Manager, Security Compliance

We believe small businesses are at the heart of our communities, and championing them is worth fighting for. We empower small business owners to manage their finances fearlessly, by offering the simplest, all-in-one financial management solution they can't live without.

The Manager, Security Compliance is responsible for developing, implementing, and managing the Wave’s security compliance programs. This role ensures that the Wave adheres to relevant regulations, standards, and internal policies, mitigating risks and protecting sensitive information.

• Compliance Program Development: Design, implement, and maintain the organization’s security compliance frameworks. Establish policies and procedures to ensure adherence to applicable laws, regulations, and standards (e.g., AICPA SOC2, SOX, NIST CSF, HIPAA, and PCI-DSS).
• Lead the Security Risk Management team for the automation and engineering-led thinking for security control assessment, evidence collection, and summary reporting.  Monitor emerging regulations and industry trends to update compliance strategies.
• Risk Assessment and Auditing: Conduct regular risk assessments to identify compliance gaps. Plan and oversee internal and external security audits. Collaborate with stakeholders to address findings and implement corrective actions.
• Project Planning and Coordination: Define project scope, goals, and deliverables aligned with IT and cybersecurity objectives. Develop detailed project plans, including timelines, resource allocation, and budgets. Collaborate with IT, security teams, cross functional teams and external vendors to ensure project alignment.
• Training and Awareness: Develop and deliver training programs to educate employees on security and compliance requirements. Promote a culture of compliance and security awareness across the organization.
• Policy Management: Draft, review, and update security policies, standards, and guidelines. Ensure documentation is current and aligns with industry best practices and legal requirements.
• Incident Management and Reporting: Oversee compliance-related incident investigations and resolution. Ensure timely reporting of security incidents to regulatory bodies as required.
• Stakeholder Collaboration: Act as a liaison between departments, including HRB, IT, legal, and executive leadership, to ensure cohesive compliance efforts. Provide regular updates and reports on compliance status and risks to senior management.
• Vendor and Third-Party Management: Assess and monitor third-party vendors to ensure compliance with security requirements. Establish and enforce contractual compliance obligations.

• 5+ years of related professional compliance and controls program experience.
• Bachelor’s degree in Computer Science, Cybersecurity, or a related field.
• Proven experience in security compliance management or a similar role.
• Advanced level knowledge of AICPA SOC 2, SOX, NIST CSF, HIPAA, GDPR and/or ISO 27001.
• Experience leading internal and/or external audits, working as the liaison between auditors and the business.
• Experience implementing automated compliance workflows.
• Strong understanding of Amazon AWS environment and SaaS platform. Comfortable working with both deeply technical and non-technical resources.
• Flexible in daily hours (e.g. willingness to work longer hours during end of quarter and peak periods, and audit).
• Ability to prioritize and track multiple projects and tasks in parallel.

At Wave, you’re treated like the incredible human being you are. 

Work From Where You Work Best: We will always have a welcoming, energizing, and world-class office (in Toronto) with a space for you. Or, if you’re more comfortable working from home, the choice is yours.

We Care About Future You: You will stretch yourself and you will grow at Wave. You will also be supported on this journey with diverse learning experiences, educational allowances, mentorship, and so much more.

We Support the Full You: We make a serious investment in your health & wellness. When we think about benefits we think about body, mind, & soul and we take this stuff very seriously. 

We Take Care of the Fundamentals: Fair compensation, all the office perks you’d want, and the various goodies you’d expect from a growing tech company. This is the obvious stuff, but we don’t want you to think we forgot!

We believe that a diverse and inclusive culture creates the best workplace. We embrace our differences, value individuality, and the broad spectrum of every Waver's skills and abilities. We challenge each other from a place of respect and pursuit of continuous growth. We trust each other and encourage everyone to bring their authentic selves to work, everyday. As Wavers, our voices matter, our opinions are met with an open mind. The best ideas win, no matter whose they are.  Contributing to an inclusive culture is a part of all of our job descriptions. 

We’ve been continuously recognized as one of Canada's Top Ten Most Admired Corporate Cultures and one of Canada’s Great Places to Work in categories including Technology, Millennials, Mental Health, Inclusion and Women.  

Are you ready to be a Waver? Join us!