Jefferson Wells is looking to add a Quality Security Assessor (QSA) to our Cyber Security Center of Expertise.
Job Title: Security Professional/Qualified Security Assessor (QSA)
Location: Remote with travel up to 20%
Salary: $125 - 175K
Job Description:
The Security Professional QSA will perform assessments of clients' compliance with the Payment Card Industry Data Security Standard (PCI DSS) covering all phases of our defined compliance methodology. This individual will have extensive interactions relating to technical, procedural, and documentation controls with a wide range of technology and business functions that are required to be compliant. Activities may include assessing, managing, driving and tracking all PCI compliance-related activities, including the identification of compliance gaps, the development of remediation plans, monitoring compliance status, and ultimate completion of Reports of Compliance (RoC), Self-Assessment Questionnaires (SAQ), and Attestations of Compliance (AoC) consistent with all PCI Standards Security Council (SSC) requirements and specifications.Â
The individual is expected to possess superior skills in problem-solving, project management, compliance/risk analysis, knowledge of information security processes and technology, technical report writing, and strong client handling and consultative skills. This professional should also have experience in more than one of the following skills: performing security assessments of networks, systems, policies, and processes; applying information security and risk-related frameworks (e.g., ISO/IEC 27001/2, NIST 800-53, OWAP, etc.).
Typical Duties:
- Conduct PCI DSS compliance assessment, resulting in a Report on Compliance or Self-Assessment Questionnaire and the corresponding Attestation of Compliance for either
- Conduct PCI DSS readiness assessment, providing guidance and recommendations in preparation for formal compliance assessment
- Interact with various customer technical groups, business groups, subject matter experts, and key stakeholders to conduct interviews and identify and collect evidence required for the assessment
- Perform other (non-PCI ) Security Assessments focused on security infrastructure technology, people and processes vs. requirements defined in common or proprietary security frameworks
- Identify areas requiring remediation (i.e., issues or gaps) or potential areas of improvement within the compliance process
- Demonstrate critical thinking and creative analysis techniques in executing tests and distilling test results, and providing actionable recommendations for mitigation of gaps and improvements or enhancements to existing processes and procedures
- Maintain and regularly communicate project status for stakeholder and management review.
- Create and deliver reports that effectively capture, explain, and communicate the results of assessments to varying technical and business audiences
- Contribute to the development of services, methodologies, and collateral materials (e.g., templates, marketing materials, SOW’s, etc.) required to define and deliver the services of the practice.
Basic Qualifications and Skills:
- 5+ years’ experience in Information Security and performing compliance assessments
- 3+ years’ experience as a certified QSA (version 3.2.1 of the PCI DSS)
- Strong background in Information Technology Infrastructure
- Maintain a current security certification (i.e., CISSP, CISM, ISO 27001 Lead Implementor, METI – Registered Information Security Specialist)
- Maintain a current audit certification (i.e., CISA, GIAC GSNA, ISO 27001 Lead Auditor, IRCA ISMS LeadPrincipal Auditor, IIA Certified Internal Auditor)
- Ability to work collaboratively with key customer stake holder (e.g., process owners, technical resources ) and other team members
- Excellent time management, written documentation, and oral presentation skills
- Current QSA Certification – preferred
- Familiarity with multiple security (NIST, ITIL, CobiT, ISO) and regulatory (HIPAA, GLBA, SOX, etc.)
- 3+Â years consulting experience preferred
- Experience or familiarity with Cloud environments andor Cloud Security
- Experience or familiarity with Application Security
- Experience or familiarity with Information systems security
- Experience or familiarity with Network, design, configuration, and security
- Experience or familiarity with conducting Risk Assessment
- College degree in technical discipline desired
- Additional PCI SSC certifications (e.g., ASV, QPA, ISA, P2PE Assessor 3DES Assessor, etc.) is a plus
- Experience with Microsoft Office products and the ability to develop clear, concise presentation materials and reports using PowerPoint, Word, and Excel
- Willingness to travel  as needed to deliver to clients across the U.S.