Lead Information Security Engineer-R-247568

Our Purpose

Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.

Title And Summary

Lead Information Security Engineer

Position Overview

As a Business Security Engineer at Mastercard Payment Services, you will be responsible for analyzing security reports, identifying and addressing gaps in security controls, assessing risks, and supporting the development of secure architectures. You will collaborate with development and infrastructure teams to integrate security practices throughout the business, ensure compliance with security standards and frameworks, and recommend improvements to security operations. This role requires strong technical expertise in risk management, vulnerability assessment, secure system design, and the ability to communicate security issues effectively to stakeholders at all levels.

Key Responsibilities

• Lead the Vulnerability Management program, including identification, analysis, prioritization, reporting, and tracing of vulnerabilities across systems, applications and networks.
• Analyze security test reports, including results from SAST. DAST, and TLPT exercises, to assess vulnerabilities, identify gaps in controls, and recommend appropriate remediation strategies.
• Support and coordinate Threat-Led Penetration Testing (TLPT) initiatives in alignment with frameworks such as TIBER-EU, TLPT/TIBER-DK and TIBER-NO
• Perform comprehensive security assessments across policy, process, operational, and technical layers to ensure alignment with best practices and compliance requirements.
• Assist in the development and delivery of security architectures that reduce risk while maintaining operational effectiveness.
• Support the definition and maintenance of security requirements, standards, and reference architectures to ensure consistency and compliance across all business units.
• Collaborate with development, infrastructure, and operations teams to integrate security practices into project delivery lifecycles.
• Provide technical security consulting, offering recommendations to ensure systems and applications are designed and maintained securely.
• Evaluate and propose improvements to existing security controls and operating procedures based on risk assessments and emerging threats.
• Communicate findings, risks, and recommendations clearly and professionally to technical and non-technical stakeholders, including senior leadership.
• Develop and maintain technical documentation including risk assessments, gap analysis reports, and security solution designs.
  
  
  

Ideal Candidate Profile

• Proven experience in security engineering, including security analysis, risk assessments, and gap evaluations.
• Strong understanding of security frameworks and standards such as NIST, ISO/IEC 27001, PCI-DSS, and ISAE.
• Knowledge of secure system architecture for web-based, cloud, and on-premises environments.
• Proven expertise in secure development practices, threat modeling, vulnerability management, and secure coding standards.
• Practical experience with cryptographic technologies, including encryption, hashing, TLS, digital certificates, and key management.
• Understanding of firewalls, hardware security modules (HSMs), threat prevention, and detection technologies.
• Strong communication and interpersonal skills, with the ability to translate complex security issues into actionable business recommendations.
• Ability to work across multiple projects simultaneously, managing deadlines and competing priorities effectively.
• Commitment to continuous learning and staying updated on emerging security trends and technologies.
  
  
  

Corporate Security Responsibility

All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:

• Abide by Mastercard’s security policies and practices;
• Ensure the confidentiality and integrity of the information being accessed;
• Report any suspected information security violation or breach, and
• Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.
  
  
  

R-247568