ControlCase

IT Certifications, Continuous Compliance and Cybersecurity Services Provider

You are here: Home / Careers / Cyber Security Assessor / Consultant (PCI DSS) | Remote Tunisia Job
Apply Now

Cyber Security Assessor / Consultant (PCI DSS)

  • Location: Tunisia (Remote)

Typical Responsibilities –

  • Extensive Information/Cyber Security consultancy experience
  • Client facing security delivery expertise
  • Provide subject matter expertise for Payment Card Industry Data Security Standard (PCI DSS)
  • A deep knowledge in at least two of the following: PCI-DSS, ISO27001 (Information Security), Information Assurance, Security Policy, GRC, NIST, GDPR or Data Privacy.

Preliminary Analysis –

  • Identifying all the stakeholders (e.g., IT Project Manager, System admins and Management) of the client to define the pre-requisite and methodology.
  • Work with key stakeholders to translate regulatory requirements and standards into policies, processes, and controls.

Gap Analysis and Scoping –

  • Assess changes to regulatory requirements and standards and determine the impact on internal policies, controls, and processes. Make recommendations for associated changes to policies, controls, and processes, and simplify implementation.
  • Review and validation of the PCI DSS scope and network segmentation controls, payment application design and functionality.
  • Review of all locations and flows of cardholder data, as well as asset inventories.
  • Conducting PCI standards interviews to have a complete map of information/data workflows, processes, and procedures, payment card data flow, information security controls.
  • Conducting technical interviews to understand eventual data security problems from the in-depth technical point of view.
  • Identify and evaluate technology risks, internal controls to mitigate risks, and related opportunities for continuous control improvement. Facilitate and document risk assessments and communicate key findings
  • Producing Scoping and Gap Analysis Documentation.

Remediation –

  • Providing the customer with a remediation plan/gap report.
  • Evaluate the implementation of new technologies/processes and agreements with third-party service providers to ensure continual compliance with regulatory requirements.
  • Drive audit readiness and provide support for Payment Card Industry Data Security Standard (PCI DSS) assessments, Customer Security and Privacy audits.
  • Guiding and supporting all the remediation processes ensuring that the gaps are mitigated correctly.
  • Should have experience working with security and technology teams for the annual PCI DSS assessment and monitor the progress. Few follow-up activities are mentioned below.
    • VA/PT Testing (Network and Application level both)
    • Anti-virus and Malware
    • Configuration Management
    • File Integrity Monitoring
    • Multi-Factor Authentication
    • Encryption and Key Management

Formal Assessment –

  • Conducting technical interviews to understand eventual data security problems from the in-depth technical point of view.
  • Analysis of network diagrams, asset lists to understand the infrastructure used by the customers.
  • Analysis of system configuration, Encryption, Key management.
  • Customer Contract reviews and negotiations regarding data protection clauses, related regulations, and compliance commitments.
  • Conducting PCI DSS/PCI-SSF related interviews with responsible employees to have a complete map of information/data workflows, processes and procedures, payment card data flows, application design and functionality.
  • Analysis of Penetration Testing reports (PCI DSS Compliance Process) and/or performance of applications penetration tests and forensic analysis (PCI-SSF Compliance Process) within ad-hoc penetration testing laboratories.

Documentation –

  • Preparation, validation, of ROC (Reports on Compliance) and AOC (attestation of compliance).
  • Preparation of GAP assessment, health check assessment report.

Experience & Education –

  • Undergraduate degree in Information Management, Computer Science, Engineering, or emphasis in technology or related field.
  • 3+ years of information security experience and/or IT audit / IT security or IT security infrastructure experience.
  • Previous experience working as a PCI QSA is optional.
  • Experience interpreting industry and regulatory requirements and authoring supporting controls.
  • Experience with information security-related frameworks (ISO 27001, NIST, COSO, Cloud Security Alliance).

Skills –

  • Certifications like CISA, CISM, CISSP, ISO 27001 LA/LI (any of these).
  • Experience in technical skills like Virtualization, Cloud technologies, Cryptography principles, Authentication methods and techniques, Integrity controls, Networking (routing, switching, firewall network filtering), Operating Systems (Linux/Unix, Windows).
  • Ability to work with teams to achieve goals and meet deadlines in a fast-paced environment.
  • Works well under pressure and time constraints and can prioritize competing priorities appropriately.
  • Demonstrable understanding of how to network and develop working relationships with various key stakeholders.
  • Strong analytical, research, writing, and communication skills.
  • Communicates effectively with meaningful and articulate verbal discussions. Creates clear and coherent written materials. Synthesizes information into succinct, concise and logical summaries and reports.
  • Excellent interpersonal skills.
  • Strong business and technical acumen.

Competencies –

  • Problem Solving (analysis, helicopter view, problem setting, decision making)
  • Planning and Organization (time management, scheduling, and control)
  • Communication (clearness, listening, persuasion)
  • Networking (reinforce relationships, use emotional intelligence and personal proximity)
  • Results Orientation (delivering solutions, work under strict timelines)
Apply Now