Manager, Compliance Program & PCI Officer

Responsibilities

• Establish, operationalize, and sustain the University's PCI DSS compliance program and broader information security compliance posture
• Serve as the University’s designated PCI Officer, translating merchant inventories and payment flows into an auditable compliance program
• Develop and deliver policies, standards, processes, roles, training, and reporting aligned with compliance requirements
• Provide subject matter expertise in regulatory and standards-based compliance to the Information Security management team and University Payment Card Steering Committee
• Collaborate with Financial Services, central ITS teams, Legal, Internal Audit, and merchant business owners to build foundational compliance frameworks
• Advise on risk-based prioritization and support the maturation of compliance monitoring and assurance practices

Requirements

• University degree in Information Technology, Business, Risk Management, Finance, or a related discipline
• 7+ years of progressive experience in establishing or operating compliance or risk management programs in a complex organization
• Significant experience with PCI DSS compliance
• Experience understanding regulatory requirements for Information Security and Privacy
• Experience building and managing standards-based control sets
• Proven ability to coordinate cross-functional initiatives and navigate complex, matrixed organizations

Preferred Qualifications

• PCIP (PCI Professional) or ISA (Internal Security Assessor) certification or equivalent
• Experience working in a decentralized or higher-education environment

About the Company

The University of Toronto is a global leader in education and research, committed to building a culture of belonging and excellence. We embrace diversity and value the unique perspectives that strengthen our academic mission.