Director, Technology Risk Management

Visa is a world leader in payments and technology, with over 259 billion payments transactions flowing safely between consumers, merchants, financial institutions, and government entities in more than 200 countries and territories each year. Our mission is to connect the world through the most innovative, convenient, reliable, and secure payments network, enabling individuals, businesses, and economies to thrive while driven by a common purpose – to uplift everyone, everywhere by being the best way to pay and be paid.

Make an impact with a purpose-driven industry leader. Join us today and experience Life at Visa.

Job Description: Visa is seeking a Director within its Technology Risk Management program to lead and enhance the review and assessment of Cybersecurity and Technology risks. This role requires strategic oversight, leadership, and the ability to guide a team in effective control testing. The Director will supervise and provide direction for Risk Assessments, Design Effectiveness Assessments, and Operational Effectiveness Testing for critical technology threat vectors such as security configuration management, firewall configuration, application, user access management, and availability & reliability. Responsibilities include developing and managing stakeholder engagement plans, overseeing process walkthroughs, ensuring timely tracking/reporting of deliverables, and producing high-quality documentation for all lines of defense and risk stakeholders. Additionally, the Director will oversee meeting various program requirements and deadlines and possess a deep understanding of high-risk areas in technology and cybersecurity processes.

Key Responsibilities:

Technology & Cybersecurity Controls Testing:

• Provide strategic oversight and direction for technology risk assessments focusing on infrastructure, applications, vulnerability, availability & reliability, and cybersecurity processes.
• Lead independent technology and cybersecurity controls testing initiatives.
• Ensure comprehensive documentation of testing results in detailed workpapers.
• Oversee the preparation and review of management reports based on testing outcomes.
• Communicate findings with senior stakeholders and ensure appropriate follow-up actions are taken.

Automation for Continuous Monitoring:

• Drive the development and implementation of automation for continuous controls monitoring/auditing for technology and cybersecurity.
• Oversee the monitoring of automated control results, ensuring thorough investigations and timely follow-ups.

Risk & Control Self-Assessment (RCSA):

• Lead and ensure the effective execution of RCSA Risk Business Partner (RBP) controls quality review and sample-based testing.
• Oversee and direct the Key Risk Indicator (KRI) testing processes.

Key Risk Indicator (KRI) Testing:

• Develop and maintain a robust KRI testing framework.
• Ensure data integrity and accuracy in KRI calculations.
• Verify the logical framework for risk management and ensure consistency across multiple sources.
• Oversee the preparation and review of detailed workpapers documenting testing results, methodologies, findings, and identified issues.

Training, Metrics Alignment & Reporting:

• Develop and track risk management training programs.
• Align RIS metrics with reporting dashboards.
• Manage and oversee reporting and stakeholder communication.

Program Management:

• Lead the TRM Team's Monitoring & Testing program for FY25, ensuring all program scope requirements are met.
• Develop and maintain a detailed program plan, including timelines, milestones, and deliverables.
• Track and report on program progress, proactively identifying and addressing any issues or delays.

Collaboration & Stakeholder Engagement:

• Foster collaboration with teams involved in the process, including Cybersecurity, Operations & Infrastructure, and Corporate IT.
• Develop and manage stakeholder engagement plans, ensuring effective communication and collaboration with all relevant parties.
• Present Control and KRI gap issues to the First Line of Defense, driving continuous process improvement and effective gap remediation.

Team Leadership:

• Provide leadership and oversight to analysts, ensuring the effective execution of Risk Assessments, Design Effectiveness Assessments, and Operational Effectiveness Testing.
• Mentor and develop team members, fostering a culture of continuous improvement and high performance.
• Ensure the production of high-quality workpapers for all lines of defense teams, particularly for Third- and Fourth-Line reviews.

Compliance & Reporting:

• Ensure compliance with relevant regulations and internal policies.
• Deliver on commitments made by Visa to regulators regarding ongoing risk and Control and KRI monitoring and testing.
• Produce and present results on a monthly, quarterly, and annual basis to senior management.

This is a hybrid position. Hybrid employees can alternate time between both remote and office. Employees in hybrid roles are expected to work from the office 2-3 set days a week (determined by leadership/site), with a general guidepost of being in the office 50% or more of the time based on business needs.

Basic Qualifications

• •12+ years of experience in technology risk management, cybersecurity, or related fields.
• •Extensive experience in auditing technology and cybersecurity processes, risks, and controls.
• •In-depth working knowledge of cybersecurity and technology.
• •Familiarity with the three lines of defense model in the fintech field.
• •Strong prioritization skills to meet timelines efficiently and adapt quickly to
• changing priorities.
• •Excellent analytical and problem-solving skills.
• •Effective communication skills, both formal and informal.
• •Ability to facilitate group discussions and debates across geographic and
• functional lines and levels.
• •Bachelor's Degree.

Preferred Qualifications:

• •Experience in regulated industries.
• •Experience in payment industries.
• •Relevant certifications such as CISA, CISM, CISSP.

Visa is an EEO Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.