Privacy Assurance

Our Purpose

Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we're helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.

Title and Summary

Privacy Assurance & Certification SpecialistJob Overview:
We are seeking a motivated and detail-oriented Privacy Assurance & Certification Specialist to support the advancement and oversight of our global privacy assurance and governance programs, with a focus on Binding Corporate Rules (BCRs) and other Privacy, AI and Data certifications. This role will contribute to key assurance activities and collaborate across different teams to drive Privacy, AI and Data governance practices, support audit readiness, enhance awareness, and facilitate knowledge-sharing within internal privacy and audit teams.

A solid understanding of global Privacy, AI and Data regulations is essential; prior experience with BCRs/ ISO certifications is a plus. The preferred candidate will have a strong interest in operationalizing and standardizing Privacy, AI and Data governance, risk and compliance processes across the organization.

Key Responsibilities:

• Certification & Project Management

o Contribute to the governance and maintenance of Privacy, AI and Data frameworks and certifications, including BCRs and APEC CBPRs. Support the expansion of BCRs and other certifications to new entities and countries, including implementation of controls, risk remediation, project management and planning.

• Privacy Assurance & Controls Monitoring

o Manage and support privacy assurance activities, including testing of controls, monitoring implementation, and evidence gathering in alignment with Mastercard's Privacy, AI and Data policies and processes.

• Privacy Risk Assessment

o Support the execution of global Privacy and AI risk assessments by helping identify, document, and monitor risks and mitigation strategies as part of existing or new certifications.

• Audit

o Assist with internal and external audits by engaging with relevant stakeholders, gathering and reviewing required documentation, coordinating responses across teams, and tracking remediation of controls' findings.

• Training & Awareness

o Deliver BCRs-focused awareness sessions for relevant first line, second line and third line of defense stakeholders.

o Provide guidance on audit processes and audit readiness.
o Keep internal teams informed on relevant regulatory developments and emerging topics regarding Privacy, AI and Data certifications.

• Stakeholder Engagement and Cross-Functional Collaboration

o Collaborate with cross functional teams (e.g., Legal, InfoSec, Compliance, Product) to ensure consistent understanding and implementation of Privacy, AI and Data governance processes.

• Knowledge Management & Regulatory Awareness

o Maintain up-to-date documentation related to BCRs, CBPRs, and other Privacy, AI and Data certifications. Monitor relevant changes in global Privacy, AI and Data laws (e.g., GDPR) and developments in the global BCRs landscape, and ensure alignment of internal policies and processes.

Qualifications:
Required:

• Bachelor's degree in Law, Business, Information Security, or a related field.
• Minimum 2 years of experience in audit, assurance, risk, or governance functions — preferably in a privacy or data protection context.
• Solid understanding of global Privacy, AI and Data regulations, including GDPR, APEC CBPR and BCRs.
• Strong analytical, organizational, and communication skills.
• Ability to collaborate cross-functionally and manage multiple priorities.

Preferred:

• Experience with cross-border data transfer frameworks (e.g., BCRs, CBPRs).
• Familiarity with privacy assurance or audit standards (e.g., ISO 27001, ISO 27701, ISAE 3000).
• Professional certifications such as CIPP/E, CIPM, CISA, or equivalent.

Corporate Security Responsibility

All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:

• Abide by Mastercard's security policies and practices;
• Ensure the confidentiality and integrity of the information being accessed;
• Report any suspected information security violation or breach, and
• Complete all periodic mandatory security trainings in accordance with Mastercard's guidelines.