AddressHIR ING
Job Skills
Security Architect GRC, IT Architecture, IMS ESS Competency
Description
Security Track Consultant - PCI DSS Consultant
Job Summary
PCI Advisory Senior Consultants assist with a variety of technical security assessments, Including PCI DSS assessments. Senior Consultants work in close coordination with Managers and Directors..Senior Consultants are often responsible for performing fieldwork, collecting data, and developing draft deliverables.
Primary Duties & Responsibilities
- Performing Cybersecurity audits of Level 1 Merchants and Service Providers against the Payment Card Industry (PCI) Data Security Standard (DSS);
- Consulting organizations on proper PCI DSS remediation techniques and strategies while organizations work towards full compliance;
- Performing PCI DSS Readiness or Gap Assessments to identify current compliance status and consult organizations on the proper path moving forward;
- Performing SWIFT Assessments using the Customer Security Controls Framework (CSCF) (All architecture types);
- Conducting Network Security Architecture Reviews;
- Performing cloud security compliance reviews in the three main public cloud environments (AWS, Azure, and GCP);
- Developing information technology and security policies and procedures;
- Providing clients with trusted advisory services and guidance that will reduce their organizational risk and improve their overall cyber security posture; and
- Preparing reports and other deliverables, which contain strategy, technical analysis, and findings in connection with our Practice’s advisory and assessment engagements, also communicating these results to multiple levels of clients’ management.
- Drive superlative developer experience down to the last detail and build elegant, maintainable, well documented, and secure code
- The above duties and responsibilities are representative of the nature and level of work assigned and are not necessarily all-inclusive
Qualifications
- Bachelor's Degree or equivalent experience
- Degree in Computer Science, engineering, information systems or equivalent work experience and/or relevant certifications (e.g., CISSP, CISA, PCI-QSA) is required.
- 8-10 years of relevant experience in the field(s) of IT Audit or being a PCI QSA.
- Experience performing technical audits (sampling, auditing configuration data, etc.)
- Strong critical thinking and analytical skills, demonstrating an ability to understand and communicate complex client-business processes
- Ability to leverage available technical resources and tools (online and otherwise) to research and expand personal knowledge when needed
- Strong proficiency with Microsoft Windows and the Microsoft Office suite of products, (i.e., Excel, Word, and Outlook)
- Technical Skills & Proficiency
- General knowledge and familiarity with the following technologies and concepts:
- Firewalls, routers, switches, and load balancers (e.g., Palo Alto, F5, Cisco)
- Operating systems (e.g., Windows, Linux, Unix, iSeries)
- Remote access systems (e.g., multi-factor authentication)
- Databases (e.g., SQL, Oracle, DB2)
- IT governance, operations, and resource planning
- Information system and security architecture, including:
- Symmetric and asymmetric cryptography
- Systems Development Life Cycle (SDLC) and change management
- Information system implementation processes
- Systems administration and computer operations
- Threat and vulnerability management
- Incident response preparation and management
- Data backup and recovery practices
- Logical access controls (e.g., Active Directory)
