Director, Third Party Technology Risk Management
- Foster City, CA, USA
Common Purpose, Uncommon Opportunity. Everyone at Visa works with one goal in mind – making sure that Visa is the best way to pay and be paid, for everyone everywhere. This is our global vision and the common purpose that unites the entire Visa team. As a global payments technology company, tech is at the heart of what we do: Our VisaNet network processes over 13,000 transactions per second for people and businesses around the world, enabling them to use digital currency instead of cash and checks. We are also global advocates for financial inclusion, working with partners around the world to help those who lack access to financial services join the global economy. Visa’s sponsorships, including the Olympics and FIFA™ World Cup, celebrate teamwork, diversity, and excellence throughout the world. If you have a passion to make a difference in the lives of people around the world, Visa offers an uncommon opportunity to build a strong, thriving career. Visa is fueled by our team of talented employees who continuously raise the bar on delivering the convenience and security of digital currency to people all over the world. Join our team and find out how Visa is everywhere you want to be.
This hands-on leadership position will serve as part of Visa's Cybersecurity Third Party (3P) technology Risk Management team, providing oversight, coordination, and delivering the activities supporting successful risk management activities around third parties for VISA. Members of this team work across a number of stakeholders who work with third parties to ensure appropriate processes, procedures and controls are adequately designed, implemented or remediated to meet VISA Key control requirements and mitigate any risks that are associated to with third parties. The success of this unit requires dedicated professionals who possess the analytical, feasibility, relationship and executive summary skills needed to form highly reliable risk management strategies to meet various Visa Inc. requirements along with compliance and regulatory requirements.
- Bachelor degree in Computer Science, Information Systems, Management Information Systems, or Business Administration or other related field. (Master degree is preferred.) Significant and relevant technical experience meeting the job description may be substituted for degree requirements.
- Must have 6+ years of work experience including leadership roles in Cybersecurity, Audit, Risk, and/or Compliance. Open to experience in other relevant fields (e.g., finance, business administration, information technology, etc.) as long as candidate can demonstrate relevancy to this Cybersecurity based role.
- Must have 6+ years direct participation and experience across common industry security policy areas, including, but not limited to ISO, NIST, COSO, COBIT, PCI, FFIEC, SOX, SSAE18, and others
- Must have 6+ years audit and risk management experience that includes a broad understanding of the software delivery process, professional services consulting and/or program management.
- Must have 6+ years experience providing information security or information technology consulting services to a broad range of companies and/or federal and state agencies.
- Must have 6+ years of progressively responsible management experience in the following areas: planning, budget/forecast/financial management, and staffing
- Solid understanding of Enterprise Risk Management and Strategy frameworks as well as understanding of current enterprise threat scenario as related to financial industry
- Demonstrated ability to manage implementations of large-scale, complex, multi-disciplined, cross-functional and highly visible projects/programs.
- In depth knowledge of:
- Current information security and compliance vendor landscape
- Control frameworks such as COSO
- Regulatory requirements in particular PCI-DSS, GLBA, FFIEC
- Ability to direct and lead cross-functional, cross-vendor teams
- Must be experienced in Project Management Methodologies and experienced in mentoring less experienced project personnel
- Certified Information Security Auditor/Manager (CISA/M) designation or CISSP
- Excellent communicator with strong client relationship focus with business sponsors, enterprise architects, and information security engineers to articulate business case and technology options
- Practical experience managing multiple large-scale compliance/audit projects simultaneously, strong internal consulting, customer account management, and defining engagement scope, negotiating commitments, gathering requirements, defining deliverables, designing integrated solutions, and overseeing technical implementations considered a plus
- Proven experience proposing enterprise level solutions to mitigate risk
Visa will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of Article 49 of the San Francisco Police Code.