27 applicants

Company

MegaplanIT · 13 hours ago

Senior Security Consultant - PCI-QSA

United States

Full-time

Remote

Senior Level

5+ years exp

Maximize your interview chances

Cloud SecurityCompliance

Insider Connection @MegaplanIT

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Provide practical recommendations for information security and governance around a diverse range of technology and compliance drivers which include ISO, PCI, and HIPAA.

Perform comprehensive technical audits such as PCI DSS, ISO27001/27002, NIST 800-53/171/CSF, and HIPAA Security for MegaplanIT Holdings, LLC clients.

Provide Trusted Advisory Services as well as Policy and Procedure Development during auditing engagements.

Develop reports that detail compliance gaps for all assessments, including risk severity level, systems impacted, business risk summary, and recommendations for remediation.

Create roadmaps to achieve full compliance prior to a formal audit via gap assessment techniques with prioritized remediation steps, estimated work efforts, and associated timelines.

Manage and drive evidence gathering for all standards’ requirements and advise clients on how to achieve compliance.

Review Deliverables with clients, to provide guidance on remediation actions and advisory services that could be of benefit with regard to industry trends around achieving and maintaining compliance (i.e., technical solutions).

Serve as a Subject Matter Expert, providing knowledge and assistance in a broad range of security, risk, and compliance fields.

Assist Business Development/Sales team by answering operational and technical questions related to but not limited to PCI DSS, PCI SLC, PCI SSF, ISO27001/27002, Policy and Procedure, Penetration Testing, and HIPAA compliance.

Support security practice offerings in pre-sales and post-sales roles.

Assist with developing and managing internal and external delivery processes, procedures, and methodologies.

Develop and maintain positive relationships with client personnel.

Maintain high morale by contributing to an effective, positive work environment.

Ability to guide oneself through a professional development process, including timely completion of reviews and goal setting for additional training and certification.

Deliver work that meets or exceeds expectations based on a strong understanding of the client’s business and needs.

Maintain effective communication between other consultants, management, and client stakeholders.

Participate in industry conferences and professional organizations.

Provide additional value for clients by offering constructive insights and consultative advice based on personal experience with the client, their industry, established standards, and leading practices.

Demonstrate a high level of commitment to client success as shown by responding promptly to changes in client expectations both professionally and effectively.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Qualified Security AssessorPCI DSSISO 27001HIPAANISTInformation SecurityEnterprise Risk AssessmentIT AuditingRisk ManagementCISSPCISMISO 27001 Lead ImplementerCISAGSNAISO 27001 Lead AuditorCIAApplication SecurityInformation Systems SecurityNetwork SecurityProactive LearningTechnical Writing

Required

Minimum of 5 years previous experience conducting assessments as a fully qualified QSA

Pass criminal background check.

Possess sufficient information security knowledge and experience to conduct technically complex security assessments.

Possess a minimum of one year of experience in each of the following information security disciplines: Application security, Information systems security, Network security.

Possess a minimum of one year of experience in each of the following audit/assessment disciplines: IT security auditing, Information security risk assessment or risk management.

Possess at least one of the following accredited, industry-recognized professional certifications from each list: List A – Information Security (ISC)2 Certified Information System Security Professional (CISSP), ISACA Certified Information Security Manager (CISM), Certified ISO 27001 Lead Implementer 1; List B – Audit ISACA Certified Information Systems Auditor (CISA), GIAC Systems and Network Auditor (GSNA), Certified ISO 27001, Lead Auditor, Internal Auditor 1, IRCA ISMS Auditor or higher (e.g., Auditor/Lead Auditor, Principal Auditor), IIA Certified Internal Auditor (CIA).

Possess knowledge about PCI DSS and all applicable documents on the PCI SSC Website.

Able to multi-task and work independently with minimum supervision to meet client deadlines.

Must be flexible, proactive, quick to learn, and possess a can-do attitude.

Excellent written and oral communication skills with the ability to express their thoughts clearly, know how to listen, and be able to contribute to a team environment.

Proven experience conducting enterprise risk and security assessments.

Ability to conduct IT audits with regard to policies, process and procedure design, and information security aspects of privacy and regulatory compliance standards.

Be able to communicate compliance, information security, and technology issues clearly to business and technical clientele.