Lead Data & AI Security Engineer

Our Purpose

Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we're helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.

Title and Summary

Lead Data & AI Security Engineer

Who is Mastercard?

Mastercard is a global technology company in the payments industry. Our mission is to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart, and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments, and businesses realize their greatest potential. Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. With connections across more than 210 countries and territories, we are building a sustainable world that unlocks priceless possibilities for all.

Mission First, People Always

As Corporate Security, we are responsible for keeping Mastercard safe and secure from cyber and physical threats, and it is our people on the frontlines who make this happen every day. By taking care of our people - their well-being and career development - we provide them with the necessary tools and environment to ensure the success of our mission.

Overview

Mastercard's Business Security Enablement (BSE) team is seeking a seasoned Lead Security Engineer (L6) - Data & AI to serve as the primary security advocate and advisor for our Data Commercialization and Artificial Intelligence initiatives. The BSE team is a worldwide group of information security experts focused on helping Mastercard achieve its goals by ensuring that security is at the heart of everything we do. In this role, you will collaborate with technology, engineering, and business teams to integrate strong security practices into Mastercard's data-driven products and AI solutions. The ideal candidate possesses a high level of expertise in information security and secure engineering disciplines, enabling them to advise product and development teams on designing secure applications and services following industry best practices. You will apply deep knowledge of security principles, theories, and concepts throughout the business and development lifecycles. As an L6 Security Engineer, you are expected to take a lead security role in large, complex, global, cross-functional initiatives. You will work closely with developers and architects to evaluate business needs, determine feasibility, and recommend optimal security solutions that meet both security and regulatory requirements. Furthermore, you will champion a strong security risk culture across the organization, proactively managing risks in alignment with Mastercard's risk appetite and ensuring data and AI innovations are secure by design.

Role

As the L6 Data & AI Security Engineer, you will be responsible for a variety of critical security engineering and business enablement activities:

• Security Partnership & Advocacy: Serve as the primary security partner for Data Commercialization and AI programs. Provide security risk guidance from discovery through deployment, and advise product, engineering, and operations teams on secure design and delivery of data-driven and AI-powered solutions.
• Security Engineering Enablement: Translate Corporate Security policies, standards, and controls into actionable guidance for Data & AI teams. Partner with security champions and deliver targeted training. Maintain security dashboards/documentation and ensure requirements (secure coding, data protection, IAM controls) are embedded in the SDLC. Ensure adherence to security policy, regulatory requirements, and industry standards (e.g., PCI-DSS, privacy).
• Collaboration & Leadership: Partner with Business Security Officers (BSOs) and act as a bridge between Corporate Security and Data/AI product teams. Work with engineering and architecture to improve security of code, data pipelines, cloud services, and AI solutions. Promote a security-first culture across the domain.
• Security Reviews & Oversight: Lead key security governance for Data & AI work, including design/code reviews, Solution Architecture approvals, Threat Model reviews, Third-Party technology reviews, Technical Architecture Diagram approvals, Network as a Service approval, and vulnerability management support. Drive security user stories in PI Planning and ensure requirements are tracked to closure.
• Innovation & Continuous Improvement: Monitor emerging threats and best practices across data analytics and AI. Partner with cross-functional teams to strengthen protection for sensitive data and ML models. Improve architectures and processes through standardization and automation of security controls and tooling.

All About You

The ideal candidate for the L6 Data & AI Security Engineer position will demonstrate a blend of deep technical expertise, leadership, and collaborative skills, including:

• Extensive Security and Engineering Experience: Typically, 7-10 years in information security, with hands-on secure software development and secure architecture/design, including reviewing code/systems for vulnerabilities. Experience with cloud platforms, APIs, and distributed systems preferred.
• Leadership and Collaboration: Proven ability to work effectively in a global environment, build strong relationships, and influence cross-functional and executive stakeholders across varying technical depth.
• Security Knowledge and Technical Skills: Advanced knowledge of security principles, domains, protocols, and standards, with familiarity with ISO 27001, PCI-DSS, NIST SP 800-53, and COBIT. Strong grounding in risk management and data privacy for data analytics, digital commerce, and AI solutions, and experience designing secure, multi-domain architectures.
• Cryptography Security: Strong experience with cryptography and network security, including encryption, hashing, key management, PKI/certificates, TLS/SSL, VPN, IPsec, and related protocols.
• DevSecOps: Experience with DevOps/DevSecOps, including CI/CD and automated deployments, with security controls embedded throughout the SDLC.
• Technical Domain Expertise: Proficiency with data technologies, analytics platforms, and AI/ML frameworks; experience securing data platforms and/or AI/ML models.
• Business & Industry Acumen: Knowledge of the payments and e-commerce landscape and security considerations for data-centric and AI-powered products, including best practices for protecting data assets and algorithms and awareness of emerging threats.
• Mindset and Soft Skills: Professional, proactive, and solutions-oriented, with strong problem-solving and continuous-learning mindset. Excellent communication skills to articulate security risks and mitigations to technical and business audiences, and comfort operating in a fast-paced, global environment.

NICE Framework References

The National Initiative for Cybersecurity Education (NICE) provides a framework of cybersecurity work roles and competencies. This Mastercard role shares knowledge, skills, and abilities (KSAs) with several NICE Framework work roles, including:

• SP-DEV-002 (OPM622) - Secure Software Assessor
• SP-ARC-002 (OPM652) - Security Architect
• OV-SPP-002 (OPM751) - Cyber Policy and Strategy Planner

Corporate Security Responsibility

Mastercard is a merit-based, inclusive, equal opportunity employer that considers applicants without regard to gender, gender identity, sexual orientation, race, ethnicity, disabled or veteran status, or any other characteristic protected by law. We hire the most qualified candidate for the role. In the US or Canada, if you require accommodations or assistance to complete the online application process or during the recruitment process, please contact reasonable_accommodation@mastercard.com and identify the type of accommodation or assistance you are requesting. Do not include any medical or health information in this email. The Reasonable Accommodations team will respond to your email promptly.

Corporate Security Responsibility

All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:

• Abide by Mastercard's security policies and practices;

• Ensure the confidentiality and integrity of the information being accessed;

• Report any suspected information security violation or breach, and

• Complete all periodic mandatory security trainings in accordance with Mastercard's guidelines.

In line with Mastercard's total compensation philosophy and assuming that the job will be performed in the US, the successful candidate will be offered a competitive base salary and may be eligible for an annual bonus or commissions depending on the role. The base salary offered may vary depending on multiple factors, including but not limited to location, job-related knowledge, skills, and experience. Mastercard benefits for full time (and certain part time) employees generally include: insurance (including medical, prescription drug, dental, vision, disability, life insurance); flexible spending account and health savings account; paid leaves (including 16 weeks of new parent leave and up to 20 days of bereavement leave); 80 hours of Paid Sick and Safe Time, 25 days of vacation time and 5 personal days, pro-rated based on date of hire; 10 annual paid U.S. observed holidays; 401k with a best-in-class company match; deferred compensation for eligible roles; fitness reimbursement or on-site fitness facilities; eligibility for tuition reimbursement; and many more. Mastercard benefits for interns generally include: 56 hours of Paid Sick and Safe Time; jury duty leave; and on-site fitness facilities in some locations.

Pay Ranges

Arlington, Virginia: $161,000 - $266,000 USD