Director - GRC Third Party Technology Risk

Company Description

Visa is a world leader in digital payments, facilitating more than 215 billion payments transactions between consumers, merchants, financial institutions and government entities across more than 200 countries and territories each year. Our mission is to connect the world through the most innovative, convenient, reliable and secure payments network, enabling individuals, businesses and economies to thrive.

When you join Visa, you join a culture of purpose and belonging – where your growth is priority, your identity is embraced, and the work you do matters. We believe that economies that include everyone everywhere, uplift everyone everywhere. Your work will have a direct impact on billions of people around the world – helping unlock financial access to enable the future of money movement.

Join Visa: A Network Working for Everyone.

Job Description

This position will be part of Visa's Cybersecurity Third Party Technology Risk Management (“3PTRM”) team, providing oversight, coordination, and delivering the activities supporting successful risk management activities around third parties for VISA. The role will regularly lead and/or collaborate on initiatives with senior leaders across the organization. The ideal candidate will be process driven, an excellent communicator, and possess strong negotiation skills.

The role also requires a strong working knowledge of the legal, regulatory, and industry compliance landscape relevant to Information Security, Banking, Payments, and Data Privacy, including PCI-DSS, FFIEC IT Examination Handbook, ISO 27000 series frameworks, Critical Security Controls (CSC), NIST 800-53, GLBA, and the EU General Data Privacy Regulation (GDPR).  

Key responsibilities:

• Manage a team of highly focused analysts of varying skill level and domain knowledge (from new associate to senior with 10+ years of experience). Work with each one to bring optimal results, while ensuring career growth and personal achievement.

• Lead risk/security assessments of suppliers and Third Parties to identify, validate, and remediate Cybersecurity Risks. Plan, coordinate, and lead onsite assessments of Third Parties against Visa’s security framework and industry security standards.

• Support ongoing monitoring of Suppliers and Third Party to review compliance against compliance and regulatory requirements.

• Identify, prioritize, and pursue opportunities to enhance Visa's 3PTRM processes and introduce innovative approaches and solutions to optimize efficiency and effectiveness. Contribute towards process improvement of team processes, templates, and tools.

• Develop trusted relationships with Business Partners, Visa IT Executives, Security & Compliance Officers, and other teams.

• Be up to date on the broader regulatory landscape affecting Visa business areas, remain current with emerging regulatory sentiments as well as solution trends in the marketplace.

• Possess an understand emerging technologies including but not limited to mobile and cloud technology.

This is a hybrid position. Hybrid employees can alternate time between both remote and office. Employees in hybrid roles are expected to work from the office two days a week, Tuesdays and Wednesdays with a general guidepost of being in the office 50% of the time based on business needs.

Qualifications

Basic Qualifications:

10 or more years of work experience with a Bachelor’s Degree or at least 8 years of work experience with an Advanced Degree (e.g. Masters/ MBA/JD/MD) or at least 3 years of work experience with a PhD

• Experience conducting third party assessment covering various Cybersecurity domains including, but not limited to, security architecture, access management, security incident management, secure software development, network security, and cryptography is a must.
• Successful track record managing delivery of complex, multi-faceted initiatives, or projects.
• Ability to quickly master new systems and/or processes, capacity to stay organized while managing competing priorities.
• Excellent working knowledge of industry and regulatory standards and oversight regimes, such as PCI, ISO 27000 series, FFIEC examinations, NIST 800-53, GDPR, GLBA, etc.
• Extraordinary written and communication skills, able to present to executive management, able to communicate complex security and technology concepts to non-technical staff, able to communicate complex legal and regulatory concepts to non-legal staff.

Preferred Qualifications:

12 or more years of work experience with a Bachelor’s Degree or 8-10 years of experience with an Advanced Degree (e.g. Masters, MBA, JD, MD) or 6+ years of work experience with a PhD

• Prior knowledge of Cybersecurity in the Payments industry is highly desirable.
• Big Four Consulting experience (E&Y, PwC, Deloitte, or KPMG).
• Certifications - CISSP, CISM, or similar preferred.

U.S. APPLICANTS ONLY: The estimated salary range for a new hire into this position is 162,700 to 211,500 USD, which may include potential sales incentive payments (if applicable). Salary may vary depending on job-related factors which may include knowledge, skills, experience, and location. In addition, this position may be eligible for bonus and equity. Visa has a comprehensive benefits package for which this position may be eligible that includes Medical, Dental, Vision, 401 (k), FSA/HSA, Life Insurance, Paid Time Off, and Wellness Program.

Additional Information

Work Hours: Varies upon the needs of the department.

Travel Requirements: This position requires travel 5-10% of the time.

Mental/Physical Requirements: This position will be performed in an office setting.  The position will require the incumbent to sit and stand at a desk, communicate in person and by telephone, frequently operate standard office equipment, such as telephones and computers.

Visa is an EEO Employer.  Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status.  Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.

Visa will consider for employment qualified applicants with criminal histories in a manner consistent with applicable local law, including the requirements of Article 49 of the San Francisco Police Code.