Share this Job

Manager, Payment Security and Compliance

Apply now »

Date: Feb 16, 2021

Location: Kamloops, BC, CA

Company: British Columbia Lottery Corporation

At BCLC, we play fair.  We believe that playing fairly is a serious responsibility and an empowering opportunity. Our commitment to social, economic and environmental responsibility is central to all we do and captured in our slogan “Playing it Right”. From our LEED Metro Vancouver office, to our responsible gambling program, GameSense, we are committed to ensuring that we always consider the impact of our business on the people and communities of BC. At BCLC, we play for BC. We employ—directly and indirectly—almost 26,000 people in gambling operations, related government agencies and charities as well as support services. 

At BCLC, we make it fun to be an adult. For more than 30 years, we’ve entertained customers with a chance to dream and have fun, while delivering revenue to the Government of BC for the benefit of British Columbians. During this time, we've evolved from a lottery corporation to a full-spectrum gambling entertainment company responsible for conducting, managing and operating lottery, casino, community gaming (bingo) and eGaming in BC. We strive to create outstanding gambling experiences and to have our games evolve with the player’s idea of excitement. For us, playing is not all about winning; it’s about entertainment.


Job Summary:
The Manager, Payment Security & Compliance is responsible for leading BCLC’s Payment Card Industry (PCI) Compliance program. This role will lead and manage the development and ongoing requirements of an enterprise PCI program that encompasses all business lines that store, process, or transmit credit card data.  The Manager, Payment Security & Compliance proactively ensures BCLC meets its PCI Compliance requirements by educating and supporting the business, and overseeing activities related to the protection of cardholder data. 


Key Accountabilities:
•    Leads the Payment Security & Compliance team in support of BCLC’s PCI Compliance program, key business initiatives and corporate strategies.
•    Establishes and maintains an enterprise PCI Compliance program, assessing BCLC’s PCI risk and compliance, and overseeing activities related to the protection of cardholder data against unauthorized/accidental alteration, loss, disclosure or destruction.
•    Manages resourcing and delivery of annual PCI Self-Assessment Questionnaires (SAQ’s) and Reports on Compliance (ROC’s).
•    Oversees activities undertaken meet the Payment Card Industry Data Security Standard (PCI-DSS).  
•    Maintains up to date technical knowledge in payment card security and compliance, including awareness and knowledge of new technology, trends, vulnerabilities, exploits and risks to BCLC’s information assets. 
•    Develops and manages relationships across the organization, informing and educating business stakeholders of their role and obligations in PCI compliance and supporting business units in the integration of PCI controls and processes into systems. 
•    Develops and manages relationships with third-party vendors and payment processors.
•    Establishes and maintains effective relationships and works collaboratively across departments. 
•    Models leadership behaviors that support employee engagement, such as practicing meaningful recognition, inspiring a shared vision, communicating with employees regularly, coaching/mentoring, managing performance, and supporting culture and change management initiatives.

Minimum Required Qualifications:
Education and Experience

•    Degree or diploma in Information Security or equivalent in a related discipline, supplemented by industry-recognized professional courses;
•    5 -7 years related experience with a minimum of 2 years in a leadership role; including considerable experience in:

  • Payment card industry (PCI) standards (e.g. PCI-DSS, PA-DSS, P2PE, PCI PIN);
  • implementing and sustaining a PCI compliance framework;
  • Development and implementation of policies and procedures; 
  • Credit cards financial payment processes;

•    Certifications, such as PCIP, PCI-QSA, CISSP, CRISC, CISM, CIPP are desirable;
•    An equivalent combination of education and/or experience may be considered.


Technical Requirements
•    Solid understanding of information security frameworks (e.g. ISO/IEC 27000-series), security standards (e.g. SSAE16, SOC1/2), and regulations related to data confidentiality;
•    Solid understanding of relevant legislation;
•    Solid understanding of Payment card industry (PCI) standards (e.g. PCI-DSS, PA-DSS, P2PE, PCI PIN) and credit card financial payment processes;
•    Strong technical skills in information security (Application and OS hardening, vulnerability assessments, security audits, networking, IDS, firewalls, etc.)
•    Excellent ability to manage relationships at all levels with vendors, leaders, contractors and team members; 
•    Excellent oral and written communication skills, including the ability to compile reports and provide feedback;
•    Proven ability to deal with sensitive matters with a high degree of tact and diplomacy;
•    Ability to manage time efficiently and ability to plan and organize workload and consistently meet deadlines, often under pressure;
•    Strong business acumen;
•    Excellent innovation in problem solving and analytical thinking skills.


Please Note: This opportunity will remain open until a qualified candidate pool has been established.

Please Note: Candidates must be legally entitled to work in Canada and be 19 years of age to work at BCLC.

Job Segment: Compliance, Corporate Security, Manager, Information Security, Legal, Security, Management, Technology