Our Purpose
Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.
Title and Summary
Lead Technology Risk Management Analyst
The Singapore Fusion Center is part of Mastercard’s global network of Fusion Centers operating under Corporate Security, providing integrated intelligence, risk, and operational coordination across cyber, fraud, technology, and geopolitical domains. The Fusion Center plays a critical role in ensuring Mastercard not only meets—but stays ahead of—regulatory, industry, and security expectations across Singapore and the Asia-Pacific region.
As a Lead Technology Risk Analyst, you will sit within the Singapore Fusion Center and serve as a key contributor to Mastercard’s technology risk and control posture. This role focuses on identifying control gaps, designing and testing effective controls, and driving sustainable remediation across critical technology platforms. You will partner closely with engineering, platform, and security teams to ensure risks are understood, managed, and addressed in alignment with global standards and evolving regulatory requirements.
This is an opportunity to work at the intersection of technology, risk, and security—solving complex problems, influencing outcomes, and helping Mastercard operate safely, securely, and compliantly at global scale.
Responsibilities
• Execute technology risk and control activities, including identifying control gaps, designing key control activities, assessing effectiveness, and driving remediation across technology platforms.
• Conduct assessments and testing of IT and operational controls to identify deficiencies, deviations, and compliance gaps against internal frameworks and external regulatory expectations.
• Lead and perform control walkthroughs to evaluate existing processes, validate control design and execution, and assess alignment with established control frameworks.
• Partner with technology and platform leadership to define and track management action plans, ensuring timely and sustainable resolution of identified risks.
• Develop, maintain, and enhance control and process documentation to support compliance with regulatory, industry, and customer requirements.
• Support remediation efforts based on risk criticality and urgency, linking remediation activities to risk ratings and ongoing monitoring.
• Collaborate closely with first- and second-line technology risk management teams to ensure consistency in risk methodology, terminology, and governance practices.
• Serve as a trusted advisor on technology risk and controls, providing guidance, education, and advocacy for strong governance and a mature risk culture.
• Contribute to Mastercard’s three-lines-of-defense model by partnering with Corporate Security, Technology, Compliance, and other control functions.
• Work effectively with colleagues across Singapore, the Asia-Pacific region, and global locations to support follow-the-sun operations and enterprise alignment.
Requirements
• Strong knowledge of IT general controls and technology operations.
• Experience with database technologies such as Oracle, SQL Server, PostgreSQL, and MongoDB.
• Understanding of IT security practices, including PCI DSS and ISO 27001.
• Ability to assess, test, and evaluate technology controls, vulnerabilities, and risks.
• General understanding of enterprise technology infrastructure and platforms.
• Experience delivering technology risk assessments, control testing, and mitigation activities.
• Demonstrated ability to lead and execute risk and control activities both independently and as part of a broader team.
• Working knowledge of industry standards and regulatory frameworks (e.g., ISO 27001, NIST Cybersecurity Framework, CIS).
• Experience developing, executing, and evaluating technology controls to meet regulatory and compliance obligations.
• Ability to align technology practices with legal, regulatory, and supervisory expectations, particularly in highly regulated environments.
• Strong execution skills, with a proven ability to manage multiple priorities and deliver high-quality outcomes in a fast-paced environment.
• Experience working effectively in global, distributed teams.
• Strong analytical skills to identify risks, assess impact, and recommend practical mitigation strategies.
• Excellent written and verbal communication skills, with the ability to clearly explain technical concepts to both technical and non-technical stakeholders, including senior leadership.
• Ability to collaborate across technology, security, compliance, product, and business teams.
• Bachelor’s degree in Information Technology, Computer Science, or a related field.
• Experience assessing or testing compliance with legal, regulatory, operational, and IT requirements.
• Professional certifications such as CISA, CIA, CISSP, or equivalent.
Corporate Security Responsibility
All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:
Abide by Mastercard’s security policies and practices;
Ensure the confidentiality and integrity of the information being accessed;
Report any suspected information security violation or breach, and
Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.