If you are committed to public service, enjoy collaborating with others, share our values and have a desire to learn and grow, join The City of Calgary. City employees deliver the services, run the programs and operate the facilities which make a difference in our community. We support work-life balance, promote physical and psychological safety, and offer competitive wages, pensions, and benefits. Together we make Calgary a great place to make a living, a great place to make a life.

The City is committed to fostering a respectful, inclusive and equitable workplace which is representative of the community we serve. We welcome those who have demonstrated a commitment to upholding the values of equity, diversity, inclusion, anti-racism and reconciliation. Applications are encouraged from members of groups that are historically disadvantaged and underrepresented. Accommodations are available during the hiring process, upon request.

The City of Calgary's Cyber Security business unit safeguards the information, technology, and operational systems that enable the delivery of services to Calgarians.

As a Cyber Security Advisor, you will be responsible for authoritative and strategic advisory services pertaining to cyber security of assets including data, information, technology systems and processes. You will drive the enterprise-wide Payment Card Industry Data Security Standard (PCI DSS) compliance roadmap while contributing more broadly to the City's cyber security risk management and governance mandate. Primary duties include:

• Provide authoritative advisory guidance for The City's PCI DSS compliance program and broader cyber security regulatory compliance strategic initiatives while aligning with Cyber Security's risk management program.
• Lead and coordinate multidisciplinary groups across diverse business units including Cyber Security, technology, finance, citizen-facing service providers and external parties including Qualified Security Assessors (QSAs), vendors, and payment processors to achieve and sustain PCI DSS compliance without formal supervisory authority.
• Serve as The City's primary point of contact for PCI compliance activities, including audit readiness, risk assessment coordination, maintaining compliance documentation including attestations, Self-Assessment Questionnaires (SAQs), and payment system data flow diagrams, evidence management, and supporting related compliance and assurance programs.
• Provide advisory guidance and interpretation on core PCI requirements and domain areas to inform PCI impact on:
  • Cyber Security architectural, operational and incident response processes and controls;
  • Development, implementation, modification and change management of payment systems;
  • Procurements, new business initiatives or transformations of payment-related services and systems;
  • Overall PCI compliance scope, to rigorously minimize the attack surface.
• Define baseline control performance measures and evaluate the effectiveness of controls against expectations to protect cardholder and other sensitive data; identify control performance gaps and provide actionable advice on remediation strategies and compensating controls.
• Establish and deliver Key Performance Indicators (KPIs) for PCI compliance health metrics and cyber security risk reports; contribute to executive briefings and governance documentation that support and sustain a risk-aware culture.

Qualifications

• A diploma in Computer Science, Information Technology, Cyber Security, Business Administration, or a related field and at least 8 years of experience in cyber security, vulnerability or risk management, cyber security architecture, software engineering, or a related function, OR;
• A degree in Computer Science, Information Technology, Cyber Security, Business Administration, or a related field and at least 5 years of employment experience in cyber security, vulnerability or risk management, cyber security architecture, software engineering, or a related function.
• One or more recognized, current cybersecurity or risk management certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified in Risk and Information Systems Control (CRISC) is required.
• Demonstrated experience in PCI DSS v4.0.x compliance, scoping and assessing CDE environments and/or other regulated, security-sensitive technology environments is required.
• PCI-specific credentials such as PCI Professional (PCIP) will be considered a strong asset.
• Demonstrated experience with continuous monitoring, automated logging, and cloud-native environments is an asset.
• Demonstrated Project Management skills will also be an asset.
• Success in this position requires highly developed communication and relationship building skills.
• You have a well-developed ability to influence without authority and build a shared vision for security outcomes.

Working Conditions: Occasional coordination with vendors or assessors outside of regular business hours may be required to support PCI assessments, compliance deadlines, or time-sensitive advisory activities.

Pre-employment Requirements

• A security clearance will be conducted.
• Successful applicants must provide proof of qualifications.

Workstyle: This position may be eligible to work from home as one of several flexible work options available to City employees. Such arrangements are based on the operational requirements of the position and employee suitability and are subject to change based on operational needs and corporate direction.

Position and Pay Information

• Business Unit: Cyber Security
• Union: CUPE Local 38
• Position Type: 3 Permanent
• Compensation: Pay Grade 13 $50.92 - 68.15 per hour
• Hours of work: Standard 35 hour work week.
• Days of work: This position works a 5-day work week with 1 day off in a 3 week cycle.
• Location: 133 6 Avenue SE
• Audience: Internal/External
• Apply By: June 9, 2026
• Job ID: 314356