We are looking for a capable IT Security and Compliance Manager, who enjoys remote security work and possesses both deep and wide expertise in the information security space.

　　You will make things more secure by protecting system boundaries, keeping computer systems and network devices hardened against attacks and securing highly sensitive data. Qualified candidates will have a background in security or systems engineering.

　　The base salary for this role is: $90,000-$130,000

　　Job Summary:

　　As the IT Security and Compliance Manager at Mogo and its subsidiaries, you are entrusted with spearheading the organization's comprehensive security and IT Compliance strategy. This role is pivotal in managing a broad spectrum of responsibilities across the main company and its subsidiaries, including overseeing PCI DSS Level 1 Service Processor compliance, coordinating with external QSAs, and upholding the highest standards of data protection and cybersecurity practices. You will ensure adherence to stringent industry standards and safeguard our fintech environment.

　　Key Responsibilities:

　　PCI DSS Compliance – Level 1 Service Processor : Lead PCI DSS compliance initiatives as a Level 1 Service Provider, ensuring rigorous implementation of controls and adherence to standards for high-volume transaction processing.

　　External QSA Coordination : Work closely with external Qualified Security Assessors for regular PCI DSS audits and assessments, ensuring compliance and effective communication.

　　Custom Code Review Oversight : Manage the review of custom code for security vulnerabilities, upholding compliance with industry standards.

　　Vulnerability and Penetration Testing Management : Oversee internal and external vulnerability scans, as well as penetration testing, to identify and address security weaknesses.

　　Compliance Leadership and Audit Management : Conduct comprehensive compliance assessments, audits, and reviews, overseeing the implementation of corrective actions.

　　Cross-Functional Regulatory Compliance Collaboration : Engage in cross-functional teams, ensuring alignment of user activities and system processes with regulatory, security, privacy, and legal requirements.

　　Due Diligence Documentation : Lead the completion of due diligence documents. Ensure accurate and timely documentation across multiple departments.

　　Security Event Management : Manage security event monitoring systems and respond to security incidents swiftly and effectively.

　　Continuous Compliance Monitoring : Perform ongoing security compliance monitoring in coordination with other organizational functions.

　　Risk Management and Incident Response Planning : Manage risk indicators and enhance incident response plans and scenarios.

　　Security Awareness and Training : Develop and conduct security awareness training programs and phishing campaigns to enhance the cybersecurity knowledge and readiness of all employees.

　　Key Performance Indicators:

　　PCI DSS Compliance Metrics : Track effectiveness and timeliness of implementing PCI DSS controls as a Level 1 Service Processor.

　　Custom Code Review KPIs (Vulnerability Detection Rate, Time to Remediate, etc.)

　　Vulnerability Resolution Efficiency : Rate of successful identification and mitigation of vulnerabilities from scans and tests.

　　Audit Compliance Rate : Success rate in meeting compliance standards in audits and reviews.

　　Incident Response Time : Track the average time taken to respond to and mitigate security incidents identified during scans and tests.

　　Required Certifications and Skills:

　　Bachelor’s degree in Information Technology, Cybersecurity, or a related field.

　　Certifications: CISSP, CISM, CRISC, or equivalent.

　　Extensive experience in managing PCI DSS compliance, particularly for Level 1 Service Processors.

　　Proficiency in coordinating with external QSAs and managing comprehensive security audits.

　　Strong background in IT security, particularly in a fintech setting.

　　Must be located in Canada

　　Skilled in risk management, incident response, and conducting security audits.

　　Preferred Qualifications:

　　Master’s degree in Information Security or a related field.

　　Additional certifications such as CEH, GCIH, or similar.

　　Experience with cloud security, AI-based security systems, and big data analytics.

　　Benefits of working with us:

　　Remote Work - Enjoy the flexibility of remote work, supported by necessary resources.

　　Comprehensive Health and Wellness - Access medical, dental, and vision coverage.

　　Stock Options - Have a stake in the company's success through stock options.

　　Work-Life Balance - Benefit from paid time off, including vacation days, holidays, and personal days.

　　Innovative and Inclusive Culture - Engage in cutting-edge projects and be part of an inclusive workplace with diversity and equality programs.

　　Wellbeing Programs - Access counseling services, mental health support, and additional wellness resources.

　　About Us

　　We help make it easy for Canadians to achieve financial freedom while making a positive impact. We live in the most innovative and technologically advanced era, yet so much struggle exists. Most of us are far from where we want to be financially. We all want a better future. A better world where reaching financial freedom is a question of when, not if. One that's equitable so that all can prosper. One that's safe from the impact of climate change. Our money has the power to change the world. It’s up to us to do things differently.

　　Apply today! Mogo is an inclusive place to spend your work life. We hire team members for their talent and diverse backgrounds. Bring your unique perspective to Mogo and help our customers achieve their best financial lives.

　　Powered by JazzHR