Director Technology Risk Reporting & Governance
MastercardSummary
Mastercard is seeking a Director of Technology Risk Reporting & Governance to lead end-to-end governance and reporting for the Technology Risk Committee (TRC). This role involves ensuring alignment with Enterprise Risk Management (ERM) expectations, supporting audit and regulatory responses, and partnering with various stakeholders to drive risk reporting cadence and action follow-through. The successful candidate will manage the TRC operating model, facilitate meetings, assure the quality of risk materials, and oversee quarterly TRC reporting deliverables. They will also support risk program activities, coordinate corporate risk assessment submissions, and identify emerging risks. This role requires at least 4 years of experience in risk governance, technology risk management, or operational resilience, with strong program management and executive communication skills.
Required Skills
Details
- Experience Required
- 4+ years
- Posted
- ~Jun 30, 2026
Description
Our Purpose
Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.
Title and Summary
Director Technology Risk Reporting & GovernanceThis role is accountable for end-to-end governance, reporting, and stakeholder coordination for Technology Risk Committee (TRC), ensuring alignment to Enterprise Risk Management (ERM) expectations and supporting audit/regulatory responses. The position partners closely with Risk Champions, Business Risk Managers, and cross-functional stakeholders to drive disciplined risk reporting cadence, material readiness, and action follow-through.Role
The successful candidate will be responsible to:
• Govern the end-to-end TRC operating model (charter, membership, governance cycle) and ensure timely execution of the annual TRC calendar.
• Lead planning and run the full meeting lifecycle (pre-scrums, material collection, quality checks, timelines, minutes, and action item tracking).
• Facilitate TRC meetings and drive alignment across stakeholders; escalate decisions, risks, and actions as required.
• Coordinate and quality-assure TRC and technology risk materials (content readiness, metrics, narrative clarity) for internal governance bodies and broader enterprise forums (e.g., Board Risk Committee, Executive Risk Committee, Entity Technology Risk Committees, Information Security Risk Committee).
• Own quarterly TRC reporting deliverables, including Top TRC Risks, TRC-level risk assessments, and risk metrics reporting.
• Support the Technology Risk Champion and Business Risk Manager in executing ERM-required activities (e.g., risk program embedding, risk appetite, enterprise risk assessments, committees/escalation, coordination with 2LoD).
• Coordinate Corporate Risk Assessment submissions for C1: Operational Resilience, including development of required inputs (risk drivers, trends, mitigations, residual/target ratings, trend status) and updating the risk register (e.g., OpenPages/Archer as applicable).
• Drive the annual/bi-annual update of Key Mitigation Strategies (Success Factors) for C1: Operational Resilience, including status updates and documented impact to risk ratings.
• Coordinate quarterly Technology Key Business Risks content for ERM risk discussions and Quarterly Operational Reviews, ensuring technology-wide coverage (C1: Operational Resilience and Information Security) and tracking mitigation progress.
• Identify, assess, and socialize emerging risks for enterprise-wide Technology risks; ensure emerging risks are appropriately evaluated and proposed for risk register updates.
• Partner with stakeholders to ensure audit and regulatory responses related to technology risk and C1: Operational Resilience are complete, accurate, and delivered on time.
All About You
• Demonstrated experience min 4 years in risk governance, technology risk management, operational resilience, or related control/risk disciplines within a complex organization.
• Strong program management and governance skills, including running structured cadences, managing dependencies, and driving action-item closure.
• Proven ability to build and quality-assure executive-level risk materials (dashboards, narratives, metrics, and committee packs).
• Experience partnering with 2LoD teams (e.g., ERM, Compliance, Operational Risk, Information Security) and supporting audit/regulatory engagements.
• Comfortable operating across multiple stakeholders and influencing outcomes without direct authority.
• Clear written and verbal communication skills, with high level attention to detail and an ability to translate complex risk topics into concise messaging for senior audiences.
Corporate Security Responsibility
All activities involving access to Mastercard assets, information, and networks must be performed in compliance with applicable policies and standards, including safeguarding information, completing required training, and promptly reporting security incidents in accordance with corporate requirements.
Equal Opportunity
Mastercard is an equal opportunity employer and is committed to creating an inclusive environment for all employees.
Corporate Security Responsibility
All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:
- Abide by Mastercard’s security policies and practices;
- Ensure the confidentiality and integrity of the information being accessed;
- Report any suspected information security violation or breach, and
- Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.