Program Manager, PCI Compliance
About The Position
The Security GRC team plays a critical role in maintaining compliance over security frameworks and creating a space for risk mitigation and oversight. We want to ensure that Wealthsimple maintains a secure operational environment by implementing and monitoring controls designed to protect information, systems and infrastructure. Within the compliance management domain, we aim to ensure Wealthsimple meets the necessary requirements and obligations set forth by regulatory bodies, industry standards, contractual agreements and internal policies. Monitoring controls to ensure continuous compliance and control improvements.
Requirements
- 3+ years of experience focused on PCI DSS in a payments environment
- CISSP, CISA, CISM, PCIP, PCI QSA and/or other relevant certifications
- Solid understanding of network architecture to ensure payment card data is secure
- Strong knowledge of information security frameworks and standards
- Ability to work independently and handle multiple priorities
- Excellent communication and interpersonal skills, with the ability to effectively collaborate with cross-functional teams and communicate both technical and non-technical audit requirements
- Holds self and others accountable to meet commitments
- Demonstrates exceptional organizational and project management skills by maintaining detailed documentation and ensuring timely follow up on action items
Responsibilities
- Maintain and manage the PCI DSS scope, including periodic scoping exercises and CDE boundary reviews
- Coordinate and conduct an annual external assessment with a QSA
- Define and manage the vendor/third-party assessment process for entities that handle or touch cardholder data (SAQ collection, contractual requirements)
- Ensure systems, applications and internal processes comply with latest PCI DSS requirements
- Work cross-functionally to identify, mitigate and manage security risks related to payment card data
- Provide status reports for findings and provide relevant recommendations for remediation
- Own the PCI DSS impact assessment process for new products, features, and infrastructure changes, providing sign-off before launch
- Create and maintain relevant documentation and policies as required by PCI DSS
- Facilitate cross functional team coordination to ensure controls are operating effectively and help identify areas for improvement
- Develop and deliver PCI DSS awareness training for relevant internal teams
- Leverage automated compliance tooling to monitor control health, track remediation, and generate reporting for leadership
- Own preparation of PCI DSS status reporting for management and audit committee meetings
Benefits
- Top-tier health benefits and life insurance
- Long-term group savings with employer match, through Wealthsimple for Business
- 20 vacation days, 4 wellness days, and unlimited sick and mental health days per year
- 90 days away: work outside Canada for up to 90 days per year
- Employee resource groups, including Rainbow (2SLGBTQ), Women of WS, and Black at WS
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
