Technology Risk Analyst (Controls Monitoring & Testing)

Company Description

Visa is a world leader in payments and technology, with over 259 billion payments transactions flowing safely between consumers, merchants, financial institutions, and government entities in more than 200 countries and territories each year. Our mission is to connect the world through the most innovative, convenient, reliable, and secure payments network, enabling individuals, businesses, and economies to thrive while driven by a common purpose – to uplift everyone, everywhere by being the best way to pay and be paid.

Make an impact with a purpose-driven industry leader. Join us today and experience Life at Visa.

Job Description

Visa is seeking a Controls Monitoring & Testing Analyst within its Technology Risk Management program to review and assess Cybersecurity and Technology risks. The candidate will perform Risk Assessments, Design Effectiveness Assessments, and Operational Effectiveness Testing for key technology threat vectors such as security configuration management, firewall configuration, application, user access management, and availability & reliability. Responsibilities include managing stakeholder engagement plans, participating in process walkthroughs, tracking/reporting deliverables, and producing high-quality work papers for all lines of defense and risk stakeholders. Additionally, the candidate will interpret data from source systems to perform statistical sampling and aggregate assessment across various risk management levers, collaborate with technology partners, and distill information into management and executive-level reporting.

Key Responsibilities:

Technology & Cybersecurity Controls Testing:

• Perform independent technology and cybersecurity controls testing.
• Document testing results in detailed workpapers.
• Prepare management reports based on testing outcomes.
• Communicate findings with stakeholders.

Automation for Continuous Monitoring:

• Develop automation for continuous controls monitoring/auditing for technology and cybersecurity.
• Monitor the results of automated controls, perform investigation and follow-ups as needed.

Risk & Control Self-Assessment (RCSA):

• Execute RCSA Risk Business Partner (RBP) controls quality review and sample-based testing.
• Conduct Key Risk Indicator (KRI) testing.

Training, Metrics Alignment & Reporting:

• Develop and track risk management training.
• Align metrics with reporting dashboards.
• Develop reporting and stakeholder communication.

This is a hybrid position. Expectation of days in office will be confirmed by your hiring manager.

Qualifications

Basic Qualification

• 3 years of relevant work experience and a Bachelors degree

Preferred Qualification

• Bachelor’s degree with 5 years of work experience in cyber, risk controls, or equivalent.
• Experience with technology and cyber processes and functions (e.g., Vulnerability, Availability & Reliability Risk, Cyber Defense, Third Party Technology Risk, Identity Access Management, Security Architecture, etc.).
• Experience auditing technology and cybersecurity processes, risks, and controls.
• Experience developing automation for continuous controls monitoring/auditing for both technology and cybersecurity.
• Ability to prioritize deliverables and projects efficiently and adapt to changing priorities quickly.
• Strong analytical and problem-solving skills.
• Effective communication skills, both formal and informal.
• Ability to facilitate group discussions and debates across geographic and functional lines.
• Experience in regulated industries and payment platforms preferred.
• CISA, CISM, CISSP certification preferred.

Additional Information

Visa is an EEO Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.