Our Purpose
Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re helping build asustainableeconomy where everyone can prosper. We support a wide range of digital payments choices, making transactionssecure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.
Title and Summary
1st Line Security - Controls Testing Senior Analyst‑1 Main Purpose of role: The newly created Vocalink Control Office function is seeking a Senior Analyst within the 1st Line Control Testing team to support the delivery of control testing activities across Security control domains, within Vocalink Limited (VLL). VLL is a Bank of England regulated, Critical National Infrastructure (CNI) company that enables the payments of 90% of salaries, 70% of utility bills, most ATM transactions and every cheque cleared in the UK.
This role plays a key part in embedding a strong control environment by executing control testing, identifying control gaps, and supporting continuous improvement in risk management practices.
Key Responsibilities
* Support periodic testing of key and non‑key controls in accordance with the Control Testing Methodology.
* Assess control design and operating effectiveness against internal policies, standards, regulatory requirements, and customer obligations.
* Timely collection of control testing evidence from relevant Control Owners to support scheduled testing activities.
* Prepare clear and accurate test documentation, including test procedures, execution results, and supporting evidence.
* Identify and document control deficiencies, ensuring timely escalation to the Manager and supporting remediation follow‑up activities.
* Monitoring the control testing mailbox to ensure timely review and response to incoming queries and submissions.
* Work closely with 1st Line teams to obtain evidence, clarify control processes, and support accurate testing outcomes.
* Liaise with 2nd Line Security partners and Internal Audit as directed, ensuring transparency and alignment with control testing activities.
* Contribute to the preparation of management information, dashboards, and thematic analysis for governance forums.
* Support control owners by providing observations on control effectiveness and contributing to discussions on remediation approaches.
* Adhere to established control testing standards, procedures, and documentation requirements.
* Provide input on opportunities to streamline testing activities, improve efficiency, and enhance the consistency of outcomes.
* Maintain awareness of relevant regulatory requirements, emerging risks, and industry practices, particularly within the security domains.
* Contribute to strengthening the 3 Lines of Defence model by embedding robust and transparent testing practices.
Experience & Qualifications
* Experience in control testing, or assurance, and risk management within security in a regulated environment.
* Good investigative and analytical experience (e.g. enquiry, scanning, analysis, interviewing, testing), problem-solving, and decision-making skills.
* Good understanding of control frameworks and standards (e.g., NIST, CRI, ISO and PCI‑DSS).
* Ability to assess control design and operating effectiveness in complex environments and to identify control gaps and improvement opportunities.
* Good communication and stakeholder engagement skills.
* Professional certifications such as CISA, CRISC, ISO 27001 or equivalent is desirable.
Preferred Skills & Attributes
* Bachelor’s degree in Information Technology, Computer Science, Cyber Security, or related field.
* Good Knowledge of security controls and IT general controls across platforms such as UNIX, HP Nonstop, and Windows.
* Proficiency in Microsoft Office Suite (MS Word, MS Excel, MS Access and MS PowerPoint).
* Strong organisational skills with the ability to prioritise and manage multiple tasks.
* Self‑starter with a continuous improvement mindset and a collaborative approach.
Corporate Security Responsibility
* Abide by Mastercard’s security policies and practices.
* Ensure the confidentiality and integrity of the information being accessed.
* Report any suspected information security violation or breach.
* Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.
#J-18808-Ljbffr