The Security GRC team plays a critical role in maintaining compliance over security frameworks and creating a space for risk mitigation and oversight. We want to ensure that Wealthsimple maintains a secure operational environment by implementing and monitoring controls designed to protect information, systems and infrastructure.
Within the compliance management domain, we aim to ensure Wealthsimple meets the necessary requirements and obligations set forth by regulatory bodies, industry standards, contractual agreements and internal policies. Monitoring controls to ensure continuous compliance and control improvements.
In this role you'll have the opportunity to:- Maintain and manage the PCI DSS scope, including periodic scoping exercises and CDE boundary reviews
- Coordinate and conduct an annual external assessment with a QSA
- Define and manage the vendor/third-party assessment process for entities that handle or touch cardholder data (SAQ collection, contractual requirements)
- Ensure systems, applications and internal processes comply with latest PCI DSS requirements
- Work cross-functionally to identify, mitigate and manage security risks related to payment card data
- Provide status reports for findings and provide relevant recommendations for remediation
- Own the PCI DSS impact assessment process for new products, features, and infrastructure changes, providing sign-off before launch
- Create and maintain relevant documentation and policies as required by PCI DSS
- Facilitate cross functional team coordination to ensure controls are operating effectively and help identify areas for improvement
- Develop and deliver PCI DSS awareness training for relevant internal teams
- Leverage automated compliance tooling to monitor control health, track remediation, and generate reporting for leadership
- Own preparation of PCI DSS status reporting for management and audit committee meetings
We are looking for someone who has:- 3+ years of experience focused on PCI DSS in a payments environment
- CISSP, CISA, CISM, PCIP, PCI QSA and/or other relevant certifications
- Solid understanding of network architecture to ensure payment card data is secure
- Strong knowledge of information security frameworks and standards
- Ability to work independently and handle multiple priorities
- Excellent communication and interpersonal skills, with the ability to effectively collaborate with cross-functional teams and communicate both technical and non-technical audit requirements
- Holds self and others accountable to meet commitments
- Demonstrates exceptional organizational and project management skills by maintaining detailed documentation and ensuring timely follow up on action items
