PCI Qualified Security Assessor

Our client is seeking a Payment Card Industry Qualified Security Assessor (PCI QSA) to join their Risk, Security and Privacy Practice. You will work closely with our clients to understand their business, technologies, and processes so that you can assist in designing effective security controls to help them achieve PCI compliance, and to improve enterprise-wide security. As a subject matter expert, you’ll advise clients on data security to help prevent potential security breaches before they occur.  You will lead PCI assessments individually or with a team as well as write Reports on Compliance and Attestations of Compliance. Your experience with various information security concepts will be key to your success for their clients!

• Conduct various information security and compliance assessments and analyses, and provide advice and consultation (e.g., PCI Assessments, Risk Assessments, Gap Analysis, and more).
• Lead meetings, chair conference calls, action follow-ups, and proactively interact with clients to move projects forward to ultimate completion (e.g., Report on Compliance, Attestation of Compliance).
• Create professional reports for clients that detail your assessment findings and clearly articulate your advice.
• Consult with clients to help them understand your findings and their remediation options.
• Serve as Trusted Advisor and provide input on security architecture with regards to PCI and cybersecurity.
• Assist their sales team with pre-sales activities, proposal creation, needs analysis, and solution design.
• Attend industry events and lead webinars and Learning Hours.
• Write summaries and executive briefs.

• 2+ years of experience as a PCI QSA in good standing. 
• 7+ years of experience measuring security controls, IT auditing, business processes, providing advice, and/or related security consulting experience. 
• Good understanding of cloud environments (i.e., AWS, Azure, Google Cloud). 
• Solid understanding of Unix, Linux, Windows, database server configurations, and storage solutions. 
• Understanding of networking systems configurations, including firewalls and other network components. 
• Ability to lead PCI assessments individually or with a team, including CDE scoping, assessment planning, governance reviews, onsite assessment activities, status reporting, report writing, and managing customer resources.
• Experience writing Reports on Compliance and Attestations of Compliance.
• Experience with various information security concepts, including network and wireless security, application security, industry best practices, systems hardening, data encryption, data privacy, incident response, business continuity, physical security, risk assessments, vulnerability scanning and penetration testing report reviews, file integrity monitoring, log monitoring, and documented security governance controls.
• Experience with industry best practices and standards such as PCI DSS, CIS, and NIST, including security hardening techniques. 
• Good understanding of application architecture and software development lifecycle processes, including secure coding techniques. 
• Understanding of server virtualization technologies (e.g., VMware, Hypervisor, Citrix Hypervisor, etc.). 
• One Information Security certification (i.e., CISSP, CISM, or ISO 27001 Lead Implementer) (strongly preferred) 
• 1+ Audit certification (i.e., CISA, GSNA, ISO 27001, Lead Auditor, Internal Auditor, IRCA ISMS Auditor, or CIA) (strongly preferred). 

Our client has a competitive salary, bonuses, RRSP matching, and an AMAZING culture, a supportive environment and team members who are both smart and fun to be around. Our client also offers a competitive compensation and benefits package.

If you are interested in this position and meet the above criteria, please click the ‘Apply for Job’ button below to send your resume securely and in confidence directly to the recruiter in charge of this position. We thank all applicants; however, only those selected for interviews will be contacted.