PCI Compliance Senior Advisor and Internal Assessor
3 weeks ago
Organization
Located on the traditional, ancestral and unceded lands of the xʷməθkʷəy̓əm (Musqueam), Sḵwx̱wú7mesh (Squamish), and səlilwətaɬ (Tsleil-Waututh) Peoples, Vancouver has a commitment to becoming a City of Reconciliation. Vancouver consistently ranks as one of the world’s most liveable cities and is working towards being the greenest city in the world. Named among Canada's Top 100 Employers, BC's Top Employers, and Canada's Greenest Employers, the City of Vancouver seeks colleagues who can help shape and embody our core commitments to sustainability, reconciliation, equity and outstanding quality of life for all residents.
Consider joining our committed team of staff and being part of an innovative, inclusive and rewarding workplace.
Main Purpose and Function
Risk Management is responsible for providing risk mitigation strategies to ensure ongoing compliance with Payment Card Industry (“PCI”) data security standards, by staying abreast of industry best practices, by promoting risk awareness among business units, and by ensuring that proper documentation and audit evidence is available to support ongoing compliance and re-certification requirements. Risk Management plays a key role in mitigating the serious financial, reputational, and operational risks due to non-compliance.
The PCI Compliance Senior Advisor and Internal Assessor is a specialized advisory and complex analytical role in the field of information and payments technology. This role is responsible for providing technical advice and strategic decision-making support to the Senior Manager, Cyber Risk and PCI Compliance in order to facilitate the City’s strategic design and implementation of payment channels. As a subject matter expert, this role performs compliance monitoring, business process analysis, and makes recommendations for corrective action, process improvement, and documentation in accordance with the City’s PCI Compliance Policy and external PCI Data Security Standards.
Specific Duties and Responsibilities
Compliance Planning and Analytics
- Develops action plans to manage compliance against PCI data security standards.
- Makes recommendations for corrective action, process improvement, and documentation in accordance with the City’s PCI Compliance Policy and external PCI Data Security Standards.
- Formalizes risks, develops audit plans, and implements key internal controls associated with business unit processes and procedures.
- Initiates and maintains relationships with the PCI compliance community to anticipate security standard evolution.
- Develops, maintains, and publishes educational and security training content for the PCI awareness campaign.
- Prepares executive management reporting and analytics.
- Manages relationship with external consultants, as necessary.
- Organizes and manages PCI technical artifacts for yearly audits.
- Prepares reports, presentations, correspondence and other materials related to work.
- Obtains documentation (i.e. flow diagrams) from business units that map out the flow of payment information from the point that it’s acquired from the customer to the point that it flows through the payment processing activities.
- Responds to service requests and general inquiries related to compliance and audit requirements by managing the PCI e-mail inbox.
- Assesses new or change requests to payment channels.
- Executes necessary due diligence of all proposed third-party service provider payment channels/business models.
- Maintains business unit technical intelligence and recommends technical measures that align with compliance requirements within existing and potential payment channels.
- Creates content and maintains PCI document library related to payment channels, audit and certifications, business unit and standards intelligence, education material, and internal PCI webpage.
- Advises Business Units in the creation of end-user documentation that describes compliance related processes, procedures, and compensating controls.
- Works with departmental staff and with analysts to define issues and incidences of non-compliance, analyses information, and determines solutions.
- Develops relationships and negotiates with business unit leaders to implement compliance solutions and consistent compliance with City’s PCI Compliance Policy.
- Partners with the IT Department to assess new or change requests to payment channels.
- Recommends industry best practices for compliance and operational efficiencies.
- Manages and executes necessary due diligence of all proposed third-party service provider payment channels/business models.
- Oversees change management activities related to the City’s cardholder data environment.
- Performs on-going assessments and monitoring of technical controls, documentation, procedures, processes, and proper operating of internal controls.
- Leads PCI specific audits and risk assessments of business units and recommends policy, procedure, and process improvements to ensure ongoing compliance.
- Documents non-compliance incidences.
- Tracks and facilitates the remediation of technical and audit compliance related issues identified through gap analysis.
- Recommends internal controls improvements, remediation actions and work breakdown structures to ensure any identified audit gaps are addressed in a timely manner for ongoing compliance.
- Reviews and analyses vulnerability assessments to identify control weaknesses.
- Assesses the effectiveness of existing internal controls and recommends improvements.
- Implements key controls associated with business processes and procedures.
Qualifications
Education and Experience:
- Post-secondary graduation in Information Management, Information Technology, or Applied Sciences; considerable related experience in a large enterprise or consulting firm advising large enterprise clients; or an equivalent combination of training and experience
- Project Management Professional (“PMP”) or previous PCIP certification or equivalent designation
- Working experience in leading and executing risk assessments in large enterprise environments
- Strong technical background and experience working in Network Technology, Software Engineering, Computer Science, Engineering, Business or Business Technology Management discipline is required
- Ability to meet transportation requirements
- Thorough knowledge of PCI Data Security Standards
- Working knowledge of the Information Technology function, IT Security, IT systems, and processes related to Cyber Risk Management
- Strong knowledge of process development and mapping business and IT processes using systems analysis techniques
- Up-to-date knowledge on IT and security-based compliance and auditing standards, along with their documentation requirements
- Project management skills to manage competing priorities and to deliver results under aggressive timelines
- Excellent inter-personal and diplomatic skills to navigate dynamic personalities Clear and succinct communication (written and verbal) skills
- Creative and critical thinking skills to challenge ideas, processes, and procedures
- Strong research, analytical, and problem-solving skills and an attention to detail
- Strong process development, process mapping, and re-engineering skills
- Ability to independently identify risks, perform complex analysis, and present thorough and persuasive recommendations.
- Ability to prepare and maintain reports, presentations, correspondence, and other related materials using Microsoft Office
- Ability to collect, analyze and evaluate information for decision-making purposes
- Ability to present to executive management and to generate compliance reporting
- Ability to establish and maintain effective liaison and working relationships with a variety of senior level internal and external contacts
- Ability to combine business acumen, technical acumen, and process expertise to define control requirements
- Ability to lead, motivate, and instill a results-oriented attitude across the organization
- Aptitude to adapt to dynamic environments and to rapidly comprehend diverse/complex business models and technology
- Ability to independently identify risks, perform complex analysis, and present thorough and persuasive recommendations
Business Unit/Department:Finance, Risk & Supply Chain Management (1150)
Affiliation:CUPE 15 Non Pks
Employment Type:Regular Full Time
Position Start Date: August, 2024
Salary Information: Pay Grade GR-033: $61.13to $72.45per hour
Application Close: June 9, 2024
At the City of Vancouver, we are committed to recruiting a diverse workforce that represents the community we so proudly serve. Indigenous peoples, people of colour, 2SLGBTQ+ persons including all gendersand persons with disabilities are encouraged to apply.Accommodations will be provided upon request during the selection process. Learn more aboutour commitment to diversity and inclusion.
Before you click Apply now
Once you start your application you can save your work and leave the applications page, however please remember to submit your profile to the specific job requisition before the posting closing date.
In addition to uploading your cover letter and resume, part of the application process may include answering application questions related to the preferred requirements of the role which may take approx. 5-10 minutes. Cover letters should express interest and highlight additional information relevant to the position and resumes should include a summary of skills and experience related to the position.
Apply here #J-18808-Ljbffr
-
Vancouver, BC, Canada City of Vancouver - CA Full timePress Tab to Move to Skip to Content Link PCI Compliance Senior Advisor and Internal Assessor Named among Canada's Top 100 Employers, BC's Top Employers, and Canada's Greenest Employers, the City of Vancouver seeks colleagues who can help shape and embody our core commitments to sustainability, reconciliation, equity and outstanding quality of life for...
-
Vancouver, Canada City of Vancouver Full timePCI Compliance Senior Advisor and Internal AssessorRequisition ID: 41448 OrganizationLocated on the traditional, ancestral and unceded lands of the xʷməθkʷəy̓əm (Musqueam), Sḵwx̱wú7mesh (Squamish), and səlilwətaɬ (Tsleil-Waututh) Peoples, Vancouver has a commitment to becoming a City of Reconciliation. Vancouver consistently ranks as one of...
-
Vancouver, Canada City of Vancouver Full timePCI Compliance Senior Advisor and Internal AssessorRequisition ID: 41448 OrganizationLocated on the traditional, ancestral and unceded lands of the xʷməθkʷəy̓əm (Musqueam), Sḵwx̱wú7mesh (Squamish), and səlilwətaɬ (Tsleil-Waututh) Peoples, Vancouver has a commitment to becoming a City of Reconciliation. Vancouver consistently ranks as one of...
-
Vancouver, Canada City of Vancouver - CA Full timePress Tab to Move to Skip to Content Link Select how often (in days) to receive an alert: Create Alert PCI Compliance Senior Advisor and Internal Assessor Requisition ID: 41448 Organization Located on the traditional, ancestral and unceded lands of the xʷməθkʷəy̓əm (Musqueam), Sḵwx̱wú7mesh (Squamish), and səlilwətaɬ...
-
Vancouver, Canada City of Vancouver - CA Full timePress Tab to Move to Skip to Content Link Select how often (in days) to receive an alert: Create Alert PCI Compliance Senior Advisor and Internal Assessor Requisition ID: 41448 Organization Located on the traditional, ancestral and unceded lands of the xʷməθkʷəy̓əm (Musqueam), Sḵwx̱wú7mesh (Squamish), and səlilwətaɬ...
-
Vancouver, Canada City of Vancouver - CA Full timePress Tab to Move to Skip to Content Link Select how often (in days) to receive an alert: Create Alert PCI Compliance Senior Advisor and Internal Assessor Requisition ID: 41448 Organization Located on the traditional, ancestral and unceded lands of the xʷməθkʷəy̓əm (Musqueam), Sḵwx̱wú7mesh (Squamish), and səlilwətaɬ...
-
Vancouver, BC, Canada City of Vancouver - CA Full timePress Tab to Move to Skip to Content Link Select how often (in days) to receive an alert: Create Alert PCI Compliance Senior Advisor and Internal Assessor Requisition ID: 41448 Organization Located on the traditional, ancestral and unceded lands of the xʷməθkʷəy̓əm (Musqueam), Sḵwx̱wú7mesh (Squamish), and səlilwətaɬ (Tsleil-Waututh)...
-
Vancouver, BC, Canada City of Vancouver Full timePCI Compliance Senior Advisor and Internal Assessor Requisition ID: 41448 Organization Located on the traditional, ancestral and unceded lands of the xʷməθkʷəy̓əm (Musqueam), Sḵwx̱wú7mesh (Squamish), and səlilwətaɬ (Tsleil-Waututh) Peoples, Vancouver has a commitment to becoming a City of Reconciliation. Vancouver consistently ranks as...
-
Vancouver, British Columbia, Canada City of Vancouver Full timePCI Compliance Senior Advisor and Internal AssessorRequisition ID: 41448 OrganizationLocated on the traditional, ancestral and unceded lands of the xwməθkwəy̓əm (Musqueam), Sḵwx̱wú7mesh (Squamish), and səlilwətaɬ (Tsleil-Waututh) Peoples, Vancouver has a commitment to becoming a City of Reconciliation. Vancouver consistently ranks as one of the...
-
Vancouver, British Columbia, Canada City of Vancouver Full timePCI Compliance Senior Advisor and Internal AssessorRequisition ID: 41448 OrganizationLocated on the traditional, ancestral and unceded lands of the xwməθkwəy̓əm (Musqueam), Sḵwx̱wú7mesh (Squamish), and səlilwətaɬ (Tsleil-Waututh) Peoples, Vancouver has a commitment to becoming a City of Reconciliation. Vancouver consistently ranks as one of the...
-
Vancouver, Canada City of Vancouver Full timeMain Purpose and Function Risk Management is responsible for providing risk mitigation strategies to ensure ongoing compliance with Payment Card Industry (“PCI”) data security standards, by staying abreast of industry best practices, by promoting risk awareness among business units, and by ensuring that proper documentation and audit evidence is...
-
Vancouver, Canada City of Vancouver Full timeMain Purpose and Function Risk Management is responsible for providing risk mitigation strategies to ensure ongoing compliance with Payment Card Industry (“PCI”) data security standards, by staying abreast of industry best practices, by promoting risk awareness among business units, and by ensuring that proper documentation and audit evidence is...
-
Vancouver, Canada City of Vancouver Full timeRequisition ID: 41448 OrganizationLocated on the traditional, ancestral and unceded lands of the xʷməθkʷəy̓əm (Musqueam), Sḵwx̱wú7mesh (Squamish), and səlilwətaɬ (Tsleil-Waututh) Peoples, Vancouver has a commitment to becoming a City of Reconciliation. Vancouver consistently ranks as one of the world’s most liveable cities and is working...
-
Vancouver, Canada City of Vancouver Full timeRequisition ID: 41448 OrganizationLocated on the traditional, ancestral and unceded lands of the xʷməθkʷəy̓əm (Musqueam), Sḵwx̱wú7mesh (Squamish), and səlilwətaɬ (Tsleil-Waututh) Peoples, Vancouver has a commitment to becoming a City of Reconciliation. Vancouver consistently ranks as one of the world’s most liveable cities and is working...
-
Compliance Assessor
6 hours ago
Vancouver, Canada COBS Bread Full timeGreat Place to Work® Certified **Compliance Assessor (Part Time, 14 month Contract)** Reports to: Senior Compliance Officer Location: Vancouver, BC An exciting opportunity exists for a Part Time **Compliance Assessor** to join COBS Bread on a 14 month contract to assess the standards of our Franchised bakeries and provide feedback to our Franchisees and...
-
Manager, Governance, Risk and Compliance
2 months ago
Vancouver, Canada HashiCorp Full time**Manager, Governance, Risk & Compliance**: **About the Role**: We're looking for a GRC manager to lead, develop and mature the commercial compliance (SOC 2 Type 2, ISO 27001/17/18) and policy/controls programs at HashiCorp. This role will be heavily focused on scaling, automating, and managing compliance capabilities across HashiCorp. We're looking for a...
-
Quality Assurance Assessor
2 weeks ago
Vancouver, Canada BC College of Nurses and Midwives Full time**Status**: Regular, Full-time **Number of Positions**: 1 **Work Location**:Hybrid (a combination of in-office and remote work) **What You’ll Be Doing** The Quality Assurance Assessor (QA Assessor) works closely with the Quality Assurance (QA) team and liaises with BCCNM staff regarding registrant QA programs. Externally, the QA Assessor liaises with...
-
Quality Assurance Assessor
7 days ago
Vancouver, Canada B.C. College of Nurses and Midwives Full time**Status**: Temporary, Full-Time (maternity leave coverage) **Term Dates**: March 21, 2023 to October 31, 2024 **Number of Positions**: 1 **Work Location**: Hybrid (a combination of in-office and remote work) **What You’ll Be Doing** The Quality Assurance Assessor (QA Assessor) works closely with the Quality Assurance (QA) team and liaises with BCCNM...
-
Assessor (Clbpt)
2 months ago
Vancouver, Canada MOSAIC BC Full time**Internal/ External** **Assessor,** **CLPBT MOSAIC Engage** **POSITION**: Assessor (CLBPT) - On-call **DEPARTMENT**:Employment, Language, and Social Enterprise Possible locations: 1. Surrey*** 2. Abbotsford 3. Vancouver **POSITION FUNCTION**: This position is responsible for conducting and scoring clients’ assessments in Listening, Speaking, Reading,...
-
Accounting Assistant
3 weeks ago
Vancouver, BC, Canada PCI Developments Full timePosition: Junior Accountant (project accounting) Location: Downtown Vancouver (hybrid work model) PCI Developments is an award-winning Vancouver-based real estate developer of complete urban communities. Known as the visionary force behind iconic local projects including King George Hub, Marine Gateway and Crossroads, PCI is guided by core values of...
.gif)
