Manager, Compliance Program & PCI Officer

Description:

Under the general supervision of the Associate Director, GRC, the Compliance Program Manager & PCI Officer is responsible to the Chief Financial Officer and Chief Information Security & Digital Trust Officer for establishing, operationalizing, and sustaining the University of Toronto’s institutional Payment Card Industry Data Security Standard (PCI DSS) compliance program and the broader information security compliance posture of the University. Whilst the Associate Director, GRC retains primary supervisory responsibility, this role maintains a dotted line reporting to the Executive Director, Treasury & Investment Services in Financial Services to provide oversight and guidance on financial risk, payment systems and merchant control considerations.

This role represents a substantive shift from project-based strategic execution to program ownership and operational compliance leadership. The Manager serves as the University’s designated PCI Officer and is accountable for translating a recently completed campus-wide inventory of PCI merchants and payment flows into a fully functioning, auditable PCI compliance program. This includes transforming existing governance structures to deliver policies, standards, processes, roles, training, reporting, and ongoing assurance activities tightly aligned with compliance requirements.

Working closely with an active institutional project team, Financial Services, central ITS teams, divisional IT units, Procurement, Legal, Internal Audit, and merchant business owners across the University, the Manager builds the foundational elements of the PCI compliance framework and transitions it into a steady-state operational program.

As a member of the Information Security management team and in the University Payment Card Steering Committee, the Manager provides subject matter expertise in regulatory and standards-based compliance (with a primary focus on PCI DSS), advises on risk-based prioritization, and supports the maturation of compliance monitoring, reporting, and assurance practices across the tri-campus. The role combines program design, stakeholder engagement, operational oversight, and continuous improvement in a complex, decentralized higher-education environment. 

REQUIRED QUALIFICATIONS:

EDUCATION:

• University degree in Information Technology, Business, Risk Management, Finance, or a related discipline, or an equivalent combination of education and experience.
• Either a PCIP (PCI Professional) or ISA (Internal Security Assessor) or equivalent is preferred.

EXPERIENCE:

• Demonstrated 7 years or more progressive experience in establishing or operating compliance and/or risk management programs in a complex organization.
• Significant experience with PCI DSS compliance strongly preferred.
• Experience in working in a decentralized or higher-education environment is an asset.
• Experience in understanding the regulatory requirements for Information security and Privacy.
• Experience in coordinating cross-functional initiatives without direct authority.
• Experience in building and managing standards-based control sets.

SKILLS:

• Strong understanding of compliance frameworks, risk management concepts, and control-based standards.
• Exceptional attention to detail with a strong focus on accuracy and quality in all deliverables.
• Ability to translate regulatory requirements into practical operational processes.
• Excellent stakeholder engagement, facilitation, and communication skills.
• Strong analytical, organizational, and documentation skills.
• Ability to operate with ambiguity and build new programs from foundational work.

OTHER:

• Ability to comfortably navigate a highly complex and matrix organization to achieve deliverables and launch programs.
• Ability to work independently.
• Proven ability to manage multiple initiatives and deadlines effectively. 
• Strong communication and interpersonal skills, to deliver effective understanding of requirements, fostering consensus, and cultivating relationships with stakeholders across the organization.
• Strategic planner with the ability to translate standards into pragmatic controls and feasible tactical plans

Closing Date: 07/01/2026, 11:59PM ET
Employee Group: Salaried
Personnel Subarea: PM
Appointment Type : Budget - Continuing
Schedule: Full-Time
Pay Scale Group & Hiring Zone:  PM 4 -- Hiring Zone: $106,705 - $124,491 -- Broadband Salary Range: $106,705 - $177,843
Job Category: Information Technology (IT)