Principal Information Security Engineer

Our Purpose

Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.

Title and Summary

Principal Information Security Engineer

Who is Mastercard? Mastercard is a global technology company in the payments industry. Our mission is to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart, and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments, and businesses realize their greatest potential. Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. With connections across more than 210 countries and territories, we are building a sustainable world that unlocks priceless possibilities for all.

Mission First, People Always As Corporate Security, we are responsible for keeping Mastercard safe and secure from cyber and physical threats, and it is our people on the frontlines who make this happen every day. By taking care of our people, their wellbeing, and career development, we provide them the necessary tools and environment to ensure the success of our mission.

Overview The Enterprise Cryptographic Services team is seeking a Principal Information Security Engineer to support enterprise clients throughout the onboarding and consumption of the cryptographic services we own, ensuring secure, effective, and optimal integration. A strong and demonstrable expertise in cryptography is essential for this role, including a deep understanding of cryptographic concepts, mechanisms, and their practical application within enterprise grade security services. Knowledge of post-quantum cryptography is a plus. This is a highly versatile role that combines technical expertise with strong coordination, analytical, and delivery capabilities. The role partners closely with product, engineering, security, and client teams to support cross product and cross team initiatives, contribute to complex projects, and help define clear solutions—technical or non technical—in support of broader business and security objectives. Role The ideal candidate brings a strong security background, is passionate about cybersecurity and cryptography (including post-quantum cryptography), and is equally comfortable acting as a technical expert, project coordinator, and client advocate. In this role, you will:

• Support clients throughout service onboarding and ongoing consumption.
• Apply strong cryptographic knowledge to support, explain, and guide the secure design, integration, and use of enterprise cryptographic services.
• Act as a coordinator for cross product and cross team initiatives and activities, including project tracking, backlog management, and dependency management.
• Analyze client feedback and pain points, help identify root causes, and contribute to defining pragmatic solutions.
• Develop, deliver, and maintain streamlined processes and documentation to enhance the client experience across onboarding, consumption, and decommissioning.
• Create and maintain training materials and documentation for internal teams and clients.
• Understand and apply security policies, industry best practices, and compliance requirements.
• Understand and articulate the design, architecture, and purpose of enterprise cryptographic products and services.

All About You The ideal candidate for this role brings a strong security foundation, paired with the ability to operate effectively in a versatile, collaborative, and client facing environment. You will bring:

• Demonstrated technical competency in information security engineering, supported by hands on experience and/or relevant qualifications.
• Solid knowledge of information security, risk management, and data privacy, with practical experience in enterprise environments.
• Strong to advanced technical expertise in cryptography, including encryption, hashing, key management, digital certificates, and TLS, with the ability to apply these concepts in real world enterprise environments.
• Experience contributing to or leading cross functional initiatives, including coordinating efforts across teams and working closely with business and technical stakeholders.
• Exposure to security architecture, data security, and zero trust architectures.
• A strong customer centric mindset, with the ability to understand client pain points and help identify pragmatic solutions, technical or non technical.
• The ability to explain complex technical topics clearly and succinctly to diverse audiences.
• Demonstrated ability to operate with autonomy, ownership, and accountability in a dynamic environment.
• Exposure to post quantum cryptography is a plus.

Mastercard Corporate Security Roles have been aligned with the NICE framework (National Initiative for Cybersecurity Education). For this role competency proficiency levels of advanced to expert are expected in the following areas:

• Product Support Management
• Technology Portfolio Management
• Cybersecurity Architecture
• Enterprise Architecture
• Data Analysis
• Technical Support

Corporate Security Responsibility Every person working for, or on behalf of, Mastercard is responsible for information security. All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and therefore, it is expected that the successful candidate for this position must:

• Abide by Mastercard’s security policies and practices;
• Ensure the confidentiality and integrity of the information being accessed;
• Report any suspected information security violation or breach, and
• Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.

Mastercard is a merit-based, inclusive, equal opportunity employer that considers applicants without regard to gender, gender identity, sexual orientation, race, ethnicity, disabled or veteran status, or any other characteristic protected by law. We hire the most qualified candidate for the role. In the US or Canada, if you require accommodations or assistance to complete the online application process or during the recruitment process, please contact reasonable_accommodation@mastercard.com and identify the type of accommodation or assistance you are requesting. Do not include any medical or health information in this email. The Reasonable Accommodations team will respond to your email promptly.

Corporate Security Responsibility

All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:

•

Abide by Mastercard’s security policies and practices;

•

Ensure the confidentiality and integrity of the information being accessed;

•

Report any suspected information security violation or breach, and

•

Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.

In line with Mastercard’s total compensation philosophy and assuming that the job will be performed in Canada, the successful candidate will be offered a competitive pay based on location, experience and other qualifications for the role and may be eligible to participate in a discretionary annual incentive program. This posting reflects one or more current openings on our team.

Pay Ranges

Toronto, Canada: $154,000 - $247,000 CAD