Qualified Security Assessor

Job Responsibilities:

• Work on Client identified PCI-related gaps in many of its systems and processes
• Transform the enterprise to evangelize PCI Compliance as a standard operating procedure.
• Establish Program Framework
• Define organizational roles & responsibilities
• Update critical processes, e.g. scope/descope
• Work on FY26 plan & budget forecast
• Discover and Document Enterprise Landscape
• Prioritize past audit findings
• Establish Remediation Framework and plan
• Deploy automation for data lineage, dependency and impact analysis
• Create program metrics and governance framework
• Build complete PCI / Non-PCI asset inventory
• Elaborate PCI related policies and procedures
• Initiate design and implementation for priority items
• Define Tokenization, Encryption & Key Management Strategies
• Ensure alignment with PCI 4 requirements
• Transition to PCI as core discipline
• Preform PCI Scope Reduction
• Modernize and embed PCI Processes
• Integrate enterprise compliance

Skills and Experience Required:

Required:

• Must be Certified PCI DSS QSA from PCI Security Standards Council.
• 10+ years overall experience as an IT Professional Infrastructure, Security, Data Engineering and/or Multi-tiered complex application architecture
• 5+ years of experience with PCI DSS audits
• Expert in PCI DSS standards and compliance requirements
  • Must be able to determine whether the system is subject to PCI audit
  • Clear experience and ability to identify technical, process and documentation requirements to descope systems
• Demonstrated experiences partnering with clients to remediate PCI findings including descoping systems, securing PCI data and ensuring documentation compliance
• Experience establishing PCI compliance programs within complex organizations with a broad range of technology platforms
• Banking, Payments and/or Financial Services experience
• Experience with diverse technology platforms and heterogenous systems (Window/.Net, SQL Server, Java, Linux, Oracle, Cobol, Mainframe, AS400/I-Series, other)
• Strong understanding of Infrastructure storage and network architecture and design for PCI compliance
• Experience with designing/implementing Encryption, Tokenization and other data security mechanisms to either descope systems or bring into compliance
• Excellent verbal and written communication skills
• Must be able to travel for client meetings