PCI Qualified Security Assessor; QSA

As a Qualified Security Assessor (QSA), you will deliver security assessments and provide consulting services to a wide range of clients against industry standards such as PCI DSS, ISO, HIPAA, and NIST.

Scottsdale, AZ Remote Full-time Compliance Services

As a Qualified Security Assessor (QSA), you will deliver security assessments and provide consulting services to a wide range of clients against industry standards such as PCI DSS, ISO, HIPAA, and NIST. In addition, the QSA will prepare executive and technical level reports for clientele detailing the assessment findings, including any security gaps, and help to identify solutions to improve the client s security posture.

This role is a remote position with minimal travel requirements.

• Provide practical recommendations for information security and governance around a diverse range of technology and compliance drivers, which include ISO, PCI, and HIPAA.
• Perform comprehensive technical audits such as PCI DSS, ISO
  27001/27002, NIST 800-53/171/CSF, and HIPPA Security for Megaplan
  
  IT clients.
• Provide Trusted Advisory Services and Policy and Procedure Development during auditing engagements.
• Develop reports that detail compliance gaps for all assessments, including risk severity level, systems impacted, business risk summary, and recommendations for remediation.
• Create roadmaps to achieve full compliance before a formal audit via gap assessment techniques with prioritized remediation steps, estimated work efforts, and associated timelines.
• Manage and drive evidence gathering for all standards  requirements and advise clients on how to achieve compliance.
• Review Deliverables with clients and provide remediation guidance and advisory on beneficial services that could align with industry trends and support compliance (i.e., technical solutions).
• Serve as a Subject Matter Expert, providing knowledge and assistance in a broad range of security, risk, and compliance fields.
• Assist Business Development/Sales team by answering operational and technical questions related to areas, including PCI DSS, PCI SSF (SLC, Secure Software), ISO
  27001/27002, Policy and Procedure, Penetration Testing, and HIPAA compliance.
• Support security practice offerings in pre-sales and post-sales roles.
• Assist with developing and managing internal and external delivery processes, procedures, and methodologies.
• Develop and maintain positive relationships with client personnel.
• Maintain high morale by contributing to an effective, positive work environment.
• Navigate through the professional development process and participate in timely reviews, goal setting, and additional training and certification plans.
• Deliver work that meets or exceeds expectations based on a solid understanding of the client s business and needs.
• Maintain effective communication between other consultants, management, and client stakeholders.
• Participate in industry conferences and professional organizations.
• Provide additional value for clients by offering constructive insights and consultative advice based on personal experience with the client, their industry, established standards, and leading practices.
• Demonstrate a high level of commitment to client success, as shown by responding promptly to changes in client expectations both professionally and effectively.

• Pass criminal background check.
• Possess sufficient information security knowledge and experience to conduct technically complex security assessments.
• Possess a minimum of one year of experience in each of the following information security disciplines:
  Application security, Information systems security, Network security
• Possess a minimum of one year of experience in each of the following audit/assessment disciplines: IT security auditing, Information security risk assessment or risk management
• Possess at least one of the following accredited, industry-recognized professional certifications. List A (Information Security): (ISC)2 Certified Information System Security Professional (CISSP), ISACA Certified Information Security Manager (CISM), Certified ISO 27001 Lead Implementer. List B (Audit): ISACA Certified Information Systems Auditor (CISA), GIAC Systems and Network Auditor (GSNA), Certified ISO 27001 Lead Auditor or Internal Auditor, IRCA ISMS Auditor or higher (e.g., Auditor/Lead Auditor, Principal Auditor), IIA Certified Internal Auditor (CIA).
• Possess knowledge about PCI DSS and all applicable published documents on the PCI SSC website.
• Able to multi-task and work independently with minimum supervision to meet client deadlines.
• Be flexible, proactive, quick to learn, and possess a can-do attitude.
• Excellent written and oral communication skills with the ability to express their thoughts clearly, know how to listen, and be able to contribute to a team environment.
• Proven experience conducting enterprise risk and security assessments
• Ability to conduct IT audits that include reviewing policies, process and procedure design, and information security…