Payment Card Industry Qualified Security Assessor (PCI QSA)
Location: Remote Canada
Business Team: Risk, Security & Privacy
You will join our Risk, Security and Privacy Practice as a Payment Card Industry Qualified Security Assessor (PCI QSA). You will work closely with our clients to understand their business, technologies, and processes so that you can assist in designing effective security controls to help them achieve PCI compliance, and to improve enterprise-wide security. As a subject matter expert, you'll advise clients on data security to help prevent potential security breaches before they occur.
What you'll do
- Conduct various information security and compliance assessments and analyses, and provide advice and consultation (e.g., PCI Assessments, Risk Assessments, Gap Analysis, and more).
- Lead meetings, chair conference calls, action follow-ups, and proactively interact with clients to move projects forward to ultimate completion (e.g., Report on Compliance, Attestation of Compliance).
- Create professional reports for our clients that detail your assessment findings and clearly articulate your advice.
- Consult with clients to help them understand our findings and their remediation options.
- Serve as Trusted Advisor and provide input on security architecture with regards to PCI and cybersecurity.
- Assist our sales team with pre-sales activities, proposal creation, needs analysis, and solution design.
- Attend industry events and lead webinars and Learning Hours.
- Write summaries and executive briefs.
What we'd like
- Ability to lead PCI assessments individually or with a team, including CDE scoping, assessment planning, governance reviews, onsite assessment activities, status reporting, report writing, and managing customer resources.
- Experience writing Reports on Compliance and Attestations of Compliance.
- Experience with various information security concepts, including network and wireless security, application security, industry best practices, systems hardening, data encryption, data privacy, incident response, business continuity, physical security, risk assessments, vulnerability scanning and penetration testing report reviews, file integrity monitoring, log monitoring, and documented security governance controls.
- Experience with industry best practices and standards such as PCI DSS, CIS, and NIST, including security hardening techniques.
- Good understanding of Unix, Linux, Windows, database server configurations, and storage solutions.
- Good understanding of networking systems configurations, including firewalls and other network components.
- Good understanding of application architecture and software development lifecycle processes, including secure coding techniques.
- Good understanding of server virtualization technologies (e.g., VMware, Hypervisor, Citrix Hypervisor, etc.).
- Good understanding of cloud environments (i.e., AWS, Azure, Google Cloud).
- Two+ years of experience as a PCI QSA in good standing.
- Seven+ years of experience measuring security controls, IT auditing, business processes, providing advice, and/or related security consulting experience.
- One Information Security certification (i.e., CISSP, CISM, or ISO 27001 Lead Implementer) strongly preferred.
- One Audit certification (i.e., CISA, GSNA, ISO 27001, Lead Auditor, Internal Auditor, IRCA ISMS Auditor, or CIA) strongly preferred.
What's in it for you?We have an amazing culture, supportive environment and team members who are both smart and fun to be around. We know everyone says that; but, if you join us, you'll be saying it too. We offer competitive compensation and benefits package:
- Professional Development budget and days.
- Tech-enablement program for home use.
- Career Mentor to help you grow in your career.
- RRSP/401K match program.
- Bonus programs to reward you for your accomplishments.
- Wellness program to help keep everyone healthy.
- Opportunities to connect - book clubs, game nights, Special Interest Groups, "Coffee & Code" for our developer friends, Team Meetings, and much more!