TASC

Principal Analyst, Control Testing, Certification and Assurance – Director Level

TASC

full-time

Posted on:

Location Type: Office

Location: LondonUnited Kingdom

Visit company website

Explore more

AI Apply
Apply

Job Level

Lead

Tech Stack

Cyber Security

About the role

  • Lead and manage external audits for technical standards, e.g. PCI DSS and PCI PIN.
  • Support the Vice President and Director of Certification and Assurance in the development and maintenance of the annual Control Testing, Certification and Assurance plan.
  • Supporting and deputising for the Director of Certification and Assurance in the discharge of their responsibilities, as required.
  • Provide strategic input into the evolution and continuous improvement of Certification and Assurance team processes and procedures.
  • Maintain certification related documentation.
  • Prepare and lead the organisation for annual certification audits.
  • Lead the assessment and validation of controls and processes against a variety of security standards and obligations.
  • Lead the team on the management of certifications, (e.g., ISO27001, PCI DSS) and assurance activities (e.g., ISAE3000).
  • Conduct periodic testing of key and non-key controls in line with the Control Testing Methodology.
  • Evaluate compliance with internal policies, standards, regulatory requirements, and customer obligations.
  • Prepare and review control testing documentation, including test procedures, results, and identified gaps.
  • Ensure timely escalation of control deficiencies and support remediation tracking.
  • Create and quality assure reports and team outputs.
  • Supervise and mentor junior team members (Senior Analysts and Managers), providing guidance on certification requirements, assurance requirements, testing execution and quality assurance.
  • Support the team Director in delivering the Certification and Assurance plan.
  • Maintain close working relationships with Control and Process Owners and Operators to operate certificate maintenance and assurance activities efficiently and effectively.
  • Contribute to reporting for governance forums, including dashboards, thematic reviews, and trend analysis.
  • Support the development and refinement of certification management, Assurance activities and control testing processes, standards, tools, and methodologies.
  • Contribute to the maturity of the 3 Lines of Defence model and promote a culture of proactive risk management.
  • Stay informed on emerging risks, regulatory changes, certification changes and industry best practices with a focus on cybersecurity risks.

Requirements

  • Strong understanding and experience of working with control frameworks and standards (e.g. ISO27001, NIST, CRI, or PCI DSS).
  • Strong understanding and experience of conducting security related audits/reviews and managing/coordinating external audits including certification audits.
  • Experience of resolving varied and complex certification and assurance issues.
  • Knowledge and experience of all areas of security and IT general controls across a variety of platforms and environments.
  • Proven experience in control testing or assurance within security in a regulated environment.
  • Strong investigative and analytical experience (e.g. enquiry, scanning, analysis, interviewing, testing), problem-solving, and decision-making skills.
  • Experience collaborating cross-functionally to identify and implement good practice security audit management and assurance processes.
  • Ability to assess control design and operating effectiveness in complex environments and to identify control gaps and improvement opportunities.
  • Excellent communication and stakeholder engagement skills.
  • Experience of managing and coaching junior team members.
  • Strong organisational skills with the ability to prioritise and manage multiple tasks.
  • Certifications such as ISO27001, CISA, CISM, CISSP, PCI SSC ISA, CRISC, or equivalent is desirable.
Benefits
  • Abide by Mastercard’s security policies and practices
  • Ensure the confidentiality and integrity of the information being accessed
  • Report any suspected information security violation or breach
  • Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
control frameworksISO27001NISTPCI DSSsecurity auditscontrol testingIT general controlsrisk managementanalytical skillsproblem-solving
Soft Skills
communicationstakeholder engagementcoachingorganisational skillsprioritisationdecision-makinginvestigative skillscollaborationmentoringstrategic input
Certifications
ISO27001CISACISMCISSPPCI SSC ISACRISC