linux system management and database management, a plus
- Professional certification like CISSP/CISA/CRISC/CIPP or similar, a plus
- Familiarity with the financial services industry and payment processing industry, a plus
- Familiarity with GDPR and cloud services, a plus

Corporate Security Responsibility

All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:

  • Abide by Mastercard’s security policies and practices;

  • Ensure the confidentiality and integrity of the information being accessed;

  • Report any suspected information security violation or breach, and

  • Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.