SonicJobs Logo
Left arrow iconBack to search

Qualified Security Assessor (QSA)

Jefferson Wells
Posted 4 days ago, valid for 6 months
Location

Denver, CO 80202, US

Salary

$95 - $115 per hour

Contract type

Full Time

By clicking above, you consent to your information being processed by Appcast and transmitted to the employer. See our Privacy Policy and Job Seeker Terms of Use.

Sonic Summary

info
  • The position of Qualified Security Assessor (QSA) is a remote role with up to 20% travel, offering a salary range of $125K - $175K per year.
  • Candidates must have at least 5 years of experience in Information Security and a minimum of 3 years as a certified QSA.
  • The role involves conducting PCI DSS compliance assessments and interacting with various technical and business groups to ensure compliance.
  • Strong skills in problem-solving, project management, and technical report writing are essential for success in this position.
  • Applicants must reside in the USA and be authorized to work for any employer.

Job Description: Qualified Security Assessor (QSA)

Location: 100% Remote, travel up to 20%
Pay Rate: $125K - $175K 
Position Type: Direct Hire (Billable Expert)
Years of Experience:  5+ Years in Information Security, 3+ Years as QSA

Certification: Current or former QSA Certified professional (within the past 6 years)
Work Authorization: Must reside in the USA, and be authorized to work for any employer


Job Description:

The Security Professional QSA will perform assessments of client’s compliance with the Payment Card Industry Data Security Standard (PCI DSS) covering all phases of our defined compliance methodology. This individual will have extensive interactions relating to technical, procedural, and documentation controls with a wide range of technology and business functions that are required to be compliant. Activities may include assessing, managing, driving  and tracking all PCI compliance-related activities, including the identification of compliance gaps, the development of remediation plans, monitoring compliance status, and ultimate completion of Reports of Compliance (RoC), Self-Assessment Questionnaires (SAQ), and Attestations of Compliance (AoC) consistent with all PCI Standards Security Council (SSC) requirements and specifications. 

The individual is expected to possess superior skills in problem-solving, project management, compliance/risk analysis, knowledge of information security processes and technology, technical report writing, and strong client handling and consultative skills. This professional should also have experience in more than one of the following skills: performing security assessments of networks, systems, policies, and processes; applying information security and risk-related frameworks (e.g.,  ISO/IEC 27001/2, NIST 800-53, OWAP, etc.).

The successful candidate will be able to work effectively in both individual or team environments, and must be a self-starter, who is able to contribute to the overall success of the client delivery team.

Typical Duties:

  • Conduct PCI DSS compliance assessment, resulting in a Report on Compliance or Self-Assessment Questionnaire and the corresponding Attestation of Compliance for either
  • Conduct PCI DSS readiness assessment, providing guidance and recommendations in preparation for formal compliance assessment
  • Interact with various customer technical groups, business groups, subject matter experts, and key stakeholders to conduct interviews and identify and collect evidence required for the assessment
  • Perform other (non-PCI ) Security Assessments focused on security infrastructure technology, people and processes vs. requirements defined in common or proprietary security frameworks
  • Identify areas requiring remediation (i.e., issues or gaps) or potential areas of improvement within the compliance process
  • Demonstrate critical thinking and creative analysis techniques in executing tests and distilling test results, and providing actionable recommendations for mitigation of gaps and improvements or enhancements to existing processes and procedures
  • Maintain and regularly communicate project status for stakeholder and management review.
  • Create and deliver reports that effectively capture, explain, and communicate the results of assessments to varying technical and business audiences
  • Contribute to the development of services, methodologies, and collateral materials (e.g., templates, marketing materials, SOW’s, etc.) required to define and deliver the services of the practice.
Basic Qualifications and Skills:
  • 5+ years’ experience in Information Security and performing compliance assessments
  • 3+ years’ experience as a certified QSA (version 3.2.1 of the PCI DSS)
  • Strong background in Information Technology Infrastructure
  • Maintain a current security certification (i.e., CISSP, CISM, ISO 27001 Lead Implementor, METI – Registered Information Security Specialist)
  • Maintain a current audit certification (i.e., CISA, GIAC GSNA, ISO 27001 Lead Auditor, IRCA ISMS LeadPrincipal Auditor, IIA Certified Internal Auditor)
  • Ability to work collaboratively with key customer stake holder (e.g., process owners, technical resources ) and other team members
  • Excellent time management, written documentation, and oral presentation skills
Additional Desired Qualifications and Skills:
  • Current QSA Certification – preferred
  • Familiarity with multiple security (NIST, ITIL, CobiT, ISO) and regulatory (HIPAA, GLBA, SOX, etc.)
  • 3 -5 years consulting experience preferred
  • Experience or familiarity with Cloud environments andor Cloud Security
  • Experience or familiarity with Application Security
  • Experience or familiarity with Information systems security
  • Experience or familiarity with Network, design, configuration, and security
  • Experience or familiarity with conducting Risk Assessment
  • College degree in technical discipline desired
  • Additional PCI SSC certifications (e.g., ASV, QPA, ISA, P2PE Assessor 3DES Assessor, etc.) is a plus
  • Experience with Microsoft Office products and the ability to develop clear, concise presentation materials and reports using PowerPoint, Word, and Excel
  • Willingness to travel  as needed to deliver to clients across the U.S.

What's in it for you?
  • Pay Range = $95-115/Hour
  • Remote working environment with up to 20% travel to client locations
Why should you choose Jefferson Wells? 
  • Medical, Dental, Vision, 401k
  • Weekly pay with direct depos
  • Consultant Care support
  • Free training to upgrade your skills
  • Dedicated Career Partner to help you achieve your career goals


About ManpowerGroup, Parent Company of:  Manpower, Experis, Talent Solutions, and Jefferson Wells
ManpowerGroup® (NYSE: MAN), the leading global workforce solutions company, helps organizations transform in a fast-changing world of work by sourcing, assessing, developing, and managing the talent that enables them to win. We develop innovative solutions for hundreds of thousands of organizations every year, providing them with skilled talent while finding meaningful, sustainable employment for millions of people across a wide range of industries and skills. Our expert family of brands – Manpower, Experis, Talent Solutions, and Jefferson Wells – creates substantial value for candidates and clients across more than 75 countries and territories and has done so for over 70 years. We are recognized consistently for our diversity - as a best place to work for Women, Inclusion, Equality and Disability and in 2022 ManpowerGroup was named one of the World's Most Ethical Companies for the 13th year - all confirming our position as the brand of choice for in-demand talent.

 

Apply now in a few quick clicks

By clicking above, you consent to your information being processed by Appcast and transmitted to the employer. See our Privacy Policy and Job Seeker Terms of Use.