IT Security Assessor (QSA) – North America Job Description

ControlCase is looking for an IT Security Assessor (QSA) with significant and current experience in PCI security and auditing. In your role as an Assessor, you will collaborate with interesting clients and work with an international staff to perform security assessments of IT environments against various industry standards and regulations including PCI, HITRUST, ISO 27001/2, HIPAA, NIST, SOC, GDPR and others. Preferred qualifications are experience and knowledge of the practices related to delivering PCI DSS services and active or former PCI QSA certification

The Assessor collaborates with the client and ControlCase teams to partner over the life of a project to ensure and report on cybersecurity controls and compliance.

What does ControlCase offer?

ControlCase is a global service provider and innovator in the use of Compliance as a Service (CaaS) so that businesses can meet regulatory compliance mandates with efficiency and cost effectiveness. ControlCase has successfully assisted hundreds of clients worldwide in becoming compliant with various security standards and regulations in an optimal manner.

100% Employer Paid Benefit package (Medical, Dental, and Vision). Paid time-off.
Quarterly Performance Bonus.
Diverse International Team of IT Professionals.
Professional Development and Career Coaching.
Company Paid training and certifications.

RESPONSIBILITIES

Lead the client audits/assessments and Interface with clients to review and analyze complex systems (Applications, Operating systems, Databases, and Networking devices), to identify risks and vulnerabilities within the client environments as per the requirements defined in the security standards and regulations

Work with client to understand their business processes, analyze sensitive data flows (business and application data flows), network architecture and define the proper audit/assessment scope

Wherever possible provide the audit/assessment scope reduction guidance to client

Work independently with client to perform audit interviews, collect, consolidate, and analyze evidence for the compliance assessment and meet the internal quality assurance requirements throughout the assessment

Provide the consulting guidance and recommendations to clients to help them meet the compliance requirements and improve their security posture in accordance with applicable security controls

Establish and maintain positive collaborative relationships with clients and stakeholders

Produce final reports on compliance to detail the controls observed during security assessments in accordance with various security standards and regulations

Escalates client and project issues to management in a timely manner to inform and engage the necessary resources to address the issue

Collaborates with project managers, internal quality assurance group, sales, and other delivery team members to drive customer satisfaction and meet project deliverables

Work on continuous professional development in maintaining industry specific certifications and strong depth of knowledge in the practice area

This job is remote with travel to client sites as needed

Prefer someone in the US Eastern/Central Time zone.

Salary

Competitive Salary. 130K – 160K USD or greater depending on qualifications.

Location – North America

QUALIFICATIONS AND DESIRED SKILLS

• Must have recent PCI DSS audit or consulting experience
• Bachelor’s degree. A specialization in information assurance is preferred
• At least 5 years’ overall experience in information security
• Ability to analyze network architectures and review the network device (Firewalls/ Switches/ Routers/ IDS/IPS/ Load Balancers etc.) and Servers/ Virtualization Devices configurations
• Good understanding and audit experience for cloud computing environments (e.g., Amazon Web Services, Microsoft Azure, Google Cloud Platform)
• In-depth knowledge in IT Security Policies and Procedures that govern client’s Information Security and Privacy programs
• In-depth knowledge and experience in IT Security, including access controls, network security, logging/monitoring, vulnerability assessments, system hardening, secure software development, application security, encryption, and key management best practices etc.
• In-depth knowledge and experience with PCI DSS standard, Risk Management Standards (NIST/ISO), HIPAA.
• At least one certification from each group is preferred:
  • Group 1- CISA, CIA, ISO27001 Lead Auditor
  • Group 2- CISSP, ISO27001 Lead Implementer, CISM
• Demonstrated ability to structure and lead projects successfully