Principal Information Security Engineer Job Listing at Mastercard in London, England (Job ID R-269680)

Description

Our Purpose

Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we're helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.

Title and Summary

Principal Information Security Engineer Principal Information Security Engineer – Real Time Payments International

Who is Mastercard?
Mastercard is a global technology company in the payments industry. Our mission is to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart, and accessible. Through secure data, trusted networks, strong partnerships, and a passion for innovation, we help individuals, financial institutions, governments, and businesses realize their greatest potential.
Our decency quotient (DQ) shapes our culture and guides how we operate across more than 210 countries and territories. Together, we are building a sustainable world that unlocks priceless possibilities for all.

Mission First, People Always
Corporate Security protects Mastercard from cyber and physical threats. Our people are on the frontlines every day, and we invest deeply in their wellbeing, growth, and success. By empowering our teams, we ensure the strength and resilience of our mission.

Overview
Mastercard is seeking a Principal Information Security Engineer to support Mastercard's global Real Time Payments (RTP) platforms. This role is ideal for a security leader who thrives in fast moving, high availability environments and is passionate about building secure, scalable, and resilient payment ecosystems.
You will drive the security strategy for RTPI, partnering closely with engineering, product, and global business teams to ensure our real time payment services meet the highest standards of security, compliance, and customer trust. You will influence architecture, guide security-by-design practices, and help shape the future of Mastercard's international payment capabilities.

Role
As a Principal Information Security Engineer supporting Real Time Payments International, you will:
Leadership & Influence
• Apply deep technical expertise to mentor and develop junior engineers and security practitioners.
• Provide input into performance evaluations for team members and emerging talent.
• Serve as a trusted advisor to engineering and business leaders across RTPI programs.
Security Architecture & Strategy
• Influence and implement security requirements, standards, and architectural patterns for large scale, real time payment platforms.
• Define platform level security architecture and drive execution of long term security strategy for RTPI.
• Lead threat modelling, risk assessments, and security design reviews for high velocity, high availability systems.
Engineering & Delivery
• Support the design, testing, and implementation of complex security solutions aligned with regulatory, operational, and customer requirements.
• Identify risks and propose compensating controls tailored to real time transaction flows and cross border payment environments.
• Partner with engineering teams to embed security into CI/CD pipelines, APIs, cloud services, and real time transaction processing components.
Stakeholder Engagement
• Build and maintain strong relationships with business owners, product teams, engineers, project managers, customers, and senior leadership.
• Translate security concepts into actionable guidance for diverse technical and non technical audiences.
• Represent Corporate Security in global RTP initiatives, regulatory discussions, and cross functional working groups.

All About You
You are an experienced security leader with a passion for enabling secure, real time financial services. You bring:
Technical & Leadership Experience
• Undergraduate degree preferably in computer science/information security or significant work experience in information security disciplines.
• CISSP/CISM or industry recognised security certification desired.
• Extensive IT experience demonstrating thought leadership and cross functional influence.
• Proven success enabling business outcomes through strong technical decision making.
• Experience leading project teams and collaborating with business partners, vendors, and consulting organisations.
• Excellent communication skills, with the ability to influence, negotiate, and drive alignment across global teams.
Security Engineering Expertise
• Strong background in information security engineering, including risk identification and compensating control design.
• Experience adapting security programs such as Zero Trust to evolving technologies and threat landscapes.
• Hands on experience improving security domain areas (e.g., authentication, access control, secure architecture) using metrics and customer feedback.
• Experience supporting or securing Critical National Infrastructure (CNI), particularly within financial services or payment systems, is highly beneficial.
Risk & Compliance Framework Expertise
• Demonstrated experience working with risk based security and compliance frameworks, including SOC 2, ISAE 3000, PCI DSS, DORA, and the Cyber Risk Institute (CRI) profiles, as well as other relevant regulatory or industry standards.
• Ability to interpret, apply, and operationalise framework requirements within complex, high availability technology environments such as real time payment systems.
• Experience collaborating with audit, compliance, and regulatory teams to ensure alignment between security controls, business processes, and external obligations.
• Proven capability to assess control effectiveness, identify gaps, and drive remediation strategies that balance security, operational efficiency, and business needs.
• Strong understanding of how global regulatory expectations and CRI-aligned frameworks influence security architecture, risk management, and platform design.
NICE Framework Alignment
This role aligns with several National Initiative for Cybersecurity Education (NICE) work roles, including:
Securely Provision (SP)
• Security Architect (SP‑ARC‑001) – Designs and develops security architectures for complex systems and platforms.
• Secure Software Assessor (SP‑DEV‑002) – Evaluates software and services for security weaknesses and secure‑coding compliance.
Protect & Defend (PR)
• Cyber Defence Analyst (PR‑CDA‑001) – Uses defensive measures and threat intelligence to protect systems and networks.
• Cyber Defence Infrastructure Support Specialist (PR‑INF‑001) – Implements and maintains security controls across infrastructure.
• Vulnerability Assessment Analyst (PR‑VAM‑001) – Identifies, analyses, and prioritizes vulnerabilities in applications and systems.
Analyse (AN)
• Threat/Warning Analyst (AN‑TWA‑001) – Identifies emerging threats and evaluates their potential impact.
• All‑Source Analyst (AN‑ASA‑001) – Synthesizes threat, vulnerability, and risk information to support decision‑making.
Oversight & Governance (OV)
• Risk Management Specialist (OV‑RM‑001) – Applies risk frameworks (SOC 2, PCI, DORA, CRI, etc.) to evaluate and manage organizational risk.
• Cyber Policy and Strategy Planner (OV‑SPP‑002) – Aligns cybersecurity policies, standards, and strategic initiatives.

Corporate Security Responsibility
Every person working for, or on behalf of, Mastercard is responsible for information security. The successful candidate must:
• Abide by Mastercard's security policies and practices.
• Ensure the confidentiality and integrity of information accessed.
• Report any suspected security violations or breaches.
• Complete all mandatory security training as required.

Corporate Security Responsibility

All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:

• Abide by Mastercard's security policies and practices;

• Ensure the confidentiality and integrity of the information being accessed;

• Report any suspected information security violation or breach, and

• Complete all periodic mandatory security trainings in accordance with Mastercard's guidelines.

 Apply on company website