Our Purpose
Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.
Title and Summary
Risk Assurance Manager, Second Line Risk Assurance
Overview
The Vocalink 2nd Line Risk Assurance team is seeking an IT and Security Risk Assurance Manager to provide independent and objective assurance and advisory services that assess and enhance the effectiveness of Vocalink’s governance, risk management, and internal control environment.
This is an individual contributor role that may lead projects and influence stakeholders but does not have direct people management responsibilities. You will plan and execute IT, Security, and operational assurance projects, support risk assessments, and contribute to the annual Risk and Control Assurance plan.
You will also lead delivery of external and internal audits (e.g., ISAE 3000, ISO 27001, ISO 22301) and provide credible challenge to stakeholders across the business.
Role Responsibilities
• Lead and execute assurance projects end-to-end, from planning through fieldwork to reporting, ensuring clarity of scope, timely delivery, and high-quality outcomes.
• Contribute to the annual risk assessment process and development of the 2nd Line Risk and Control Assurance plan.
• Evaluate compliance against legal, regulatory, policy, and industry frameworks (e.g., NIST, COBIT, COSO, ISO).
• Assess design and operating effectiveness of controls through inquiry, observation, and testing.
• Identify, draft, and validate issues with business partners, articulating impact, root cause, and risk severity.
• Collaborate with issue owners to develop sustainable remediation actions; monitor progress and validate closure.
• Provide credible check and challenge to 1st Line stakeholders and influence risk/control improvements.
• Liaise with external auditors and internal teams to support audits and ensure fair presentation of the control environment.
• Perform internal audits of ISO 27001 and ISO 22301, identifying areas for improvement and validating corrective actions.
• Deliver independent attestations to meet UK payment scheme and client requirements.
What Success Looks Like
• You create value by innovating and improving assurance processes, delivering scalable solutions that strengthen risk management.
• You grow together by collaborating across teams, inviting diverse perspectives, and helping colleagues succeed.
• You move fast by prioritizing what matters, adapting quickly to new information, and owning outcomes with accountability.
All About You
• Experience in Technology Risk Management (1st or 2nd Line of Defence, internal/external audit) or equivalent experience in a large, regulated organization.
• Strong understanding of IT general controls, information security frameworks, and risk methodologies.
• Experience performing ISAE 3000, SOC, and SOX testing of internal controls.
• Ability to lead projects and influence stakeholders without direct people management responsibilities.
• Excellent written and verbal communication skills; able to communicate with candor and care.
• Professional certifications (e.g., CISA, CISM, CISSP, ISO 27001 Lead Auditor) preferred.
• Self-starter with ability to work independently and collaboratively.
Corporate Security Responsibility
All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:
Abide by Mastercard’s security policies and practices;
Ensure the confidentiality and integrity of the information being accessed;
Report any suspected information security violation or breach, and
Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.