Director, Exposure Management

Our Purpose

Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.

Title and Summary

Director, Exposure Management

Mastercard is a global technology company in the payments industry. Our mission is to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart, and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments, and businesses realize their greatest potential.
The Director, Exposure Management & Secure Development is responsible for leading Mastercard’s transition from traditional vulnerability management to a modern, risk‑ and exposure‑based security program. This role owns the strategy, execution, and evolution of enterprise exposure management capabilities, spanning vulnerability operations, secure development (SAST/SCA), and risk intelligence, with a focus on prioritization, business impact, and measurable risk reduction.
This leader will partner closely with Technology, Product, Engineering, and Risk stakeholders to ensure security findings are translated into actionable insights, aligned remediation priorities, and improved security outcomes across the enterprise.

Overview
As Mastercard continues to scale its digital platforms and services, managing cyber risk requires more than identifying vulnerabilities — it requires understanding exposure, exploitability, and business impact.
The Exposure Management & Secure Development team is accountable for transforming how security risk is identified, contextualized, and addressed across the enterprise. This includes moving away from siloed vulnerability scanning and static reporting toward a unified exposure management model that integrates application, infrastructure, and software supply chain risk.
The Director will lead multi‑disciplinary teams responsible for vulnerability operations and secure development practices, while driving modernization across data, tooling, metrics, and engagement models.

Role Responsibilities
Exposure Management Strategy & Execution

Define and own Mastercard’s enterprise exposure management strategy, aligning vulnerability, application, and software supply chain risks into a unified risk view
Shift the program from volume‑based vulnerability tracking to risk‑based prioritization grounded in exploitability, asset criticality, and business impact
Establish clear ownership models and engagement patterns with technology and engineering teams to drive timely and effective remediation

Vulnerability Operations & Secure Development Leadership

Lead global teams responsible for vulnerability operations, SAST, and SCA capabilities
Ensure consistent, scalable execution of vulnerability discovery, validation, prioritization, and tracking across technology domains
Evolve secure development capabilities to better support engineering velocity while improving security outcomes earlier in the SDLC

Data, Metrics & Risk Intelligence

Build and mature exposure‑focused metrics that enable leadership to understand risk posture, trends, and remediation effectiveness
Partner with data and analytics teams to leverage security telemetry, automation, and correlation across multiple data sources
Translate technical findings into clear, decision‑ready insights for senior leaders and risk partners

Technology & Transformation

Drive modernization of exposure management tooling, workflows, and integrations
Partner with Product, Engineering, and Architecture teams to influence platform capabilities and security-by-design practices
Identify opportunities for automation, orchestration, and scale across vulnerability and secure development processes

Leadership & Stakeholder Engagement

Lead, coach, and develop high‑performing teams across multiple disciplines and geographies
Serve as a trusted advisor to Technology, Security, and Risk leadership on exposure trends and remediation priorities
Influence cross‑functional stakeholders without direct authority in a complex, matrixed environment

All About You

Proven experience leading enterprise‑scale security, risk, or exposure management programs in a large, complex organization
Deep understanding of vulnerability management, application security (SAST/SCA), and modern software delivery environments
Demonstrated ability to move programs from operational execution to strategic, outcome‑driven models
Strong data‑driven mindset, with experience using metrics and analytics to influence decisions and behavior
Track record of leading transformation initiatives across people, process, and technology
Comfortable operating at both strategic and execution levels, with the ability to translate vision into measurable results
Strong communication skills, with the ability to convey complex technical risk in business‑relevant terms

Mastercard is a merit-based, inclusive, equal opportunity employer that considers applicants without regard to gender, gender identity, sexual orientation, race, ethnicity, disabled or veteran status, or any other characteristic protected by law. We hire the most qualified candidate for the role. In the US or Canada, if you require accommodations or assistance to complete the online application process or during the recruitment process, please contact [email protected] and identify the type of accommodation or assistance you are requesting. Do not include any medical or health information in this email. The Reasonable Accommodations team will respond to your email promptly.

Corporate Security Responsibility

All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:

• Abide by Mastercard’s security policies and practices;

• Ensure the confidentiality and integrity of the information being accessed;

• Report any suspected information security violation or breach, and

• Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.

In line with Mastercard’s total compensation philosophy and assuming that the job will be performed in the US, the successful candidate will be offered a competitive base salary and may be eligible for an annual bonus or commissions depending on the role. The base salary offered may vary depending on multiple factors, including but not limited to location, job-related knowledge, skills, and experience. Mastercard benefits for full time (and certain part time) employees generally include: insurance (including medical, prescription drug, dental, vision, disability, life insurance); flexible spending account and health savings account; paid leaves (including 16 weeks of new parent leave and up to 20 days of bereavement leave); 80 hours of Paid Sick and Safe Time, 25 days of vacation time and 5 personal days, pro-rated based on date of hire; 10 annual paid U.S. observed holidays; 401k with a best-in-class company match; deferred compensation for eligible roles; fitness reimbursement or on-site fitness facilities; eligibility for tuition reimbursement; and many more. Mastercard benefits for interns generally include: 56 hours of Paid Sick and Safe Time; jury duty leave; and on-site fitness facilities in some locations.

Pay Ranges

O'Fallon, Missouri: $152,000 - $258,000 USD