Share this Job

Senior Specialist, Payment Security and Compliance

Apply now »

Date: Feb 16, 2021

Location: Kamloops, BC, CA

Company: British Columbia Lottery Corporation

At BCLC, we play fair.  We believe that playing fairly is a serious responsibility and an empowering opportunity. Our commitment to social, economic and environmental responsibility is central to all we do and captured in our slogan “Playing it Right”. From our LEED Metro Vancouver office, to our responsible gambling program, GameSense, we are committed to ensuring that we always consider the impact of our business on the people and communities of BC. At BCLC, we play for BC. We employ—directly and indirectly—almost 26,000 people in gambling operations, related government agencies and charities as well as support services. 

At BCLC, we make it fun to be an adult. For more than 30 years, we’ve entertained customers with a chance to dream and have fun, while delivering revenue to the Government of BC for the benefit of British Columbians. During this time, we've evolved from a lottery corporation to a full-spectrum gambling entertainment company responsible for conducting, managing and operating lottery, casino, community gaming (bingo) and eGaming in BC. We strive to create outstanding gambling experiences and to have our games evolve with the player’s idea of excitement. For us, playing is not all about winning; it’s about entertainment.


Job Summary:
The Senior Specialist, Payment Security & Compliance acts as a subject matter expert in payment security and compliance for BCLC’s Payment Card Industry (PCI) program. This role conducts complex technical work and provides specialized technical advice and recommendations to support to maintain PCI compliance across our various service offerings. 


Key Accountabilities:
•    Conducts complex technical work to maintain PCI compliance across BCLC service offerings including:

  • Developing domain expertise to maintain a deep technical understanding of BCLC’s payment systems and processes; 
  • Validating that all relevant PCI controls and processes are compliant as per current PCI-DSS standards across all business lines;
  • Coordinating and supporting annual Self-assessment Questionnaire (SAQ) and Report on Compliance (ROC) activities with external Qualified Security Assessor (QSA); 
  • Performing analysis of technical controls including firewall reviews, technical changes to Cardholder Data Environment (CDE), vulnerability scan results, and access controls;  
  • Coordinating external ASV scanning and penetration testing to meet compliance requirements. 

•    Develops and maintains information security policies, standards and procedures, and supports the development of applicable technology standards. Maintains and updates all relevant supporting PCI documentation. 
•    Develops and maintains field-specific information security strategies for consideration and input into the Cybersecurity program. 
•    Contributes to corporate projects as a payment security subject matter expert, analyzing solutions, processes & infrastructure, and recommending appropriate information security controls. 
•    Develops recommendations for secure payment solutions, coordinating closely with enterprise architecture teams.
•    Develops and delivers payment security training programs and awareness, both within the Cyber Security team and to other stakeholders within BCLC.
•    Maintains up to date technical knowledge in payment card security and compliance, including awareness and knowledge of new technology, trends, vulnerabilities, exploits and risks to BCLC’s information assets. 
•    Responds to complex requests and handles escalations for major issues.
Minimum Required Qualifications:
Education and Experience

•    A degree or diploma in information security or equivalent in a related discipline;
•    4-6 years of progressive experience in information security, as well as experience in:

  • producing information security metrics and reporting;    
  • Payment Card Industry (PCI) standards (e.g. PCI-DSS, PA-DSS, P2PE, PCI PIN);
  • development and implementation of policies and procedures; 
  • credit cards financial payment processes;

•    Certifications, such as PCIP, PCI-QSA are required;
•    At least one Information Security certification, such as CISSP, CISM or GSEC is an asset;
•    Technology administration certifications such as MCSE, CCIE or RHCE are an asset;
•    An equivalent combination of education and/or experience may be considered.


Technical Requirements
•    Strong knowledge of information security frameworks, and security standards and regulations related to data privacy and security;
•    Strong knowledge of Payment card industry (PCI) standards (e.g. PCI-DSS, PA-DSS, P2PE, PCI PIN);
•    Excellent oral and written communication skills, including the ability to write reports and document procedures; 
•    Proven ability to deal with highly sensitive matters with a high degree of tact and diplomacy;
•    Excellent organizational skills with the ability to prioritize items;
•    Excellent innovation in problem solving and analytical thinking;
•    Excellent business acumen;
•    Excellent ability to manage relationships at all levels with customers, leaders, contractors and team members to effect change.


Please Note: This opportunity will remain open until a qualified candidate pool has been established.

Please Note: Candidates must be legally entitled to work in Canada and be 19 years of age to work at BCLC.

Job Segment: Compliance, Corporate Security, Information Technology, IT Architecture, Legal, Security, Technology