Company: Mastercard
Location: O'Fallon, MO
Career Level: Associate
Industries: Banking, Insurance, Financial Services
Description
Our Purpose
We work to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments and businesses realize their greatest potential. Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. We cultivate a culture of inclusion for all employees that respects their individual strengths, views, and experiences. We believe that our differences enable us to be a better team – one that makes better decisions, drives innovation and delivers better business results.
Title and Summary
Analyst- Supplier Resilience (Operational Resilience) Analyst responsible for Third Party (Supplier) Resilience as part of the Operational Resilience team, reporting to the Director Operational Resilience and Business Continuity.Who is Mastercard?
Mission First, People Always
As Corporate Security, we are responsible for keeping Mastercard safe and secure from cyber and physical threats, and it is our people on the frontlines who make this happen every day.
By taking care of our people, their wellbeing, and career development, we provide them the necessary tools and environment to ensure the success of our mission.
Overview
Reports to the Operational Resilience Supplier Resilience Lead Analyst as a member of Mastercard's Corporate Security Enterprise Resilience Team. Primarily responsible for supporting Supplier Resilience across Mastercard (including Business Continuity (BCM), Crisis Management (CM) and Technical Recovery (TR)). This ‘hands on' execution role is expected to work independently while receiving support, processes and procedures from a global Enterprise Resilience team at Mastercard. Some travel (including international) may be required.
Role:
Partner with global Enterprise Resilience team to design and implement the Operational Resilience Supplier Resilience solution across Mastercard.
Embed Operational Resilience Supplier Resilience as a program within the organisation, built off the foundation of the Enterprise Resilience Disciplines (OR BCM, CM, TR).
Partner with global Enterprise Resilience staff to understand resilience and to guide Supplier Resilience standardisation where appropriate.
Have a high level of understanding and comprehension of Operational Resilience Supplier Resilience regulation and guidelines, including but not limited to, the Bank of England (BoE) and EU DORA regulations.
Have an awareness of other jurisdiction regulations, guidelines and proposals in relation to Operational Resilience Supplier Resilience (e.g., DORA).
Implement the Enterprise Resilience Supplier Resilience program structure to align with relevant certification standards (ISO, NIS2, NIST, ITIL, ITSM).
Partner with team members within the Resilience Planning (RP) function to support regulatory compliance for all jurisdictions in which this business entity operates.
Perform Critical Service (CS) Supplier Resilience identification and analysis in line with all appropriate regulatory expectations.
Assess (criticality) and clarify / confirm Impact Tolerance/ Maximum Tolerable Period of Disruption (MTPD) levels for those all Services deemed in scope.
Partner with all appropriate Risk functions to ensure required attestations to regulators and other bodies are made in line with program framework and regulatory expectations.
Partner with and hold responsibility for other Supplier Resilience tasks such as Service Impact Analysis and risk assessment coordination, business continuity planning and exercises while applying detailed QA and support for your business partners.
Ensuring Supplier Resilience capabilities of third parties are compliant with risk management mandates.
Perform as a Supplier Resilience subject matter expert to set-up this entity with the proper construct and response model including plans and exercises (some with its' strategic partners), while supporting the Crisis Management Team during crisis
Partner with the team's technology recovery contact to ensure system impact analysis, recovery plans and exercises are performed as designated by policy.
Train business partners on the program's roles and responsibilities and ensure all staff within the entity are knowledgeable of our requirements.
Build key business relationships within the entity and become a trusted partner to further embed a Supplier Resilience Business Continuity culture.
Provides consultation to management and Identify opportunities to implement process improvements.
Experience & Qualifications:
2 years' experience of Supplier Resilience and the developing global regulatory landscape.
2 years' experience of ITSM and ITIL standards.
2 years' experience of Supplier Resilience End to End (E2E) exercising and testing.
Experience of knowledge of Cyber Resilience desired.
2 years' experience of Supplier Management Frameworks including but not limited to:
Supplier Contracts, Service Levels, and the Regulatory requirements
Supplier Performance Reviews
Supplier Due Diligence
Continuous monitoring of Suppliers
Critical Supplier controls creation
Supplier Business Continuity reviews and gap analysis
Joint exercising and testing of Suppliers capabilities.
Risk Management of Suppliers
Supplier Service issues resolution
Root Cause Analysis (RCA)
Excellent written and spoken English language communication skills are a core requirement.
Discipline relevant bachelor's degree or equivalent combination of experience and formal education.
Minimum of three years' experience in a similar role
Detailed knowledge and experience of relevant ISO certification requirements and regulatory requirements / relevant legislation.
Industry accreditation (preferably at MBCI (or equivalent) level minimum)
Strong experience in impact analysis & risk assessment design and process.
Experience in designing, facilitating and reporting on complex, scenario-based Supplier Resilience exercises.
Capable of executing or fully understanding technology recovery exercise; technology background advantageous
Demonstrable experience managing business continuity third party risk process.
Fusion Risk Management Business Continuity software experience advantageous
Emergency notification tool experience advantageous
Experience in the design and delivery or management information metrics advantageous.
Personal Qualities:
Ability to influence key stakeholders.
Confident decision maker and demonstrates task and objective ownership.
Ability to drive consistent and repeatable results with limited supervision.
Excellent oral and written communication and presentation skills
Strong Relationship Management at all levels
High attention to detail, accurate and consistent (on time) delivery
Ability to define and implement solutions based on strategic direction.
Passion for personal development and learning
NICE Framework references
This Mastercard role shares knowledge, skills, and abilities with related NICE work roles.
• PD-OR-008 Provides Practitioner level expertise, Leadership, Identifies, analyses, and ensures Service Owners mitigate threats to their Service provisioning from Mastercard's Services Supply Chains.
Corporate Security Responsibility
Every person working for, or on behalf of, Mastercard is responsible for information security. All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and therefore, it is expected that the successful candidate for this position must:
• Abide by Mastercard's security policies and practices.
• Ensure the confidentiality and integrity of the information being accessed.
• Report any suspected information security violation or breach, and
• Complete all periodic mandatory security trainings in accordance with Mastercard's guidelines. Mastercard is an inclusive equal opportunity employer that considers applicants without regard to gender, gender identity, sexual orientation, race, ethnicity, disabled or veteran status, or any other characteristic protected by law. In the US or Canada, if you require accommodations or assistance to complete the online application process or during the recruitment process, please contact reasonable_accommodation@mastercard.com and identify the type of accommodation or assistance you are requesting. Do not include any medical or health information in this email. The Reasonable Accommodations team will respond to your email promptly.
Corporate Security Responsibility
All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:
Abide by Mastercard's security policies and practices;
Ensure the confidentiality and integrity of the information being accessed;
Report any suspected information security violation or breach, and
Complete all periodic mandatory security trainings in accordance with Mastercard's guidelines.
Apply on company website
Find Connections via Linkedin
