Director - Grc Third Party Technology Risk

Visa is a world leader in digital payments, facilitating more than 215 billion payments transactions between consumers, merchants, financial institutions and government entities across more than 200 countries and territories each year. Our mission is to connect the world through the most innovative, convenient, reliable and secure payments network, enabling individuals, businesses and economies to thrive.

When you join Visa, you join a culture of purpose and belonging – where your growth is priority, your identity is embraced, and the work you do matters. We believe that economies that include everyone everywhere, uplift everyone everywhere. Your work will have a direct impact on billions of people around the world – helping unlock financial access to enable the future of money movement.

Join Visa: A Network Working for Everyone.

This position will be part of Visa's Cybersecurity Third Party Technology Risk Management 3PTRM team, providing oversight, coordination, and delivering the activities supporting successful risk management activities around third parties for VISA. The role will regularly lead and or collaborate on initiatives with senior leaders across the organization including emerging Cybersecurity Technology Governance review and oversight of the software, technology supply chain. The ideal candidate will be process driven, an excellent communicator, and possess strong negotiation skills.

The role requires a strong working knowledge of the legal, regulatory, and industry compliance landscape relevant to Information Security, Banking, Payments, and Data Privacy, including PCI-DSS, ISO 27000 series frameworks, Critical Security Controls (CSC), NIST 800-53, GLBA, and the EU General Data Privacy Regulation (GDPR). As a Europe based role, candidates should possess a good understanding of current and emerging UK and Europe regulations for Third Party Risk Management.

Key responsibilities:

• Provide local direction and leadership to functionally aligned resources and act as the face of Third-Party Cybersecurity Risk for Europe.
• Lead risk, security assessments of suppliers and Third Parties to identify, validate, and remediate Cybersecurity Risks. Plan, coordinate, and lead onsite assessments of Third Parties against Visa’s security framework and industry security standards. This includes the management of Intra-Group relationships and required risk management.
• Act at the point contact for the Europe Enterprise Risk team on Third Party matters.
• Lead on Third Party risk integration activities with EU Acquired Entities.
• Support ongoing monitoring of Suppliers and Third Party to review compliance against compliance and regulatory requirements.
• Lead on Supplier incident management processes.
• Lead on supplier and client contract negotiations to ensure terms align with Cybersecurity global standards whilst meeting local regulatory, legal requirements – working closely with client and legal teams.
• Lead on Cybersecurity Technology Governance engagement.
• Work closely with partner Cybersecurity teams on responding to client RFP’s (Request for Proposals) and new business and product initiatives.
• Identify, prioritize, and pursue opportunities to enhance Visa's 3PTRM processes and introduce innovative approaches and solutions to optimize efficiency and effectiveness. Contribute towards process improvement of team processes, templates, and tools.
• Develop trusted relationships with Business Partners, Visa Executives, Security & Compliance Officers, and other teams.
• Be up to date on the broader regulatory landscape affecting Visa business areas, remain current with emerging regulatory sentiments as well as solution trends in the marketplace.
• Possess an understand emerging technologies including but not limited to mobile and cloud technology.

This is a hybrid position. Hybrid employees can alternate time between both remote and office. Employees in hybrid roles are expected to work from the office 2-3 set days a week (determined by leadership/site), with a general guidepost of being in the office 50% or more of the time based on business needs.

• Bachelor’s degree in Computer Science or other technical related field or an Advanced Degree (e.g., Masters, MBA, JD, MD) or a PhD.
• Experience conducting Third Party assessment covering various Cybersecurity domains including, but not limited to, security architecture, access management, security incident management, secure software development, network security, and cryptography is a must.
• Successful track record managing delivery of complex, multi-faceted initiatives, or projects.
• Ability to quickly master new systems and/or processes, capacity to stay organized while managing competing priorities.
• Excellent working knowledge of industry and regulatory standards and oversight regimes, such as PCI, ISO 27000 series, FFIEC examinations, PRA and ECB requirements, NIST 800-53, GDPR, GLBA, etc.
• Extraordinary written and verbal communication skills, able to present to executive management, able to communicate complex security and technology concepts to non-technical staff, able to communicate complex legal and regulatory concepts to non-legal staff.
• Prior knowledge of Cybersecurity in the Payments industry is highly desirable.
• Big Four Consulting experience (E&Y, PwC, Deloitte, or KPMG).
• Certifications - CISSP, CISM, or similar preferred.

Visa is an EEO Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.