Senior IT Auditor

Our Purpose

Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.

Title and Summary

Senior IT Auditor

Overview

• Do you thrive in a fast-paced environment where both attention to detail and big picture focus are equally and critically important?
• Are you eager to understand Mastercard’s global business and provide management with insight and perspective on governance, risk management, and internal controls?
• Have you been successful as part of a global team with diverse skills and experiences?

Mastercard’s global Internal Audit team provides independent and objective assurance and advisory services to assess and enhance the effectiveness and efficiency of Mastercard’s governance, risk management and internal control processes. This position will be responsible for leading and/or providing day-to-day support with risk assessment and IT audit and advisory projects.

Role

• Plan and execute IT, security, and operational audits within and across business lines, including assessing risks and determining scope of assigned audits
• Identify control gaps and process improvement opportunities, and evaluate compliance with operational, legal, regulatory, and IT policies and procedures
• Develop and communicate meaningful, value-added audit findings and reports that provide clarity to, and stimulate action from management
• Consult with management in determining action items required for resolution of control issues, working directly with management as necessary
• Track and monitor management action plans to ensure sustainable resolution of control gaps
• Provide risk and control advice and education for the benefit of the organization, be a champion and advocate for strong risk management and governance controls, and partner with other control functions to strengthen our three lines of defence model
• Work with colleagues located both locally and in various offices around the world

All About You

• Ability to quickly understand and critically analyze complex IT processes, identify and assess potential risks, and determine whether those risks are appropriately mitigated (using various techniques, such as problem solving, root cause, and data analysis)
• Demonstrated experience in, and commitment to, the fields of internal / external IT audit, through work experience, or experience working in operations, or IT within a major global organization with a focus on risk management.
• Bachelor's degree with concentration in information systems, information technology, computer science or engineering. Certification required (e.g. CISSP, CISA)
• Excellent interpersonal communication skills, both written and verbal
• Intellectually curious, self-motivated, passionate, works well both independently and as part of a team
• Committed to self-development; encourages constructive criticism, and seeks opportunities to capitalize on demonstrated strengths and to identify and address development areas
• Able to deliver high-quality work, within budget and on time
• Ability to travel up to 10%

Knowledge/Experience (preferred):
• Internal/external IT audit experience
• Knowledge of IT general computer controls and related operations, including UNIX, HP Nonstop and Windows environments
• Understanding of IT security practices, PCI DSS compliance, and ISO 27001 standards
• Understanding of software engineering concepts and methodologies
• Understanding of the Standards for Professional Practice of Internal Audit of the Institute of Internal Auditors, auditing procedures and techniques
• Proficient with Data analytics, MS Word, MS Excel, MS Access, ACL or similar audit tool

Corporate Security Responsibility

All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:

• Abide by Mastercard’s security policies and practices;

• Ensure the confidentiality and integrity of the information being accessed;

• Report any suspected information security violation or breach, and

• Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.