Business Risk & Controls Management at Visa

About Us
Visa is a world leader in payments technology, facilitating transactions between consumers, merchants, financial institutions and government entities across more than 200 countries and territories, dedicated to uplifting everyone, everywhere by being the best way to pay and be paid.

At Visa, you'll have the opportunity to create impact at scale — tackling meaningful challenges, growing your skills and seeing your contributions impact lives around the world.

Join Visa and do work that matters – to you, to your community, and to the world. Progress starts with you.

Job Description

The Risk & Controls Analyst is an individual contributor role responsible for supporting second-line-of-defense risk governance by providing independent oversight, effective challenge, and credible assurance over operational risk management and control performance across Client Care and related operational processes. The role partners with business stakeholders to identify emerging risks, assess control design and operating effectiveness, and drive timely remediation of control gaps and issues.

The Risk & Controls Analyst analyzes trends, investigates drivers of control failures, and influences operational change by translating risk signals into clear, actionable insights. The analyst collaborates with Operations and risk partners to support Risk and Control Self-Assessment (RCSA) activities by validating risk/control narratives, challenging inherent and residual risk assessments, and ensuring control documentation and evidence align with governance standards; the role also tracks corrective action plans through closure.

This role leverages analytics, visualization platforms, and (where applicable) AI-assisted monitoring to surface non-obvious risk and control insights, validate automated outputs for accuracy and defensibility, and deliver decision-ready narratives that inform leadership priorities, risk appetite decisions, and investment in control enhancements.

Responsibilities

Risk & Control Monitoring

• Execute control monitoring activities (e.g., sample‑based reviews, exception reviews, and control self‑checks) to confirm adherence to documented procedures, policies, and control requirements.
• Support control testing and validation (including automated or AI-assisted monitoring where applicable) by reviewing outputs, investigating exceptions, and providing structured feedback to improve detection logic and alert accuracy.
• Identify control gaps, compliance risks, process breakdowns, and potential operational risk events; document observations with clear evidence and defined escalation paths.

RCSA & Issue Management

• Facilitate and provide effective challenge for RCSA deliverables by partnering with process owners to validate process flows, risks, controls, ownership, and supporting evidence; ensure documentation meets governance and auditability standards.
• Review and challenge control design and operating effectiveness assessments; identify gaps, risks, and control enhancement opportunities aligned to risk appetite and policy expectations.
• Oversee issue and corrective action plan tracking, providing independent challenge on root cause, action quality, target dates, and sustainability of fixes; escalate aging or high‑risk items as needed.
• Prepare second‑line governance reporting for RCSA reviews, summarizing key changes, emerging risks, control performance, issue themes, and remediation status; escalate matters requiring leadership decisions.

Consultative Partnership & Influence

• Analyze risk and control performance data across segments, channels, and time to identify trends, systemic issues, key risk indicators (KRIs), and emerging risk themes.
• Translate control observations into measurable business impact, connecting failures to process, policy, technology, or behavioral drivers and quantifying exposure where possible.
• Compile, analyze, and deliver recurring risk and control reporting (dashboards, themes, exception trends, and remediation status) to Client Care leadership and risk stakeholders.

• Partner with Operations and functional leaders to provide an independent risk perspective and effective challenge, validating that proposed remediations address root cause and strengthen the control environment.

Risk & Controls Technology Enablement

• Leverage analytics and monitoring tools (e.g., Copilot, exception analytics, topic mining, speech/text analytics where applicable) to accelerate risk identification while validating outputs for accuracy, completeness, and defensibility.
• Identify gaps in automated monitoring and AI/rule-based control logic; support governance efforts to improve detection, thresholds, documentation, and exception handling.
• Apply risk‑based methodologies to prioritize high‑risk activities for monitoring and testing, focusing effort where exposure and customer impact are greatest.

Communication & Presentation

• Synthesize complex risk and control findings into clear narratives that articulate what happened, the root cause, the impact/exposure, and the recommended corrective actions.
• Deliver concise insight briefs and executive‑ready materials (e.g., dashboards, issue logs, and remediation status updates) that drive understanding, alignment, and action.

Qualifications

Required Qualifications

• Experience performing operational risk, compliance, audit, testing, and/or control monitoring activities in an operations environment (payments and/or customer service experience a plus).
• Demonstrated ability to execute control testing/monitoring (manual and/or automated) including evidence collection, exception documentation, and follow‑up under moderate supervision.
• Strong analytical and critical-thinking skills with the ability to assess risk, identify trends and root causes, and distinguish isolated errors from systemic control issues; audit-minded approach.
• Proficiency with Microsoft Office tools (Excel, PowerPoint, Word, and Microsoft Copilot) and experience navigating multiple systems and data sources.
• Ability to clearly document control testing results, maintain issue/action logs, communicate risk insights, and collaborate effectively with cross‑functional stakeholders.

Preferred Qualifications

• Risk management experience supporting or executing RCSAs, including process mapping, risk/control identification, inherent and residual risk assessment (including scoring/ratings), and review/challenge of control design and operating effectiveness. Knowledge of GORO (IBM Pages) for RCSA is a plus.

• Proficiency with data visualization and analytics tools (e.g., Power BI, Power Automate, Tableau) to build dashboards and performance reporting. Basic experience with AI is a plus.
• Experience translating monitoring outputs into prioritized corrective actions, control enhancements, training/coaching recommendations, and process improvements.
• Familiarity with automated monitoring, exception management, and speech/text analytics that can be applied to risk identification and control validation.

Visa is an EEO Employer

Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.