Consultant, PCI QSA

What You'll Do

• Work collaboratively with a team of assessors as a compliance specialist in at least one area of expertise and assist with the planning of assessment for clients
• Draft audit programs that sufficiently address both the required objectives of the regulatory body and the complexity of the client environment
• Autonomously leads interview and inquiry walkthroughs with clients to determine the conformity of environments against stated requirements
• Assess security vulnerabilities against the appropriate security frameworks
• First-level reviewer of drafted audit planning and reporting materials
• Pursues and corroborates conclusions derived from inquiry procedures with client while ensuring diligent interview notes are captured
• Offline and remote evidence inspection of client provided documentation; appropriately mark artifacts requiring follow-up or additional clarification
• Assess client provided documentation for compliance with a variety of standards
• Partner with senior members to prepare and review assessment reports.
• Educate and interpret compliance activities for clients
• Manage priorities and tasks to achieve delivery utilization targets
• Ensures quality products and services are delivered on time per Coalfire quality standards.
• Continuous professional development; maintain industry specific certifications, depth of knowledge, credentials, and designations
• Collaborates and communicates successfully with project managers, quality management and/or other delivery team members to drive customer satisfaction and meet project deliverables.
• Establish and maintain positive collaborative relationships with clients and stakeholders
• Identifies upsell and cross sell opportunities and escalates to appropriate leadership
• Execute, examine, interview and test procedures in accordance with the appropriate control
• Ensure cyber security policies are adhered to and that required controls are implemented
• Understands how to apply quality standards and adheres to a minimum benchmark for quality assurance throughout the documentation of each work product or deliverable
• Provides advice to customers on issues affecting the scope of work in a manner that provides additional value
• Develop documentation and author recommendations associate with your findings on how to improve the customer’s security posture in accordance with appropriate controls
• Travel 25-50%.
• Ability to be successful when working remotely.

What You'll Bring

• 1+ years of experience as an IT Consultant, IT auditor, Business Analyst, or similar role
• One of the following Information Security certifications required or ability to obtain: CISSP, CISM or ISO 27001 Lead Implementer.
• One of the following Audit certifications required or ability to obtain: CISA, GSNA, CIA, IRCA ISMS Auditor or higher, or ISO 27001 Lead Auditor. 
• Bachelor's degree (four-year college or university) or equivalent combination of education and work experience. Degree preferably in Information Systems or Business.
• Strong written and verbal communication skills including quick response time the ability to explain technical matters to a non-technical audience
• Strong Consulting skills: ability to advise and challenge the status quo while building strong relationships
• Ability to build high-trust relationships, rapport and credibility quickly
• Strong personal initiative to appropriately manage time and meet deadlines
• High attention to detail and quality
• Computer and typing skills that permit rapid data collection and note taking
• Has a sense of urgency and ability to multi-task
• Ability to participate and facilitate meetings to small or large groups
• Public speaking and executive presence that solicits attention
• Inquisitive and curious nature with the ability to effectively probe for deeper information
• Diplomatic and broad minded
• Strong technical researcher
• General knowledge of IT audit procedures and cyber security best practices
• Experience and demonstrated ability to independently research a technical topic and develop logical testing approaches
• Experience and demonstrated ability to lead testing sessions for assigned controls.
• Demonstrated experience reading and interpreting security framework criteria

Bonus Points

• Current or Former PCI-QSA certification
• Recent experience as a PCI-DSS Auditor and Assessor, preferably as a PCI-QSA
• Experience working with technologies hosted via cloud computing environments (e.g., Amazon Web Services, Microsoft Azure, Google Cloud Platform
• AWS Solution Architect or other CSP certification