PCI Compliance Senior Advisor and Internal Assessor

4 weeks ago


Vancouver, Canada City of Vancouver Full time

PCI Compliance Senior Advisor and Internal AssessorRequisition ID: 41448 

Organization
Located on the traditional, ancestral and unceded lands of the xʷməθkʷəy̓əm (Musqueam), Sḵwx̱wú7mesh (Squamish), and səlilwətaɬ (Tsleil-Waututh) Peoples, Vancouver has a commitment to becoming a City of Reconciliation. Vancouver consistently ranks as one of the world’s most liveable cities and is working towards being the greenest city in the world. Named among Canada's Top 100 Employers, BC's Top Employers, and Canada's Greenest Employers, the City of Vancouver seeks colleagues who can help shape and embody our core commitments to sustainability, reconciliation, equity and outstanding quality of life for all residents.

Consider joining our committed team of staff and being part of an innovative, inclusive and rewarding workplace.

Main Purpose and Function
Risk Management is responsible for providing risk mitigation strategies to ensure ongoing compliance with Payment Card Industry (“PCI”) data security standards, by staying abreast of industry best practices, by promoting risk awareness among business units, and by ensuring that proper documentation and audit evidence is available to support ongoing compliance and re-certification requirements. Risk Management plays a key role in mitigating the serious financial, reputational, and operational risks due to non-compliance.

The PCI Compliance Senior Advisor and Internal Assessor is a specialized advisory and complex analytical role in the field of information and payments technology.  This role is responsible for providing technical advice and strategic decision-making support to the Senior Manager, Cyber Risk and PCI Compliance in order to facilitate the City’s strategic design and implementation of payment channels.  As a subject matter expert, this role performs compliance monitoring, business process analysis, and makes recommendations for corrective action, process improvement, and documentation in accordance with the City’s PCI Compliance Policy and external PCI Data Security Standards. 

Specific Duties and Responsibilities
Compliance Planning and Analytics

Develops action plans to manage compliance against PCI data security standards.Makes recommendations for corrective action, process improvement, and documentation in accordance with the City’s PCI Compliance Policy and external PCI Data Security Standards.Formalizes risks, develops audit plans, and implements key internal controls associated with business unit processes and procedures.Initiates and maintains relationships with the PCI compliance community to anticipate security standard evolution.Develops, maintains, and publishes educational and security training content for the PCI awareness campaign.Prepares executive management reporting and analytics.Manages relationship with external consultants, as necessary.Organizes and manages PCI technical artifacts for yearly audits.Prepares reports, presentations, correspondence and other materials related to work.Project Management and Strategic Business SupportObtains documentation (i.e. flow diagrams) from business units that map out the flow of payment information from the point that it’s acquired from the customer to the point that it flows through the payment processing activities.Responds to service requests and general inquiries related to compliance and audit requirements by managing the PCI e-mail inbox.Assesses new or change requests to payment channels.Executes necessary due diligence of all proposed third-party service provider payment channels/business models.Maintains business unit technical intelligence and recommends technical measures that align with compliance requirements within existing and potential payment channels.Creates content and maintains PCI document library related to payment channels, audit and certifications, business unit and standards intelligence, education material, and internal PCI webpage.Advises Business Units in the creation of end-user documentation that describes compliance related processes, procedures, and compensating controls.Works with departmental staff and with analysts to define issues and incidences of non-compliance, analyses information, and determines solutions.Develops relationships and negotiates with business unit leaders to implement compliance solutions and consistent compliance with City’s PCI Compliance Policy.Partners with the IT Department to assess new or change requests to payment channels.Recommends industry best practices for compliance and operational efficiencies.Manages and executes necessary due diligence of all proposed third-party service provider payment channels/business models.Oversees change management activities related to the City’s cardholder data environment.Risk Management and MitigationPerforms on-going assessments and monitoring of technical controls, documentation, procedures, processes, and proper operating of internal controls.Leads PCI specific audits and risk assessments of business units and recommends policy, procedure, and process improvements to ensure ongoing compliance.Documents non-compliance incidences.Tracks and facilitates the remediation of technical and audit compliance related issues identified through gap analysis.Recommends internal controls improvements, remediation actions and work breakdown structures to ensure any identified audit gaps are addressed in a timely manner for ongoing compliance.Reviews and analyses vulnerability assessments to identify control weaknesses.Assesses the effectiveness of existing internal controls and recommends improvements.Implements key controls associated with business processes and procedures.Other duties/responsibilities and projects as assigned.

Qualifications
Education and Experience:
Post-secondary graduation in Information Management, Information Technology, or Applied Sciences; considerable related experience in a large enterprise or consulting firm advising large enterprise clients; or an equivalent combination of training and experienceProject Management Professional (“PMP”) or previous PCIP certification or equivalent designationWorking experience in leading and executing risk assessments in large enterprise environmentsStrong technical background and experience working in Network Technology, Software Engineering, Computer Science, Engineering, Business or Business Technology Management discipline is requiredAbility to meet transportation requirementsKnowledge, Skills and Abilities:Thorough knowledge of PCI Data Security StandardsWorking knowledge of the Information Technology function, IT Security, IT systems, and processes related to Cyber Risk ManagementStrong knowledge of process development and mapping business and IT processes using systems analysis techniquesUp-to-date knowledge on IT and security-based compliance and auditing standards, along with their documentation requirementsProject management skills to manage competing priorities and to deliver results under aggressive timelinesExcellent inter-personal and diplomatic skills to navigate dynamic personalities Clear and succinct communication (written and verbal) skillsCreative and critical thinking skills to challenge ideas, processes, and proceduresStrong research, analytical, and problem-solving skills and an attention to detailStrong process development, process mapping, and re-engineering skillsAbility to independently identify risks, perform complex analysis, and present thorough and persuasive recommendations.Ability to prepare and maintain reports, presentations, correspondence, and other related materials using Microsoft OfficeAbility to collect, analyze and evaluate information for decision-making purposesAbility to present to executive management and to generate compliance reportingAbility to establish and maintain effective liaison and working relationships with a variety of senior level internal and external contactsAbility to combine business acumen, technical acumen, and process expertise to define control requirementsAbility to lead, motivate, and instill a results-oriented attitude across the organizationAptitude to adapt to dynamic environments and to rapidly comprehend diverse/complex business models and technologyAbility to independently identify risks, perform complex analysis, and present thorough and persuasive recommendationsWhere operationally appropriate and subject to change, the City of Vancouver has a Flexible Work Program. This program allows staff to work remotely 1 – 2 days a week from locations that are a daily commutable distance from their work at a City worksite.  At this time this position is eligible to be part of the Flexible Work Program.

Business Unit/Department: Finance, Risk & Supply Chain Management (1150) 

Affiliation: CUPE 15 Non Pks 

Employment Type: Regular Full Time 

Position Start Date: August, 2024 

Salary Information: Pay Grade GR-033: $61.13 to $72.45 per hour

Application Close: June 9, 2024

At the City of Vancouver, we are committed to recruiting a diverse workforce that represents the community we so proudly serve. Indigenous peoples, people of colour, 2SLGBTQ+ persons including all genders and persons with disabilities are encouraged to apply.  Accommodations will be provided upon request during the selection process. Learn more about our commitment to diversity and inclusion. 

Before you click Apply now

Once you start your application you can save your work and leave the applications page, however please remember to submit your profile to the specific job requisition before the posting closing date.

In addition to uploading your cover letter and resume, part of the application process may include answering application questions related to the preferred requirements of the role which may take approx. 5-10 minutes. Cover letters should express interest and highlight additional information relevant to the position and resumes should include a summary of skills and experience related to the position.

Apply here


  • Vancouver, BC, Canada City of Vancouver - CA Full time

    Press Tab to Move to Skip to Content Link PCI Compliance Senior Advisor and Internal Assessor Named among Canada's Top 100 Employers, BC's Top Employers, and Canada's Greenest Employers, the City of Vancouver seeks colleagues who can help shape and embody our core commitments to sustainability, reconciliation, equity and outstanding quality of life for...


  • Vancouver, Canada City of Vancouver - CA Full time

    Press Tab to Move to Skip to Content Link Select how often (in days) to receive an alert: Create Alert PCI Compliance Senior Advisor and Internal Assessor Requisition ID: 41448  Organization Located on the traditional, ancestral and unceded lands of the xʷməθkʷəy̓əm (Musqueam), Sḵwx̱wú7mesh (Squamish), and səlilwətaɬ...


  • Vancouver, Canada City of Vancouver Full time

    PCI Compliance Senior Advisor and Internal Assessor Requisition ID:41448 Organization Located on the traditional, ancestral and unceded lands of the xʷməθkʷəy̓əm (Musqueam), Sḵwx̱wú7mesh (Squamish), and səlilwətaɬ (Tsleil-Waututh) Peoples, Vancouver has a commitment to becoming a City of Reconciliation. Vancouver consistently ranks as one of...


  • Vancouver, Canada City of Vancouver Full time

    PCI Compliance Senior Advisor and Internal Assessor Requisition ID:41448 Organization Located on the traditional, ancestral and unceded lands of the xʷməθkʷəy̓əm (Musqueam), Sḵwx̱wú7mesh (Squamish), and səlilwətaɬ (Tsleil-Waututh) Peoples, Vancouver has a commitment to becoming a City of Reconciliation. Vancouver consistently ranks as one of...


  • Vancouver, Canada City of Vancouver - CA Full time

    Press Tab to Move to Skip to Content Link Select how often (in days) to receive an alert: Create Alert PCI Compliance Senior Advisor and Internal Assessor Requisition ID: 41448  Organization Located on the traditional, ancestral and unceded lands of the xʷməθkʷəy̓əm (Musqueam), Sḵwx̱wú7mesh (Squamish), and səlilwətaɬ...


  • Vancouver, Canada City of Vancouver Full time

    PCI Compliance Senior Advisor and Internal Assessor Requisition ID:41448 Organization Located on the traditional, ancestral and unceded lands of the xʷməθkʷəy̓əm (Musqueam), Sḵwx̱wú7mesh (Squamish), and səlilwətaɬ (Tsleil-Waututh) Peoples, Vancouver has a commitment to becoming a City of Reconciliation. Vancouver consistently ranks as one of...


  • Vancouver, Canada City of Vancouver - CA Full time

    Press Tab to Move to Skip to Content Link Select how often (in days) to receive an alert: Create Alert PCI Compliance Senior Advisor and Internal Assessor Requisition ID: 41448  Organization Located on the traditional, ancestral and unceded lands of the xʷməθkʷəy̓əm (Musqueam), Sḵwx̱wú7mesh (Squamish), and səlilwətaɬ...


  • Vancouver, BC, Canada City of Vancouver Full time

    PCI Compliance Senior Advisor and Internal Assessor Requisition ID: 41448 Organization Located on the traditional, ancestral and unceded lands of the xʷməθkʷəy̓əm (Musqueam), Sḵwx̱wú7mesh (Squamish), and səlilwətaɬ (Tsleil-Waututh) Peoples, Vancouver has a commitment to becoming a City of Reconciliation. Vancouver consistently ranks as...


  • Vancouver, BC, Canada City of Vancouver - CA Full time

    Press Tab to Move to Skip to Content Link Select how often (in days) to receive an alert: Create Alert PCI Compliance Senior Advisor and Internal Assessor Requisition ID: 41448 Organization Located on the traditional, ancestral and unceded lands of the xʷməθkʷəy̓əm (Musqueam), Sḵwx̱wú7mesh (Squamish), and səlilwətaɬ (Tsleil-Waututh)...


  • Vancouver, British Columbia, Canada City of Vancouver Full time

    PCI Compliance Senior Advisor and Internal AssessorRequisition ID: 41448 OrganizationLocated on the traditional, ancestral and unceded lands of the xwməθkwəy̓əm (Musqueam), Sḵwx̱wú7mesh (Squamish), and səlilwətaɬ (Tsleil-Waututh) Peoples, Vancouver has a commitment to becoming a City of Reconciliation. Vancouver consistently ranks as one of the...


  • Vancouver, British Columbia, Canada City of Vancouver Full time

    PCI Compliance Senior Advisor and Internal AssessorRequisition ID: 41448 OrganizationLocated on the traditional, ancestral and unceded lands of the xwməθkwəy̓əm (Musqueam), Sḵwx̱wú7mesh (Squamish), and səlilwətaɬ (Tsleil-Waututh) Peoples, Vancouver has a commitment to becoming a City of Reconciliation. Vancouver consistently ranks as one of the...


  • Vancouver, Canada City of Vancouver Full time

    Main Purpose and Function Risk Management is responsible for providing risk mitigation strategies to ensure ongoing compliance with Payment Card Industry (“PCI”) data security standards, by staying abreast of industry best practices, by promoting risk awareness among business units, and by ensuring that proper documentation and audit evidence is...


  • Vancouver, Canada City of Vancouver Full time

    Main Purpose and Function Risk Management is responsible for providing risk mitigation strategies to ensure ongoing compliance with Payment Card Industry (“PCI”) data security standards, by staying abreast of industry best practices, by promoting risk awareness among business units, and by ensuring that proper documentation and audit evidence is...


  • Vancouver, Canada City of Vancouver Full time

    Requisition ID: 41448 OrganizationLocated on the traditional, ancestral and unceded lands of the xʷməθkʷəy̓əm (Musqueam), Sḵwx̱wú7mesh (Squamish), and səlilwətaɬ (Tsleil-Waututh) Peoples, Vancouver has a commitment to becoming a City of Reconciliation. Vancouver consistently ranks as one of the world’s most liveable cities and is working...


  • Vancouver, Canada City of Vancouver Full time

    Requisition ID: 41448 OrganizationLocated on the traditional, ancestral and unceded lands of the xʷməθkʷəy̓əm (Musqueam), Sḵwx̱wú7mesh (Squamish), and səlilwətaɬ (Tsleil-Waututh) Peoples, Vancouver has a commitment to becoming a City of Reconciliation. Vancouver consistently ranks as one of the world’s most liveable cities and is working...

  • Compliance Assessor

    8 hours ago


    Vancouver, Canada COBS Bread Full time

    Great Place to Work® Certified **Compliance Assessor (Part Time, 14 month Contract)** Reports to: Senior Compliance Officer Location: Vancouver, BC An exciting opportunity exists for a Part Time **Compliance Assessor** to join COBS Bread on a 14 month contract to assess the standards of our Franchised bakeries and provide feedback to our Franchisees and...


  • Vancouver, Canada HashiCorp Full time

    **Manager, Governance, Risk & Compliance**: **About the Role**: We're looking for a GRC manager to lead, develop and mature the commercial compliance (SOC 2 Type 2, ISO 27001/17/18) and policy/controls programs at HashiCorp. This role will be heavily focused on scaling, automating, and managing compliance capabilities across HashiCorp. We're looking for a...


  • Vancouver, Canada BC College of Nurses and Midwives Full time

    **Status**: Regular, Full-time **Number of Positions**: 1 **Work Location**:Hybrid (a combination of in-office and remote work) **What You’ll Be Doing** The Quality Assurance Assessor (QA Assessor) works closely with the Quality Assurance (QA) team and liaises with BCCNM staff regarding registrant QA programs. Externally, the QA Assessor liaises with...


  • Vancouver, Canada B.C. College of Nurses and Midwives Full time

    **Status**: Temporary, Full-Time (maternity leave coverage) **Term Dates**: March 21, 2023 to October 31, 2024 **Number of Positions**: 1 **Work Location**: Hybrid (a combination of in-office and remote work) **What You’ll Be Doing** The Quality Assurance Assessor (QA Assessor) works closely with the Quality Assurance (QA) team and liaises with BCCNM...

  • Assessor (Clbpt)

    2 months ago


    Vancouver, Canada MOSAIC BC Full time

    **Internal/ External** **Assessor,** **CLPBT MOSAIC Engage** **POSITION**: Assessor (CLBPT) - On-call **DEPARTMENT**:Employment, Language, and Social Enterprise Possible locations: 1. Surrey*** 2. Abbotsford 3. Vancouver **POSITION FUNCTION**: This position is responsible for conducting and scoring clients’ assessments in Listening, Speaking, Reading,...