o Assist with conducting internal PCI compliance assessments, gap analyses, and actionable recommendations for remediation
o Provides accurate, complete and timely written documentation for all project phases including pre-project planning, on-going status reports, and project deliverables including technical issues and associated business risks, account management team interaction, and project wrap-up reports
o Communicating with project stakeholders to effectively convey requirements of technical and process improvements.
o Assist with developing customized policies, procedures and controls and technical documentation for applications, systems and infrastructure.
o Assist in managing policy exceptions, including working directly with the teams to document exceptions, identify compensating controls and remediation action plans.
6 month contract
open to some remote work plus onsite work
o Ideally a former QSA (last 3 years) and hold CISSP and CEH
o At least one other Security, Risk or IT certification (i.e. CobiT, CRISC, CISA, CISM, or ISO 27001) achieved.
o Technical skills in assessing servers (*NIX and Windows), firewalls, and other security platforms for PCI DSS controls required
o Mid to advanced level methods knowledge of the following:
Penetration testing (network, system and application)
Security event monitoring
o Compliance: regulatory, privacy, international laws and statutory requirements.
o Risk: risk frameworks, maturity models, and enterprise IT security risk methodologies.
o Governance: vendor management, policy frameworks, control design and security design/architecture.
o Security architecture: infrastructure, network and systems design with CEH
o Knowledge of and hands-on experience with PCI audits and PCI attestations.