IT Security Manager

About PayByPhone 

At PayByPhone, our strength is our people. Behind our product is a talented, creative, and driven multi-disciplinary team united by a shared ambition: to make everyday mobility simpler. We believe innovation should be collaborative, learning should be constant, and work should be enjoyable. As we grow, we’re looking for people who want to grow with us. 

 
Together, we’re on an ambitious mission to create intuitive technology solutions that deliver world-class user experiences. We are a fast-growing, forward-thinking company and already help more than 60 million users across North America and Europe. Our technology helps millions of consumers pay quickly, easily, and securely — without waiting in line, carrying change, or worrying about costly fines. 

About The Role 

Location:  Vancouver (Hybrid)

Employment type: Full-time, Permanent

Reports to:
Chief Information Security Officer

The IT Security Manager will manage and mature a pragmatic security program that protects payment data, customer information, internal systems, and business operations across AWS and corporate platforms, with PCI DSS as the primary compliance priority and SOC 2 as a supporting assurance objective.

Key Responsibilities 

• Manages the security management framework, policies, standards, control evidence, and operating rhythms needed to sustain a PCI DSS-first program while maintaining supporting SOC 2 obligations.
• Lead security operations across cloud and corporate platforms, including AWS security services, Entra ID, Microsoft 365, MDR solution oversight, logging and monitoring, vulnerability management, and access governance.
• Drive investigation and response for security events, control failures, suspicious activity, and potential data exposure scenarios; coordinate containment, remediation, communications, and lessons learned.
• Partner with Engineering, Product, Cloud Platform, and IT to strengthen secure design, application security, change control, segmentation, encryption, hardening, and remediation of security findings.
• Manages security risk management and third-party security oversight by translating control requirements, technical findings, and business risk into prioritized actions and measurable follow-through.
• Lead the team of  Security Analyst(s) while influencing cross-functional stakeholders through strong critical thinking, sound judgment, and a persuasive approach to change.

 Key Requirements 

• 5+ years of progressive experience in information security, security compliance, cloud security, or security engineering, including hands-on ownership of controls and remediation programs.
• Bachelor’s degree in computer science, Information Security, Information Systems, or equivalent practical experience.
• Experience with PCI DSS and payment-security control environments; experience with SOC 2, ISO 27001, or related frameworks is helpful.
• Working knowledge of AWS and modern SaaS security, including IAM, Entra ID, Microsoft 365, logging, monitoring, segmentation, encryption, vulnerability management, and workload security.
• Experience with people management and growing team capbilies
• Experience with security operations fundamentals such as SIEM or log management, MDR or managed detection oversight, alert triage, incident response coordination, vulnerability scanning, penetration test remediation, and access reviews.
• Experience partnering with software engineering teams on secure SDLC, application security, and change management in fast-moving delivery environments.
• Ability to write clear policies, standards, procedures, risk summaries, executive updates, and audit evidence with a high level of precision and follow-through.
• Able to move comfortably between strategic planning, control design, hands-on validation, and day-to-day operational follow-up.
• Confident communicator with technical accuracy or practical focus who is comfortable working with executives, auditors, engineers, and business teams.
• Organized and detail-oriented, with strong critical thinking, sound prioritization, and good judgment in risk-based decision making.
• Persuasive and practical in driving change cross-functionally.
• Comfortable reading technical documentation, architecture diagrams, logs, tickets, and code or scripts when needed to validate security posture.

What We Offer 

Compensation: The expected salary range for this role is $120,000 – $140,000 CAD. Final compensation will be based on factors such as experience, skills, qualifications, and internal equity. 

Vacation: All permanent full-time employees start with 4 weeks of vacation per year. 

Personal Days: We provide 5 personal days annually, in addition to paid sick days, to support flexibility and work-life balance. 

Comprehensive medical & dental coverage: Available to all permanent full-time employees on Day 1, with no waiting period. 

Employee Assistance Program (EAP): Access to confidential support services and resources for you and your family. 

Career Growth & Learning Support: Opportunities for professional development, continuous learning, and career progression. 

Working at PayByPhone 

We operate in a world that’s constantly evolving — and change is something we embrace. Our values guide how we show up for one another and for our customers every day. In short, we: 

• Make things happen 

• Stay curious 

• Work together 

• Have fun 

• See through our customers’ eyes 

These principles shape how we collaborate, innovate, and deliver on our commitments. 

 
We’re also committed to fostering a diverse and representative workforce and an inclusive environment where everyone is treated with respect and fairness. We do not tolerate discrimination or harassment in our workplace or throughout our hiring process. Our hiring decisions are grounded in business needs, role requirements, and individual qualifications — ensuring we reflect the talent and communities we serve. 

PayByPhone is committed to providing accommodation throughout the recruitment process. If you require accommodation, please reach out to us at askhr@paybyphone.com. 

 
Want to see our values in action? Visit our Instagram and LinkedIn. Curious about the story behind our values? Head over to our About Us page to learn more.