We're looking for a former PCI-QSA or equivalent. Someone who can verify that a firewall was properly installed. Someone that can confirm whether a policy was implemented. Someone who knows where to look for stored cardholder data in a database. Someone who knows how to appropriately define scope. Very little hand-holding offered in this position; we need someone who can hit the ground running, who has a solid professional demeanor.

Duties

• Conducts internal PCI compliance assessments, gap analyses, and actionable recommendations for remediation
• Provides accurate, complete and timely written documentation for all project phases including pre-project planning, on-going status reports, and project deliverables including technical issues and associated business risks, account management team interaction, and project wrap-up reports
• Communicating with project stakeholders to effectively convey requirements of technical and process improvements.
• Develop customized policies, procedures and controls and technical documentation for applications, systems and infrastructure.
• Possess an in-depth knowledge of IT security and various frameworks (i.e CobiT, NIST, ISO etc.).
• Experience in managing policy exceptions, including working directly with the teams to document exceptions, identify compensating controls and remediation action plans.

Requirements:

• Technical skills in assessing servers (*NIX and Windows), firewalls, and other security platforms for PCI DSS controls required
• Mid to advanced level methods knowledge of the following:
  • Vulnerability scanning
  • Penetration testing (network, system and application)
  • Application development
  • Policy development
  • Forensics
  • Security event monitoring
• Compliance: regulatory, privacy, international laws and statutory requirements.
• Risk: risk frameworks, maturity models, and enterprise IT security risk methodologies.
• Governance: vendor management, policy frameworks, control design and security design/architecture.
• Security architecture: infrastructure, network and systems design with CEH
• Knowledge of and hands-on experience with PCI audits and PCI attestations.

Abilities

• Communicate effectively across business and technical boundaries.
• Work independently without detailed guidance.
• Be proficient in writing executive level reports and technical documentation.

Education and Experience

• Ideally a former QSA (last 3 years) and hold CISSP and CEH
• At least one other Security, Risk or IT certification (i.e. CobiT, CRISC, CISA, CISM, or ISO 27001) achieved.
• Bachelor’s Degree from an accredited 4 year university.
• Minimum 10 years of experience in the Cyber Security, Information Assurance, Enterprise Risk or Compliance field.