Senior Information Security Engineer

JOB DESCRIPTION

Our Purpose

Title and Summary

Senior Information Security EngineerWho is Mastercard?
Mastercard is a global technology company in the payments industry. Our mission is to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart, and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments, and businesses realize their greatest potential.
Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. With connections across more than 210 countries and territories, we are building a sustainable world that unlocks priceless possibilities for all.
Overview
The Data Security Team team is looking for a Senior Information Security Engineer to drive several key initiatives associated with data protection and related cutting edge technology. The ideal candidate will join Emerging Corporate Security Solutions, an engineering-focused group with the critical mission of protecting Mastercard data, with a focus on classification, labeling, encryption, and data loss prevention (DLP). In addition, testing and creating best practices for monitoring and use of appropriate, safe and secure AI will be a key initiative.

Role
The core mission for this role is providing security requirements, standards, and related engineering of solutions associated with:

•Bringing clarity, consistency, and standards to Mastercard data
• Ensuring alignment with the Zero Trust Maturity Model (and related workflows)
• Executing various projects and initiatives to solve for and lower risks associated with complex data types (PCI, PII, Source Code, various types of customer and user data) and their storage & transfer
• Ensuring alignment with related standards and associated business units such as Access, Privacy, Insider Threat, Security Operations Center, Desktop Support
• Contributing to solutioning from an architecture and engineering perspective for necessary exceptions to security standards
• Helping develop security awareness communications and training to educate employees about data security and protection efforts and standards
• Helping establish and run continuous monitoring processes and alerting pursuant to data security policies to identify and respond to threats
• Staying current with Industry Trends (ISO, NIST, Regulations, Best Practices as they potentially or actually impact Data Security standards and execution of the same)

The Ideal candidate for this position should have:
• Working knowledge of basic security controls validation on applications, systems, networks, platforms, environments including on-prem and cloud
• Exposure to Data Security Standards efforts (labeling, classification, data protection)
• Working knowledge of the Zero Trust framework, with a focus on the Data Pillar
• Working knowledge of data protection technologies such as:
o Microsoft Purview Information Protection / Azure Information Protection
o DLP technologies like, Symantec DLP
o Data Security Posture Management (DSPM) tools and usage
o EDR tools (like Microsoft Defender)
o Cloud security tools (like Microsoft Defender for Cloud Apps)
o Data transfer tools (FTP, Citrix FileShare, others)
• Familiarity with data storage technologies such as, but not limited to:
o Relational Databases such as SQL Server, Oracle DB, IBM DB
o Non-Relational Databases such as MongoDB, Redis
o Data Warehouse and Data Lake tools such as Snowflake, Hadoop
o File servers, NAS, Isilon, Cloud Drives
• Ability to work collaboratively with key stakeholders (Data & Analytics group, Data Strategy & Management team, Access, Network and Security Architects, various Security Engineers) as well as coordinate with vendors to evaluate, test and deploy new technology solutions

Corporate Security Responsibility
Every person working for, or on behalf of, Mastercard is responsible for information security. All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and therefore, it is expected that the successful candidate for this position must:

• Abide by Mastercard’s security policies and practices;
• Ensure the confidentiality and integrity of the information being accessed;
• Report any suspected information security violation or breach, and
• Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.

NOTE: Candidates go through a thorough screening and interview process. There is no need to include all preferred skills in the job description.

Corporate Security Responsibility

All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:

Abide by Mastercard’s security policies and practices;

Ensure the confidentiality and integrity of the information being accessed;

Report any suspected information security violation or breach, and

Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.