Product Information Security GRC Specialist

Title and Summary

Product Information Security GRC Specialist

The Product Information Security GRC Specialist role offers the chance to work with the best and brightest cybersecurity minds in our Data & Services organization to build a cyber risk management product.

Our flagship product equips business leaders to decipher the cyber risks their businesses face in business and financial terms. The platform comprehensively assesses an organization's cyber posture through various internal and external indicators. Through our platform, this helps the organization's leaders understand their cyber risk profile and prioritize their cyber investments, considering their ability to handle the most pressing threats their organization faces.

As a Product Information Security GRC Specialist, you will join the cyber research team, where you will be responsible for identifying, analyzing, and integrating information security standards and regulations, security technologies, and cyber intelligence into the product and maintaining the product's risk quantification methodology.

We seek a professional who can learn quickly, take the lead, and be accountable. The candidate should be passionate about research and cybersecurity, be a team player with a creative mindset, and have a can-do attitude to solving problems.

Responsibilities:
• Identify, analyze, and integrate information security standards and regulations into the product
• Identify, analyze, and integrate cybersecurity technologies into the product and define how the indicators for these technologies can be gathered automatically and scored
• Maintain and update the product's risk quantification methodology (e.g., attack methods. threat actors, controls, etc.)
• Identify and design product features
• Collaborate with R&D team to build and integrate these capabilities
• Act as the subject matter expert and provide support to clients with the product's capabilities and methodology

Qualifications:

• Five plus years of solid experience conducting risk and security assessments, including cloud security assessments
• A knowledge of security frameworks such as NIST, ISO 2700X, PCI-DSS, FFIEC, Cloud Security Alliance, and other frameworks. Experience in conducting assessments based on standards - advantage
• A deep knowledge of cyber security technologies. Hands-on experience - advantage
• A deep Knowledge of cyber threat frameworks such as CAPEC, Cyber Kill Chain, and MITRE ATT&CK
• Experience in gathering and analyzing cyber threat intelligence - advantage
• Experience in conducting IoT and OT risk assessments - advantage
• Must have strong analytical and critical-thinking skills
• High attention to detail and a self-starter and learner who can work independently, multi-task, and adjust to shifting priorities
• Ability to work as part of a global team with global management
• Experience adhering to rigorous and detailed instructions while also thinking creatively and solving problems
• Great communication skills
• Good teamwork and time management skills
• Strong oral and written communication skills
• Fluent in English

Corporate Security Responsibility

All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:

• Abide by Mastercard's security policies and practices;
• Ensure the confidentiality and integrity of the information being accessed;
• Report any suspected information security violation or breach, and
• Complete all periodic mandatory security trainings in accordance with Mastercard's guidelines.