ControlCase is looking for an IT Security Assessor (QSA) with significant and current experience in PCI security and auditing. In your role as an Assessor, you will collaborate with interesting clients and work with an international staff to perform security assessments of IT environments against various industry standards and regulations including PCI, HITRUST, ISO 27001/2, HIPAA, NIST, SOC, GDPR and others. Preferred qualifications are experience and knowledge of the practices related to delivering PCI DSS services and active or former PCI QSA certification
The Assessor collaborates with the client and ControlCase teams to partner over the life of a project to ensure and report on cybersecurity controls and compliance.
What does ControlCase offer?
ControlCase is a global service provider and innovator in the use of Compliance as a Service (CaaS) so that businesses can meet regulatory compliance mandates with efficiency and cost effectiveness. ControlCase has successfully assisted hundreds of clients worldwide in becoming compliant with various security standards and regulations in an optimal manner.
100% Employer Paid Benefit package (Medical, Dental, and Vision). Paid time-off.
Quarterly Performance Bonus.
Diverse International Team of IT Professionals.
Professional Development and Career Coaching.
Company Paid training and certifications.
RESPONSIBILITIES
Lead the client audits/assessments and Interface with clients to review and analyze complex systems (Applications, Operating systems, Databases, and Networking devices), to identify risks and vulnerabilities within the client environments as per the requirements defined in the security standards and regulations
Work with client to understand their business processes, analyze sensitive data flows (business and application data flows), network architecture and define the proper audit/assessment scope
Wherever possible provide the audit/assessment scope reduction guidance to client
Work independently with client to perform audit interviews, collect, consolidate, and analyze evidence for the compliance assessment and meet the internal quality assurance requirements throughout the assessment
Provide the consulting guidance and recommendations to clients to help them meet the compliance requirements and improve their security posture in accordance with applicable security controls
Establish and maintain positive collaborative relationships with clients and stakeholders
Produce final reports on compliance to detail the controls observed during security assessments in accordance with various security standards and regulations
Escalates client and project issues to management in a timely manner to inform and engage the necessary resources to address the issue
Collaborates with project managers, internal quality assurance group, sales, and other delivery team members to drive customer satisfaction and meet project deliverables
Work on continuous professional development in maintaining industry specific certifications and strong depth of knowledge in the practice area
This job is remote with travel to client sites as needed
Prefer someone in the US Eastern/Central Time zone.
Salary
Competitive Salary. 130K – 160K USD or greater depending on qualifications.
Location – North America
QUALIFICATIONS AND DESIRED SKILLS
- Must have recent PCI DSS audit or consulting experience
- Bachelor’s degree. A specialization in information assurance is preferred
- At least 5 years’ overall experience in information security
- Ability to analyze network architectures and review the network device (Firewalls/ Switches/ Routers/ IDS/IPS/ Load Balancers etc.) and Servers/ Virtualization Devices configurations
- Good understanding and audit experience for cloud computing environments (e.g., Amazon Web Services, Microsoft Azure, Google Cloud Platform)
- In-depth knowledge in IT Security Policies and Procedures that govern client’s Information Security and Privacy programs
- In-depth knowledge and experience in IT Security, including access controls, network security, logging/monitoring, vulnerability assessments, system hardening, secure software development, application security, encryption, and key management best practices etc.
- In-depth knowledge and experience with PCI DSS standard, Risk Management Standards (NIST/ISO), HIPAA.
- At least one certification from each group is preferred:
- Group 1- CISA, CIA, ISO27001 Lead Auditor
- Group 2- CISSP, ISO27001 Lead Implementer, CISM
- Demonstrated ability to structure and lead projects successfully
When: April 12, 2022