Description
Our Purpose
Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we're helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.
Title and Summary
Principal Information Security Consultant Principal Information Security ConsultantWho is Mastercard?
Mastercard is a global technology company in the payments industry. Our mission is to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart, and accessible.
Using secure data and networks, partnerships, and passion, our innovations and solutions help individuals, financial institutions, governments, and businesses realise their greatest potential.
Our decency quotient (DQ) drives our culture and everything we do inside and outside of our company. With connections across more than 210 countries and territories, we are building a sustainable world that unlocks priceless possibilities for all.
Mission First, People Always
Corporate Security is responsible for keeping Mastercard safe and secure from cyber and physical threats.
By taking care of our people, their wellbeing and development, we provide the environment needed to ensure the success of our mission.
Overview
Mastercard is looking for a Principal Information Security Consultant based in London, Dunstable, or Harrogate. This senior role sits within Vocalink and provides strategic security leadership across critical products and enterprise platforms. As a Principal Security Consultant, you will act as a trusted advisor and senior technical delegate to the Director of Information Security Consultancy — providing expert guidance, shaping strategy, and representing the Consultancy function in cross‑organisation forums. You will operate with high autonomy, influencing complex decisions and raising the maturity and consistency of security engineering practices across Mastercard.
Responsibilities
• Lead high‑impact security consultancy engagements across the enterprise.
• Shape and mature the Security Consultancy function.
• Act as a senior delegate for the Director of Information Security Engineering.
• Provide authoritative guidance to engineering, product, and architecture teams.
• Lead assurance for high‑risk or complex systems.
• Develop, refine, and promote security standards and frameworks.
• Mentor Lead‑level consultants.
• Provide strategic direction on complex technical domains such as cryptography, IAM, network, data and application security
All About You
• Strong security mindset and deep knowledge of best practices and threats.
• Broad and mature experience across software, architecture, network, cloud, and assurance.
• Ability to negotiate with senior stakeholders.
• Strong interpersonal and relationship‑building skills.
• Authority in complex technical decision‑making.
• Confidence in providing technical guidance on complex decisions (cryptography, network design, application security, data protection, IAM, etc.)
• Experience producing high‑quality documentation and threat models.
• Familiarity with ISO 27001, NIST SP 800‑53, PCI DSS, etc.
• Self‑starter comfortable with ambiguity.
• Experience with third‑party assurance and vendor interaction.
• Proactive approach to enhancing the maturity of the security organisation
Desirable Experience
• Security certifications (CISSP, CISM, CSSLP, CISA).
• Threat modelling and risk assessment expertise.
• Knowledge of PAM, Secrets Management, PKI, Cryptography, Security Logging.
• Experience with JIRA/Confluence.
Corporate Security Responsibility
Every person working for, or on behalf of, Mastercard is responsible for information security. Activities involving access to Mastercard assets, information, and networks carry inherent risk. The Principal Consultant must:
• Abide by Mastercard security policies and practices.
• Ensure confidentiality and integrity of information accessed.
• Report suspected security violations or breaches.
• Complete mandatory security training.
Corporate Security Responsibility
All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:
Abide by Mastercard's security policies and practices;
Ensure the confidentiality and integrity of the information being accessed;
Report any suspected information security violation or breach, and
Complete all periodic mandatory security trainings in accordance with Mastercard's guidelines.
Apply on company website
Find Connections via Linkedin
