Sr. Manager, Technology Risk Management

Visa is a world leader in payments and technology, with over 259 billion payments transactions flowing safely between consumers, merchants, financial institutions, and government entities in more than 200 countries and territories each year. Our mission is to connect the world through the most innovative, convenient, reliable, and secure payments network, enabling individuals, businesses, and economies to thrive while driven by a common purpose – to uplift everyone, everywhere by being the best way to pay and be paid.

Make an impact with a purpose-driven industry leader. Join us today and experience Life at Visa.

Visa seeks an experienced Manager to assess, manage, and execute the Technology Risk Management (TRM) Team's Monitoring and Testing program for FY25. The role manages the execution to Risk & Control Self-Assessment (RCSA) Risk Business Partner (RBP) processes per schedule, Increasing Control and KRI monitoring and related automation, execute required mapping, and conducting deep dive Testing for Control and KRIs. This role involves assessing key technology risks and performs comprehensive controls and key risk indicators testing and ensuring alignment with the Enterprise Risk Framework.

The Manager will collaborate with business partners from the First Line of Defense, such as Cybersecurity and Technology, to drive efficient risk assessments and thorough various controls assessment methods (such as but not limited to Monitoring, Testing, Validating, Reperformance, Reliance, etc.).

The candidate must have a deep understanding of technology risks and controls, the risk framework, its key risk indicators, particularly data security, availability, and reliability risks, and excel in communicating these risks to senior leadership. Additionally, the Manager will oversee the team, ensuring timely risk processing and evaluation, and will be responsible for implementing and enhancing the TRM Monitoring and Testing program scope.

Key Responsibilities:

Risk Assessments, Monitoring and Testing:

• Oversee and perform technology risk assessments focusing on infrastructure, applications, vulnerability, availability and reliability, and cybersecurity processes.
• Conduct Design Effectiveness Assessments and Operational Effectiveness Testing for Controls and KRIs mapped to technology threat vectors.
• Ensure comprehensive risk assessments, controls and KRI testing are conducted in alignment with the enterprise risk framework.

Program Management:

• Lead the TRM Team's Monitoring and Testing program for FY25, ensuring all program scope requirements are met.
• Develop and maintain a detailed program plan, including timelines, milestones, and deliverables.
• Track and report on program progress, identifying and addressing any issues or delays.

Risk Identification and Communication:

• Identify and communicate risks through the governance process, provide detailed reports at governance and leadership meetings.
• Enhance ways of communicating risks to senior and executive leadership, ensuring clear and actionable information is presented.
• Develop and support risk reporting to management and governance committees.

Collaboration and Stakeholder Engagement:

• Collaborate with teams involved in the process, including Cybersecurity, Operations & Infrastructure, and Corporate IT.
• Manage stakeholder engagement plans, ensuring effective communication and collaboration with all relevant parties.
• Present Control and KRI gap issues to the First Line of Defense, driving continuous process improvement and effective gap remediation.

Team Leadership:

• Oversee the Senior Analyst team, ensuring they perform Risk Assessments, Design Effectiveness Assessments, and Operational Effectiveness Testing.
• Mentor and develop team members, fostering a culture of continuous improvement and high performance.
• Ensure the production of high-quality work papers for all lines of defense teams especially the Third- and Fourth-Line reviews.

Compliance and Reporting:

• Ensure compliance with relevant regulations and internal policies.
• Deliver on commitments made by Visa to regulators on ongoing risk and Control and KRI monitoring and testing.
• Produce results on a monthly, quarterly, and annual basis for senior management.

This is a hybrid position. Hybrid employees can alternate time between both remote and office. Employees in hybrid roles are expected to work from the office 2-3 set days a week (determined by leadership/site), with a general guidepost of being in the office 50% or more of the time based on business needs.

• At least 7 years of relevant experience in technology risk management, cybersecurity, or related fields.
• Experience with technology controls and auditing technology and cybersecurity processes.
• Ability to work independently with minimal oversight, self-starter and team player.
• In-depth knowledge of cybersecurity, availability, and business continuity risks and controls.
• Strong prioritization skills and adaptability to changing priorities.
• Solid analytical and problem-solving skills.
• Effective communication skills, both formal and informal.
• Ability to facilitate group discussions and debates across functional lines and levels.

Visa is an EEO Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.