Remote PCI-DSS Assessor

Summary

The job is for a remote PCI-DSS Assessor with expertise in PCI-DSS 4.0 who will conduct assessments, identify vulnerabilities, and provide recommendations to clients. The ideal candidate should have a strong background in conducting assessments, audits, or compliance reviews, knowledge of information security principles, and professional certifications such as PCI-QSA, CISSP, CISA, or CISM.

Requirements

• Deep understanding and practical experience with the Payment Card Industry Data Security Standard (PCI-DSS) framework, with a focus on the recently released PCI-DSS 4.0 standard and the risk-based approach
• Proven experience in conducting PCI-DSS assessments, audits, or compliance reviews, preferably within a consulting or professional services environment
• Professional certifications such as PCI-QSA, CISSP, CISA, or CISM are highly desirable
• Strong attention to detail and the ability to manage multiple projects simultaneously

Responsibilities

• Conduct comprehensive assessments of clients' information security systems, processes, and controls to determine compliance with PCI-DSS 4.0 standards
• Review and evaluate clients' documentation, policies, and procedures to ensure alignment with PCI-DSS requirements, including the risk-based approach
• Perform technical evaluations of clients' network infrastructure, applications, and systems to identify vulnerabilities and potential security risks
• Collaborate with clients' teams to gather necessary evidence, interview key stakeholders, and conduct on-site inspections to validate compliance with PCI-DSS standards
• Prepare detailed assessment reports, highlighting findings, observations, and recommendations for remediation or improvements based on the risk-based approach
• Provide guidance and expertise to clients regarding the implementation of security controls and best practices to achieve and maintain compliance with PCI-DSS 4.0

Preferred Qualifications

• Strong knowledge of information security principles, best practices, and regulatory requirements
• Familiarity with industry-recognized security frameworks, such as ISO 27001, NIST Cybersecurity Framework, or COBIT
• Excellent technical skills, including the ability to assess network architecture, application security, and data protection controls
• Proficient in conducting interviews, gathering evidence, and performing on-site inspections to validate compliance
• Exceptional analytical and problem-solving abilities to identify vulnerabilities and recommend appropriate remediation measures
• Excellent written and verbal communication skills, with the ability to clearly articulate complex security concepts to technical and non-technical stakeholders