Compliance Manager

ROLE OVERVIEW

This role will involve working closely with IT, Human Resources, security, and business teams to ensure that our practices meet the highest standards of regulatory compliance.

1. Compliance Audits and Monitoring:

• Conduct internal audits to assess the organization’s compliance with PCI DSS, SOC 2 Type 2, BCP, and PIPEDA.
• Perform periodic risk assessments and gap analysis to identify and address compliance issues proactively.
• Ensure that all compliance programs are up-to-date and align with industry standards and regulatory requirements.

1. PCI DSS Compliance Oversight:

• Oversee the implementation and maintenance of PCI DSS controls and processes.
• Manage the preparation, execution, and documentation of PCI DSS assessments and audits.
• Work closely with IT and security teams to ensure that proper encryption, access controls, and secure payment practices are in place.

1. SOC 2 Type 2 Compliance Management:

• Oversee the design, implementation, and testing of controls for SOC 2 Type 2 compliance.
• Coordinate with external auditors for the SOC 2 Type 2 audit process and address any findings or issues.
• Collaborate with relevant departments to maintain a secure and compliant IT environment.

1. Business Continuity and Disaster Recovery (BCP):

• Manage the development, implementation, and testing of Business Continuity Plans (BCP) and Disaster Recovery (DR) plans.
• Ensure that the company is prepared for operational disruptions and maintain up-to-date records of BCP tests and drills.
• Work with senior leadership to identify and mitigate potential risks that could affect business continuity.

1. PIPEDA Compliance and Privacy Oversight:

• Ensure the organization’s practices comply with PIPEDA regulations and data privacy requirements.
• Implement and enforce data protection policies and guidelines to safeguard personal information.
• Conduct audits and reviews of data collection, storage, and processing activities to ensure they align with legal and regulatory requirements.

1. Training and Awareness:

• Develop and deliver training programs to employees on compliance-related topics, including PCI DSS, SOC 2, BCP, and PIPEDA.
• Raise awareness on the importance of compliance and data security throughout the organization.
• Stay updated on evolving industry standards and regulatory changes to ensure the organization remains compliant.

1. Reporting and Documentation:

• Prepare regular reports for senior management, highlighting compliance status, audit findings, and areas of improvement.
• Document compliance activities, audit results, and corrective actions taken in accordance with regulatory standards.
• Track and report on compliance KPIs and metrics.

1. Collaboration and Stakeholder Management:

• Act as the primary point of contact for internal and external stakeholders regarding compliance matters.
• Collaborate with external auditors and regulatory bodies as needed.
• Foster a culture of continuous improvement by recommending enhancements to compliance processes and systems.

• CISM (Certified Information Security Manager), PCI Professional, SOC 2, or similar certifications are highly desirable.
• Proven experience (5+ years) in compliance management, specifically with PCI DSS, SOC 2 Type 2, BCP, and PIPEDA.
• Strong understanding of regulatory frameworks and industry standards.
• Experience with audit methodologies and internal control frameworks.
• Strong analytical, problem-solving, and risk management skills.
• Excellent communication and interpersonal skills with the ability to interact with all levels of the organization.
• Knowledge of data privacy laws and IT security best practices.

#LI-KN1