Lead Technology Risk Management Analyst

Our Purpose
Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we're helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.
Title and Summary
Lead Technology Risk Management Analyst
The Singapore Fusion Center is part of Mastercard's global network of Fusion Centers operating under Corporate Security, providing integrated intelligence, risk, and operational coordination across cyber, fraud, technology, and geopolitical domains. The Fusion Center plays a critical role in ensuring Mastercard not only meets-but stays ahead of-regulatory, industry, and security expectations across Singapore and the Asia-Pacific region.
As a Lead Technology Risk Analyst, you will sit within the Singapore Fusion Center and serve as a key contributor to Mastercard's technology risk and control posture. This role focuses
monitoring and driving security regulatory compliance, audits/remediation, governance, and security risk and metrics reporting. You will partner closely with cross functional teams within Technology and Risk Functions to ensure regulatory security risks are understood, managed, and addressed in alignment with global standards and evolving regulatory requirements.
This is an opportunity to work at the intersection of technology, risk, and security-solving complex problems, influencing outcomes, and helping Mastercard operate safely, securely, and compliantly at global scale.
Responsibilities
1. Monitor, assess and document security obligations, from new and changing regulations and laws across global markets.
2. Collaborate with broader teams across Corporate Security to advise and drive compliance on region specific regulatory requirements pertaining to domains within Information Security and Cyber Security.
3. Engage with partner teams across TECH, Risk, Reg Affairs etc. on supporting Regulatory audits/obligations, driving and monitoring remediation efforts for Security.
4. Develop and implement governance processes for managing regulatory security risk and ensuring sustenance of controls and measures implemented for compliance.
5. Oversee tracking and reporting of security metrics, security risk status and security deliverables as part of representation in market level risk committees and internal forums, including reporting to Sr leadership.
6. Serve as a trusted advisor on technology risk and controls, providing guidance, education, and advocacy for strong governance and a mature risk culture.
All About You
The ideal candidate for this position should have: • Have strong understanding of information and cyber security domains, governance and risk management practices.• Experience in handling security audits, conducting assessments, senior stakeholder management.• Proven ability to lead cross-functional teams and manage complex projects.• Strong understanding of security frameworks (e.g., NIST, ISO 27001, PCI-DSS, CIS) and regulatory standards.• Ability to align security practices with legal, regulatory, and supervisory expectations, particularly in highly regulated environments.• Preferred security certification e.g. CISSP, CISM, CISA• Excellent written and verbal communication skills to interact with stakeholders • Be seen as a trusted advisor who understands business processes and can provide security consultation and advisory.• Confident, analytical and able to drive security discussions with stakeholders in global, distributed teams.
NICE Framework References
National Initiative for Cybersecurity Education (NICE) competency proficiency levels of advanced to expert in the following areas: • Client Relationship Management• Risk Management• Interpersonal Skills• Information Systems/Network Security• Information Assurance• Project Management
Corporate Security Responsibility
All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:

• Abide by Mastercard's security policies and practices;
• Ensure the confidentiality and integrity of the information being accessed;
• Report any suspected information security violation or breach, and
• Complete all periodic mandatory security trainings in accordance with Mastercard's guidelines.