The ideal candidate will possess a broad skill set and a desire for learning that leverages in-depth information security, networking, IT audit, and payment card industry knowledge along with decision making and analytical skills to validate that PCI DSS controls are being met. This will include advising organizations on the design and implementation of PCI controls, gap remediation, and performing PCI assessments. The position will include understanding and identifying data security risks, designing or assessing controls to mitigate those risks, and documenting observations and recommendations.
- 2+ years of relevant experience in the field(s) of IT audit, consulting, and security or risk management;
- Bachelor’s degree in IT related field (i.e., MIS, CIS, cybersecurity, engineering), or a related field;
- Obtained or working towards CISSP, CISA, CISM, QSA, CGEIT, CCSP, or related certifications;
- Understanding of and audit experience with PCI DSS;
- Working knowledge of network, system, database, and application-level security; and
- Understanding of IT security best practices across multiple domains and security disciplines.
- Strong analytical skills and the ability to understand complex client business processes;
- Ability to analyze cardholder data flows (business and application) to identify risks and scope;
- Ability to review access controls and operating system configurations (server, networking, virtualization, cloud infrastructure, databases, etc.);
- Strong organizational skills with the ability to effectively manage multiple, competing priorities;
- Effective written and verbal communication skills;
- Ability to effectively work with technical and non-technical resources;
- Desire to learn and maintain technical proficiency in the cybersecurity regulatory landscape; and
- Proficient in MS Office Suite.
- Perform information security related compliance assessments, including testing of related controls;
- Actively lead PCI-DSS projects;
- Communicate with project stakeholders to effectively convey requirements and recommendations;
- Develop IT policies, procedures and controls for applications, systems and infrastructure;
- Provide trusted advisory services and guidance to clients that will reduce organizational risk and improve their overall security posture;
- Prepare reports and other deliverables that contain strategy, technical analysis, and findings in connection with PCI engagements and communicate those results to client management;
- Work independently to collect and analyze evidence to support PCI DSS compliance and meet quality assurance requirements; and
- Produce final reports on compliance to detail the controls observed during security assessments in accordance with various security standards and regulations.