Principal, Technology Risk Analyst
Location
Pune | India
Job description
Job Description
Our Purpose
We work to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments and businesses realize their greatest potential. Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. We cultivate a culture of inclusion for all employees that respects their individual strengths, views, and experiences. We believe that our differences enable us to be a better team – one that makes better decisions, drives innovation and delivers better business results.
Title and Summary
Principal, Technology Risk AnalystJob Title: Principal Technology Risk Analyst (L5)
Who is Mastercard?
Mastercard is a global technology company in the payments industry. Our mission is to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart, and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments, and businesses realize their greatest potential.
Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. With connections across more than 210 countries and territories, we are building a sustainable world that unlocks priceless possibilities for all.
MTS Overview:
Mastercard Transaction Services [MTS] is the division responsible for the management of the legal entities under which all of Mastercard’s current licensed money transfer services (and in the future other regulated activities) will be conducted. The MTS division (and associated MTS shared services functions) are housed under the umbrella of Mastercard Transaction Services and are comprised of the components which are necessary to support the activities of a licensed payment services firm. These components include:
• The maintenance of payment institution/money transmitter licenses (and in future state, other applicable payment services licences) for operating payments business in defined jurisdictions.
• Currently supporting cross border account to account payments globally, designing for crypto (stablecoins) and exploring Open Banking and other products.
• Associated settlement accounts and other treasury services for the relevant MTS entity
• Compliance services including but not limited to real-time sanctions screening / AML / Fraud
• Regulatory reporting to the relevant regulators on behalf of the regulated business and its subsequent activities.
Role Summary
The Principal Technology Risk Analyst will be responsible for managing and overseeing all Information Technology governance and compliance activities within the organization to ensure compliance with relevant regulations and guidelines for multiple licensed entities. Play a critical role in sourcing, assessing, and monitoring third-party service providers and sub-contractors to support the organization while upholding the highest standards of regulatory compliance and risk management.
Responsibilities
• Vendor Due Diligence: Conduct thorough due diligence on potential vendors and service providers to assess their capabilities, financial stability, and compliance with relevant regulations. Ensure that all vendor engagements align with the organization's risk appetite and strategic objectives.
• Contract Negotiation and Management: Collaborate with legal and sourcing/procurement teams to negotiate robust contracts that include clear expectations, service level agreements, performance metrics, data protection measures, regulatory and termination clauses. Continuously manage and monitor vendor contracts to ensure ongoing compliance.
• Regulatory Compliance: Stay abreast of all applicable financial regulations, directives, and guidelines issued by the regulatory authorities (e.g., Monetary Authority of Singapore, European Banking Authority, RBI, NYDFS, etc.). Ensure that outsourcing activities comply with these requirements and that any changes are promptly incorporated into the outsourcing framework.
• Risk Assessment: Perform comprehensive risk assessments on outsourced activities to identify and mitigate potential risks. Develop risk management strategies to protect the organization's interests and minimize potential disruptions.
• Performance Monitoring: Establish key performance indicators (KPIs) and service level agreements (SLAs) with vendors. Regularly monitor and evaluate vendor performance against these metrics to ensure adherence to contractual obligations.
• Business Continuity: Collaborate with function/business owners and vendors to ensure they have robust business continuity and contingency plans in place. Verify that these plans align with the organization's requirements and regulatory expectations.
• Reporting and Documentation: Maintain comprehensive records of all outsourcing arrangements, contracts, assessments, and compliance documentation. Prepare periodic reports for management and regulatory authorities as mandated.
• Training and Awareness: Conduct training sessions for internal stakeholders to enhance their understanding of outsourcing processes, regulatory requirements, and best practices.
• Continuous Improvement: Identify opportunities for process improvements and efficiencies in outsourcing activities. Collaborate with cross-functional teams to implement best practices and optimize outsourcing processes.
• Partners with business/function owners to ensuring alignment with Outsourcing policy and framework.
• Develop and maintain documentation in line with framework along with periodic reviews/updates. e.g., board packs, quarterly business review, reports, dashboards, registers, control inventories, etc.
All About You
• Proven experience in IT GRC, outsourcing, vendor management, or procurement within a regulated financial services environment (e.g., banking, insurance).
• In-depth knowledge of vendor management/outsourcing regulations and guidelines specifically around Technology, issued by relevant regulatory authorities. (MAS, RBI, EBA, NYDFS)
• Strong understanding of risk management principles and practices in the context of IT outsourcing.
• Excellent communication, negotiation, and interpersonal skills to manage relationships with vendors and internal stakeholders effectively.
• Analytical and problem-solving abilities to assess risks, make informed decisions, and develop mitigation strategies.
• Detail-oriented with a focus on maintaining accurate records and documentation.
• Ability to work collaboratively in a cross-functional environment.
• Proficiency in using relevant software tools for vendor management, compliance tracking, and reporting.
• Experience delivering presentations and engaging with senior leadership.
Corporate Security Responsibility
All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:
Abide by Mastercard’s security policies and practices;
Ensure the confidentiality and integrity of the information being accessed;
Report any suspected information security violation or breach, and
Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.
Job tags
Salary
