Technology Risk Management, Director - External Assessments

Visa is a world leader in payments and technology, with over 259 billion payments transactions flowing safely between consumers, merchants, financial institutions, and government entities in more than 200 countries and territories each year. Our mission is to connect the world through the most innovative, convenient, reliable, and secure payments network, enabling individuals, businesses, and economies to thrive while driven by a common purpose – to uplift everyone, everywhere by being the best way to pay and be paid.

Make an impact with a purpose-driven industry leader. Join us today and experience Life at Visa.

Visa is seeking a proactive, experienced professional that will work with internal and external stakeholders to evaluate technology risks and controls. Partner with relevant stakeholders to identify mitigating and compensating controls, and/or advise on control areas needing improvement. This position will be an integral member of the team leading in the execution of numerous technology-related examinations (e.g. SSAE, PCI DSS, SOC2, WebTrust, PCI PIN, etc.) within the Visa External Assessments team. This program spans multiple geographies and competency areas within the technology risk domain for which its results are visible to Visa’s management as well as Visa’s external clients & their auditors, partners and regulators.

The candidate must have a good understanding of the methodology in the mentioned third-party assessments, technology risks, audit and controls, be able to provide practical, client-focused solutions, and effectively partner and communicate with numerous cross-functional personnel.

Key Responsibilities:

• Manage the execution of Third-Party Assessments (e.g. SSAE18, PCI DSS, SOC2, WebTrust, PCI PIN, etc.) of Visa from start to completion
• Apply IT controls and auditing skills/experience when needed in order to collaborate with the third-party assessors/auditors and address Visa personnel’s overall questions and needed clarifications
• Support senior management in periodic reporting and/or ad hoc support to the team as needed
• Manage additional projects and initiatives as assigned

This is a hybrid position. Hybrid employees can alternate time between both remote and office. Employees in hybrid roles are expected to work from the office 2-3 set days a week (determined by leadership/site), with a general guidepost of being in the office 50% or more of the time based on business needs.

• 12 years experience in Internal Control Function preferred, with strong Technology and Cybersecurity audit or compliance experience
• Professional certifications: CISA, CIA, CISSP, PMP and/or CPA preferred
• Prior experience with security and privacy regulations and industry standards (e.g. SSAE, SOC1, SOC2, PCI-DSS, GLBA, WebTrust, PCI-PIN, etc.)
• Solid understanding of IT domains and processes - cybersecurity (e.g. access management, data security, etc.), availability (e.g. incident and change management, capacity management), and business continuity risks and controls
• Prior experience leading IT Audits and/or IT Projects with the ability to prioritize deliverables and projects to meet timelines efficiently and adapt to changes in priorities quickly

Visa is an EEO Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.