Sr. Manager, Technology Risk Management

Visa is a world leader in payments technology, facilitating transactions between consumers, merchants, financial institutions and government entities across more than 200 countries and territories, dedicated to uplifting everyone, everywhere by being the best way to pay and be paid.

At Visa, you'll have the opportunity to create impact at scale — tackling meaningful challenges, growing your skills and seeing your contributions impact lives around the world. Join Visa and do work that matters — to you, to your community, and to the world.

Progress starts with you.

The Senior Manager – Technology Risk is a strategic contributor responsible for providing robust second-line oversight across Technology Risk and Cybersecurity. The role ensures adherence to technology and cybersecurity regulatory mandates by independently interpreting regulatory guidelines, assessing their applicability to the organization’s environment, mapping them to existing controls, and identifying gaps. The position works closely with first-line teams to strengthen regulatory compliance, enhance control effectiveness, and embed industry-leading practices in Technology Risk governance.

This role may also support regulatory requirements across additional regions as operational or supervisory needs evolve.

Key Responsibilities:

Technology Risk Second-Line Oversight (Regulatory Compliance):

• Provide independent second-line oversight to ensure compliance with global and regional technology and cybersecurity regulations issued by relevant regulators.
• Review, interpret, and evaluate regulatory guidelines to determine applicability to the organization’s technology landscape.
• Perform structured assessments and map regulatory requirements to the organization’s internal control framework.
• Identify regulatory compliance gaps, document findings, and track remediation through closure.

Partnering with First-Line Teams on Regulatory Controls:

• Work closely with first-line technology, cybersecurity, and operations teams to validate regulatory control design and operating effectiveness.
• Identify compliance gaps and support teams in designing and implementing appropriate control enhancements.
• Help define and operationalize Key Risk Indicators (KRIs) relevant to regulatory and technology risk themes.
• Manage KRI governance routines, ensuring accuracy, completeness, and timely updates.

Reporting & Governance (Internal and Regulatory Stakeholders):

• Prepare periodic reports on KRIs, regulatory compliance posture, and broader Technology Risk themes.
• Present insights, trends, and risk exposures to senior leadership and relevant governance committees.
• Perform independent check-and-challenge on risk metrics and compliance assertions before they are reported.
• Support regulatory reporting requirements and interactions with supervisory bodies.

Industry Standards, Documentation, and Risk Management Practices:

• Introduce and embed industry-leading practices in Technology Risk and Cybersecurity risk management.
• Strengthen documentation standards for policies, procedures, control evidence, and regulatory artefacts to ensure efficiency, traceability, and audit-readiness.
• Benchmark internal practices against external frameworks such as NIST, ISO, COBIT, and emerging global standards.
• Ensure Technology Risk management practices remain aligned with evolving regulatory and industry expectations.

This is a hybrid position. Expectation of days in office will be confirmed by your hiring manager.

Qualifications & Experience:

• Bachelor’s or Master’s degree in Information Technology, Engineering, Cybersecurity, or related fields.
• 10–15 years of experience in Technology Risk, IT Governance, Cybersecurity, or IT Audit roles.
• Strong exposure to technology and cybersecurity regulatory frameworks from global or regional regulators.
• Experience partnering with first-line technology teams and interpreting complex regulatory guidelines.
• Familiarity with risk frameworks such as NIST, ISO 27001, COBIT, and operational risk methodologies.
• Certifications such as CISA, CISSP, CRISC, CISM, ITIL are preferred.

Technical Competencies:

• Strong knowledge in core technology domains including networking, cybersecurity, cloud services, and infrastructure operations.
• Deep understanding of secure software development lifecycle (SDLC) practices, DevSecOps, code quality controls, and application security principles.
• Ability to independently interpret regulatory mandates and translate them into actionable technical and control requirements.
• Skilled in developing KRIs, dashboards, and risk reporting.

Leadership & Behavioral Competencies:

• Excellent stakeholder management and communication skills.
• Ability to constructively challenge while maintaining collaborative relationships.
• Strong analytical, problem-solving, and documentation abilities.
• High degree of accountability and the ability to influence without direct authority.

Visa is an EEO Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.