Program Manager, PCI Compliance

Wealthsimple is Canada’s leading financial innovator. The company offers a full suite of simple, sophisticated financial products across managed investing, do-it-yourself trading, cryptocurrency, tax filing, spending and saving. Wealthsimple currently serves more than 4 million Canadians and holds over $125 billion in assets under administration. The company was founded in 2014 by a team of financial experts and technology entrepreneurs, and is headquartered in Toronto, Canada.

We're proud of what we've built — and we're just getting started. Read our Culture Manual and learn more about how we work.

The Security GRC team plays a critical role in maintaining compliance over security frameworks and creating a space for risk mitigation and oversight. We want to ensure that Wealthsimple maintains a secure operational environment by implementing and monitoring controls designed to protect information, systems and infrastructure.

Within the compliance management domain, we aim to ensure Wealthsimple meets the necessary requirements and obligations set forth by regulatory bodies, industry standards, contractual agreements and internal policies. Monitoring controls to ensure continuous compliance and control improvements.

In this role you’ll have the opportunity to:

• Maintain and manage the PCI DSS scope, including periodic scoping exercises and CDE boundary reviews

• Coordinate and conduct an annual external assessment with a QSA

• Define and manage the vendor/third-party assessment process for entities that handle or touch cardholder data (SAQ collection, contractual requirements)

• Ensure systems, applications and internal processes comply with latest PCI DSS requirements

• Work cross-functionally to identify, mitigate and manage security risks related to payment card data

• Provide status reports for findings and provide relevant recommendations for remediation

• Own the PCI DSS impact assessment process for new products, features, and infrastructure changes, providing sign-off before launch

• Create and maintain relevant documentation and policies as required by PCI DSS

• Facilitate cross functional team coordination to ensure controls are operating effectively and help identify areas for improvement

• Develop and deliver PCI DSS awareness training for relevant internal teams

• Leverage automated compliance tooling to monitor control health, track remediation, and generate reporting for leadership

• Own preparation of PCI DSS status reporting for management and audit committee meetings

We are looking for someone who has:

• 3+ years of experience focused on PCI DSS in a payments environment

• CISSP, CISA, CISM, PCIP, PCI QSA and/or other relevant certifications

• Solid understanding of network architecture to ensure payment card data is secure

• Strong knowledge of information security frameworks and standards

• Ability to work independently and handle multiple priorities

• Excellent communication and interpersonal skills, with the ability to effectively collaborate with cross-functional teams and communicate both technical and non-technical audit requirements

• Holds self and others accountable to meet commitments

• Demonstrates exceptional organizational and project management skills by maintaining detailed documentation and ensuring timely follow up on action items

🌸 Top-tier health benefits and life insurance

📈 Long-term group savings with employer match, through Wealthsimple for Business

🌴 20 vacation days, 4 wellness days, and unlimited sick and mental health days per year

✈️ 90 days away: work outside Canada for up to 90 days per year

👥 Employee resource groups, including Rainbow (2SLGBTQ), Women of WS, and Black at WS

🌎 We are a hybrid team with over 1,500 employees across North America. The people are one of the best parts of working here: you'll collaborate with incredibly talented, curious, and driven teammates who are deeply committed to doing great work.

Technology & Innovation at Wealthsimple: We move quickly and build thoughtfully. That means we're always looking for better ways to work — whether that's new tools, AI, or rethinking how we approach a problem. We don't expect you to have all the answers, but we do expect curiosity and a willingness to evolve alongside the products we're building.

Inclusion Statement: We're building products for a diverse world, and we need a diverse team to do it well. We strongly encourage applications from everyone, regardless of race, religion, colour, national origin, gender, sexual orientation, age, marital status, or disability status.

Accessibility Statement: We're committed to an accessible hiring experience. If you need any accommodations throughout the interview process, please let us know — we'll work with you to make sure you have what you need. We also welcome any feedback on how we can better accommodate candidates with accessibility needs.

AI in Hiring: We may use artificial intelligence (AI) tools to support parts of our hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our team but don't replace human judgment – all final hiring decisions are made by people. If you have questions about how your data is used, reach out to us.