Payments Canada is at the forefront of the Canadian payment ecosystem. Our purpose is to make payments easier, smarter and safer for all Canadians. Every day we are working diligently to ensure your payments are cleared and settled. In 2024 alone, our systems cleared approximately $107 trillion or $424 billion each business day! If you are passionate about payments and want to help ensure that these financial transactions in Canada are carried out safely and securely, working with us is for you! | Who we are We are a public purpose, non-profit organization situated at the center of Canada’s payment ecosystem. We own and operate payment systems that process hundreds of billions of dollars’ worth of payment transactions every business day. We convene ecosystem participants to discuss their multiple and diverse interests and ideas and to navigate industry-level challenges. We adhere to a set of values that are our north star: Inspire trust, build community and enable change.
Payments Canada — where our country connects: Payments Canada — Who we are
| Our culture
With our people in mind, we have created a culture that fosters authenticity, collaboration, innovation and development. We empower one another, make meaningful contributions that not only impact the organization, but our country! We develop and nurture meaningful connections that drive innovation in our ecosystem. We are Payments Canada!
Do you want to make payments easier, smarter and safer for Canada? Join us today! You need to work here if • You love working with passionate, ambitious and collaborative colleagues. • You want to be challenged and lead unique initiatives. • You want to grow, develop and become a subject matter expert in your field. • You want your work to make an impact in your community and country.
Come and join us — where payments meet purpose!
| What we are looking for Reporting to the Manager, Information Security and Technology Risk (ISTR), the Senior Risk Analyst is responsible for three core areas related to Information Security and Technology Risk: executing and managing information security and technology focused risk assessments for payment systems, enterprise technologies, and third parties (Operations); challenging first-line risk inputs and reporting on risk trends to senior leadership (Oversight and Challenge), and supporting the continuous improvement of risk assessment methodologies and processes (Risk Management Approach). | A day in the life Information Security and Technology Risk Operations • Accountable for executing information security and technology risk assessments for payment systems, complex enterprise technologies, and third-parties using established methodologies and frameworks. • Responsible for the quality and integrity of risk assessments and associated lifecycle management, ensuring risks are accurately documented with actionable treatment plans. • Conducts targeted assessments when high inherent risks and/or new strategic threats are identified and mentors junior staff and cross-functional stakeholders on methodology and tooling. Information Security and Technology Risk Oversight and Challenge • Provides review and challenge over the first-line (1LOD) risk management activities such as identified mitigation strategies and control effectiveness or when there are deviations from standards and policies. • Ensures overall risks and treatments are appropriately right-sized and escalates issues to leadership as necessary. • Supports the development of reporting and conducts briefs for senior leadership and external stakeholders on systemic, emerging, and trend-based risks. Serve as a conduit between the operational risk level and the enterprise risk level. Information Security and Technology Risk Management Approach • Executes risk assessments using established methods and frameworks to ensure the integrity of risk lifecycle management activities. • Contributes to the ISTR team’s consistent quality output and refined risk analysis by conducting peer reviews of assessments • Supports the continuous improvement of methodologies, templates, and processes by providing direct feedback on their effectiveness and by collaborating cross-functionally to drive operational process improvements. | What you need to be successful • College or university certificate/diploma/degree in Computer Science, Business, Information Systems/Technology, Cyber Security or related fields. • Information security certifications, both GRC or technical practitioner focused, are assets including those offered by EC-Council, GIAC/SANS, ISACA or ISC2. • Information technology certifications are considered assets including TOGAF or cloud/technology specific practitioner certifications. • AI risk/safety certifications are assets including AAIR, CAISR, RAI, AIGP or TAISE. • Minimum five (5) years’ combined experience in technical GRC, IT architecture/engineering and/or cyber-security roles demonstrating work experience with cyber security processes and controls or equivalent experience in a first- or second-line role. • Strong knowledge of some information security domains, which may include GRC (risk assessment governance, processes and technologies), identity and access management, security architecture/engineering, DevSecOps, cloud security, business continuity and disaster recovery, and security operations. • Knowledge of information technology domains including enterprise architecture (COBIT, TOGAF or SABSA), cloud computing (GCP) and networking. • Knowledge of AI/ML concepts including machine learning algorithms/models, deep learning concepts (i.e. neural networks, large language models, etc.), AI governance (i.e. NIST AI Risk Management Framework, Cloud Security Alliance AI Controls Matrix, etc.) and AI regulatory landscapes. • Knowledge of industry security frameworks, standards, laws, regulations including PIPEDA, NIST/CSE, SOC 2, and/or ISO 27001 • Strong communication skills, to effectively brief leadership on risk analysis outcomes to facilitate risk-informed decision-making. • Cross-functional stakeholder management skills, essential for guiding projects and initiatives to comply with risk lifecycle management requirements. • Eligibility to obtain and maintain a Government of Canada Reliability Status Clearance and can successfully complete enhanced background checks that may be carried out by Payments Canada. | Salary range • Based on qualifications and experience: $88,500 to $118,000. Please submit your application by May 15, 2026.
| What's in it for you? • Flexible, hybrid (remote/office) environment. • Competitive compensation package, including annual variable bonus and defined contribution pension plan with employer matching percentage (if eligible). • Comprehensive health and dental benefit coverage, including mental health coverage, life insurance and a health spending account for you and your dependents (Permanent and temporary employees with contracts 12 months and over). • Paid time off: minimum four weeks paid vacation, sick and personal days, December holiday shutdown and cultural holiday observance days. • 26 weeks of paid maternity and parental leave top-up (if eligible) • Rewards and recognition program. • Access to office gym facilities. • Internal and external professional development opportunities. • Fun team and organizational events. • Monthly all staff forums led by our Executive Leadership Team.
| Our Commitment to Fair Hiring At Payments Canada, we are dedicated to fair, transparent and inclusive hiring. We are an equal opportunity employer and value diversity at our company. Our recruitment process uses automated tools, but not generative AI, to objectively screen and evaluate applications and confirm that a candidate’s qualifications meet job requirements. It is important to remember that these tools support, but do not replace, human decision-making. Our trained recruitment professionals and hiring managers always make the final hiring decisions.
| Our diversity, inclusion and equity commitment At Payments Canada, we are committed to making everyone feel they can be themselves and thrive at work. We will continue to build on a foundation of respect and appreciation for diversity in all forms and collectively create an inclusive and equitable culture where our differences are valued. We are committed to employment equity and actively encourage applications from women, Aboriginal people, persons with disabilities and visible minorities. If selected for an interview, please advise us if you require special accommodation by emailing hrinfo@payments.ca. We thank all applicants for their interest in this opportunity. Preference will be given to Canadian citizens and permanent residents. Only selected candidates will be contacted for an interview.
