Our Purpose Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential. Title and Summary Senior Analyst, IT Internal Controls Overview The Senior Analyst, IT Internal Controls will support our SOX Compliance program within the Finance Organization and will report into the Director, Risk Management. This position will primarily focus on scoping and evaluation of general and application IT controls, as well as IT readiness activities related to an acquired entity. The Senior Analyst will be responsible for managing and executing various aspects of the program including IT scoping, delivery of the program, and reporting of results. The Senior Analyst will work closely with cross-functional stakeholders. Requirements for this position include fluency in English, extensive knowledge of IT general and application controls, strong understanding of IT control frameworks (e.g., COBIT, NIST Cybersecurity, NIST SP 800-53, CIS/SANS Top 20), familiarity with SEC/PCAOB regulations, COSO and US GAAP, as well as the demonstrated ability to monitor an effective global risk-based IT control environment. - Are you looking to join a fast-paced, collaborative environment supporting a world class growing organization? - Do you have the ability to think strategically and execute a complex project? - Do you have a risk-based mindset? - Are you IT savvy? - Do you have the ability to drive change and improve awareness across the organization? Role - Support the execution of various SOX program components, including IT scoping, IT risk assessment, training of stakeholders on IT control-related best practices, IT control testing and review, remediation recommendations, deficiency evaluations and reporting - Assess and determine design effectiveness of IT controls - Experience covering multiple technology environments such as UNIX/Linux and Windows environments. - Assess the design and effectiveness of IT controls, partnering with various business owners and IT teams including technology compliance, operations, and development teams. - Work with business owners to address any potential control gaps that may require remediation - Evaluate IPE (information produced by entity) for completeness and accuracy - Review third-party vendor attestation and audit reports, and provide feedback to business leaders and risk owners - Liaise with financial and IT stakeholders as well as auditors - Ensure the delivery of high quality, timely work products - Continuously identify efficiencies in the SOX program and opportunities for optimization of the financial and operational processes and controls through interaction and partnership with management - Exhibit strong project management skills with the ability to work independently and hold self and others accountable to deadlines - Demonstrate the ability to exercise judgment and display a high standard of ethics and professionalism - Demonstrate exceptional communications skills, both written and verbal, with the ability to understand complexities of the business All About You - CPA, CISA or equivalent certification required - Has a strong understanding of IT control concepts and framework such as COBIT, NIST Cybersecurity, NIST SP 800-53, CIS/SANS Top 20, Sarbanes Oxley, COSO, and leading business practices - Fluent in English language, both speaking and writing - Recent experience providing IT auditing or IT advisory-type services - Knowledge of best practices around IT controls - Working knowledge of current PCAOB Auditing and Accounting Standards - Experience with the IT external audit or risk advisory services or an in-house Technology Risk Management (first/second line of defense) or equivalent experience in a large, regulated organization with exposure to both infrastructure and applications - Knowledge of common enterprise and web application technologies - Familiarity with audit automation preferred - Proven ability to manage complex engagements or programs - Excellent oral and written communication skills and interpersonal skills with emphasis on building strong, longer-term relationships worldwide across varying geographies and functions - Detail oriented, self-motivated with the ability to meet project deadlines and deliverables in a fast-paced environment - Experience in risk management field (e.g., risk management, audit, compliance) desired - Effective ability to influence, drive change and resolve conflicts - Strong analytic, logical reasoning and problem-solving skills - Strong project management skills to lead and prioritize multiple projects - Demonstrated ability to drive change and continuous improvement - Some travel may be required in the future, up to 10% Corporate Security Responsibility All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must: Abide by Mastercard’s security policies and practices; Ensure the confidentiality and integrity of the information being accessed; Report any suspected information security violation or breach, and Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.