ProgramManager,PCICompliance

BUILD SOMETHING PEOPLE LOVE Wealthsimple is Canada’s leading financial innovator. The company offers a full suite of simple, sophisticated financial products across managed investing, do-it-yourself trading, cryptocurrency, tax filing, spending and saving. Wealthsimple currently serves more than 4 million Canadians and holds over $125 billion in assets under administration. The company was founded in 2014 by a team of financial experts and technology entrepreneurs, and is headquartered in Toronto, Canada. We're proud of what we've built — and we're just getting started. Read our Culture Manual https://www.wealthsimple.com/en-ca/culture and learn more about how we work https://www.wealthsimple.com/en-ca/careers. The Security GRC team plays a critical role in maintaining compliance over security frameworks and creating a space for risk mitigation and oversight. We want to ensure that Wealthsimple maintains a secure operational environment by implementing and monitoring controls designed to protect information, systems and infrastructure. Within the compliance management domain, we aim to ensure Wealthsimple meets the necessary requirements and obligations set forth by regulatory bodies, industry standards, contractual agreements and internal policies. Monitoring controls to ensure continuous compliance and control improvements. In this role you’ll have the opportunity to: - Maintain and manage the PCI DSS scope, including periodic scoping exercises and CDE boundary reviews - Coordinate and conduct an annual external assessment with a QSA - Define and manage the vendor/third-party assessment process for entities that handle or touch cardholder data (SAQ collection, contractual requirements) - Ensure systems, applications and internal processes comply with latest PCI DSS requirements - Work cross-functionally to identify, mitigate and manage security risks related to payment card data - Provide status reports for findings and provide relevant recommendations for remedia