Principal Analyst, Control Testing, Certification and Assurance (Director Level)
The newly created 1st Line Control Office function within Vocalink Limited (VLL) seeks a Principal Analyst (Director-level equivalent) to join the Control Testing, Certification and Assurance team. This senior technical role requires an experienced technical subject matter expert who will lead and manage Certifications, Certification Audits, and other Assurance activities, including conducting control testing to retain VLL’s certifications across multiple frameworks and deliver assurance obligations to customers and Regulators.
This position requires a deep and broad understanding of security and technology control frameworks, with hands‑on experience across ISO 27001, ISO 22301, PCI DSS, PCI PIN, SWIFT CSP, ISAE 3000, etc. The successful candidate must analyse and assess control design, implementation and operating effectiveness against these standards, ensuring compliance and identifying gaps. The role also involves end‑to‑end management of external audits, requiring strong coordination skills and experience in audit readiness and stakeholder engagement.
The Role
Emphasis on PCI DSS—extensive experience in understanding and testing against PCI DSS requirements, and managing all aspects of the PCI DSS external audit process, is essential.
Key Responsibilities
* Leadership & Strategy
o Lead and manage external audits for technical standards such as PCI DSS and PCI PIN.
o Support the Vice President and Director of Certification and Assurance in developing and maintaining the annual Control Testing, Certification and Assurance plan.
o Deputise for the Director of Certification and Assurance when required.
o Provide strategic input into the evolution and continuous improvement of Certification and Assurance team processes.
* Certification & Assurance Responsibilities
o Maintain certification‑related documentation.
o Prepare and lead the organization for annual certification audits.
o Lead the assessment and validation of controls and processes against security standards and obligations.
o Manage certifications (e.g., ISO 27001, PCI DSS) and assurance activities (e.g., ISAE 3000).
o Conduct periodic testing of key and non‑key controls according to the Control Testing Methodology.
o Evaluate compliance with internal policies, standards, regulatory requirements, and customer obligations.
o Prepare and review control testing documentation, including test procedures, results and identified gaps.
o Escalate control deficiencies and support remediation tracking.
o Create and quality‑assure reports and team outputs.
* Team Leadership, Collaboration & Stakeholder Engagement
o Supervise and mentor junior team members (Senior Analysts and Managers).
o Support the team Director in delivering the Certification and Assurance plan.
o Maintain close relationships with Control and Process Owners and Operators.
o Contribute to governance forums, including dashboards, thematic reviews and trend analysis.
* Governance & Continuous Improvement
o Support development and refinement of certification management and assurance processes, standards, tools and methodologies.
o Contribute to the maturity of the 3 Lines of Defence model and promote proactive risk management.
o Stay informed on emerging risks, regulatory changes, certification changes and industry best practices in cybersecurity.
All About You
* Strong understanding of control frameworks and standards such as ISO 27001, NIST, CRI, or PCI DSS.
* Experience conducting security‑related audits/reviews and managing/coordinating external audits.
* Experience resolving complex certification and assurance issues.
* Knowledge of security and IT general controls across various platforms and environments.
* Proven experience in control testing or assurance within a regulated environment.
* Strong investigative and analytical skills.
* Cross‑functional collaboration experience.
* Ability to assess control design and operating effectiveness in complex environments.
* Excellent communication and stakeholder engagement skills.
* Experience managing and coaching junior team members.
* Strong organizational skills and ability to prioritize multiple tasks.
Qualifications
* Certifications such as ISO 27001, CISA, CISM, CISSP, PCI SSC ISA, CRISC or equivalent are desirable.
Preferred Skills & Attributes
* Bachelor’s degree in Computer Science, Cyber Security, Information Technology or a related field.
* Experience engaging with senior leadership at the executive level and above.
* Proficiency in data analytics and Microsoft Office Suite (Word, Excel, Access, PowerPoint).
* Self‑starter with a continuous improvement mindset and collaborative approach.
* Experience creating presentations for business discussions and reporting.
* Experience with Risk Management/GRC technologies and toolsets.
* Experience working in cross‑functional large projects with dispersed teams.
Corporate Security Responsibility
* Abide by Mastercard’s security policies and practices.
* Ensure confidentiality and integrity of accessed information.
* Report any suspected information‑security violations or breaches.
* Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.
#J-18808-Ljbffr