Director, Exposure Management
<p><span><b>Our Purpose</b></span></p><p></p><p><i>Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, were helping build asustainableeconomy where everyone can prosper. We support a wide range of digital payments choices, making transactionssecure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.</i></p><p></p><p><b>Title and Summary</b></p><h3></h3><p></p>Director, Exposure Management<h3></h3><p style="text-align:inherit"></p>Mastercard is a global technology company in the payments industry. Our mission is to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart, and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments, and businesses realize their greatest potential.<br>The Director, Exposure Management & Secure Development is responsible for leading Mastercards transition from traditional vulnerability management to a modern, risk and exposurebased security program. This role owns the strategy, execution, and evolution of enterprise exposure management capabilities, spanning vulnerability operations, secure development (SAST/SCA), and risk intelligence, with a focus on prioritization, business impact, and measurable risk reduction.<br>This leader will partner closely with Technology, Product, Engineering, and Risk stakeholders to ensure security findings are translated into actionable insights, aligned remediation priorities, and improved security outcomes across the enterprise.<br><br>Overview<br>As Mastercard continues to scale its digital platforms and services, managing cyber risk requires more than identifying vulnerabilities it requires understanding exposure, exploitability, and business impact.<br>The Exposure Management & Secure Development team is accountable for transforming how security risk is identified, contextualized, and addressed across the enterprise. This includes moving away from siloed vulnerability scanning and static reporting toward a unified exposure management model that integrates application, infrastructure, and software supply chain risk.<br>The Director will lead multidisciplinary teams responsible for vulnerability operations and secure development practices, while driving modernization across data, tooling, metrics, and engagement models.<br><br>Role Responsibilities<br>Exposure Management Strategy & Execution<br><br>Define and own Mastercards enterprise exposure management strategy, aligning vulnerability, application, and software supply chain risks into a unified risk view<br>Shift the program from volumebased vulnerability tracking to riskbased prioritization grounded in exploitability, asset criticality, and business impact<br>Establish clear ownership models and engagement patterns with technology and engineering teams to drive timely and effective remediation<br><br>Vulnerability Operations & Secure Development Leadership<br><br>Lead global teams responsible for vulnerability operations, SAST, and SCA capabilities<br>Ensure consistent, scalable execution of vulnerability discovery, validation, prioritization, and tracking across technology domains<br>Evolve secure development capabilities to better support engineering velocity while improving security outcomes earlier in the SDLC<br><br>Data, Metrics & Risk Intelligence<br><br>Build and mature exposurefocused metrics that enable leadership to understand risk posture, trends, and remediation effectiveness<br>Partner with data and analytics teams to leverage security telemetry, automation, and correlation across multiple data sources<br>Translate technical findings into clear, decisionready insights for senior leaders and risk partners<br><br>Technology & Transformation<br><br>Drive modernization of exposure management tooling, workflows, and integrations<br>Partner with Product, Engineering, and Architecture teams to influence platform capabilities and security-by-design practices<br>Identify opportunities for automation, orchestration, and scale across vulnerability and secure development processes<br><br>Leadership & Stakeholder Engagement<br><br>Lead, coach, and develop highperforming teams across multiple disciplines and geographies<br>Serve as a trusted advisor to Technology, Security, and Risk leadership on exposure trends and remediation priorities<br>Influence crossfunctional stakeholders without direct authority in a complex, matrixed environment<br><br><br>All About You<br><br>Proven experience leading enterprisescale security, risk, or exposure management programs in a large, complex organization<br>Deep understanding of vulnerability management, application security (SAST/SCA), and modern software delivery environments<br>Demonstrated ability to move programs from operational execution to strategic, outcomedriven models<br>Strong datadriven mindset, with experience using metrics and analytics to influence decisions and behavior<br>Track record of leading transformation initiatives across people, process, and technology<br>Comfortable operating at both strategic and execution levels, with the ability to translate vision into measurable results<br>Strong communication skills, with the ability to convey complex technical risk in businessrelevant terms<h3></h3><p style="text-align:inherit"></p>Mastercard is a merit-based, inclusive, equal opportunity employer that considers applicants without regard to gender, gender identity, sexual orientation, race, ethnicity, disabled or veteran status, or any other characteristic protected by law. We hire the most qualified candidate for the role. In the US or Canada, if you require accommodations or assistance to complete the online application process or during the recruitment process, please contact reasonable_accommodation@mastercard.com and identify the type of accommodation or assistance you are requesting. Do not include any medical or health information in this email. The Reasonable Accommodations team will respond to your email promptly.<h3></h3><p style="text-align:inherit"></p><p style="text-align:left"><b>Corporate Security Responsibility</b></p><p style="text-align:left"><br />All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:</p><ul><li><p style="text-align:left">Abide by Mastercards security policies and practices;</p></li><li><p style="text-align:left">Ensure the confidentiality and integrity of the information being accessed;</p></li><li><p style="text-align:left">Report any suspected information security violation or breach, and</p></li><li><p style="text-align:left">Complete all periodic mandatory security trainings in accordance with Mastercards guidelines.</p></li></ul><p style="text-align:inherit"></p><p style="text-align:inherit"></p><h3></h3><p style="text-align:inherit"></p>In line with Mastercards total compensation philosophy and assuming that the job will be performed in the US, the successful candidate will be offered a competitive base salary and may be eligible for an annual bonus or commissions depending on the role. The base salary offered may vary depending on multiple factors, including but not limited to location, job-related knowledge, skills, and experience. Mastercard benefits for full time (and certain part time) employees generally include: insurance (including medical, prescription drug, dental, vision, disability, life insurance); flexible spending account and health savings account; paid leaves (including 16 weeks of new parent leave and up to 20 days of bereavement leave); 80 hours of Paid Sick and Safe Time, 25 days of vacation time and 5 personal days, pro-rated based on date of hire; 10 annual paid U.S. observed holidays; 401k with a best-in-class company match; deferred compensation for eligible roles; fitness reimbursement or on-site fitness facilities; eligibility for tuition reimbursement; and many more. Mastercard benefits for interns generally include: 56 hours of Paid Sick and Safe Time; jury duty leave; and on-site fitness facilities in some locations.<p style="text-align:inherit"></p><p style="text-align:left"><b>Pay Ranges</b></p>O'Fallon, Missouri: $152,000 - $258,000 USD<h3></h3><p style="text-align:inherit"></p><h3></h3><p style="text-align:inherit"></p><h3></h3><p style="text-align:inherit"></p><h3></h3><p style="text-align:inherit"></p>
|
