logo image

Control Gap Job Board

PCI Qualified Security Assessor (QSA)

Description

We’re looking for talented and experienced PCI Qualified Security Assessors (QSA) to grow our team. If you’re an Information Security Consultant who excels in challenging and changing environments, and has recent experience working as a PCI QSA, we have an excellent opportunity for you.

As part of the Control Gap team, you’ll work with high-profile clients in various industries and collaborate with a team of highly-skilled security consultants on challenging projects, large and small. We analyse, assess and design effective security controls to help clients achieve Payment Card Industry (PCI) compliance, privacy compliance, and to improve enterprise-wide security.

As a subject matter expert, you’ll advise clients on data security to help prevent potential security breaches before they occur. We provide services onsite at our client sites and also remotely, therefore some travel should be expected.

We value strong knowledge of information security controls and principles, privacy frameworks, the Payment Card Industry Data Security Standard (PCI DSS). You also must have exceptional written and verbal skills with real world work experience as a consultant.

Our intent is to have you grow with us while maintaining your elite Payment Card Industry Qualified Security Assessor (PCI QSA) certification, and other valuable industry security and audit related certifications.

Our people are our most valuable assets and we believe in fostering career development and growth opportunities for every individual on our team. We also offer a competitive benefits package and an excellent work environment that encourages team work. 

Responsibilities:
  • Conducting various Report on Compliance (ROC) and Self Assessment Questionnaire (SAQ) compliance assessments, and providing advice and consultation including risk assessments and gap analysis.
  • Lead meetings, chair conference calls, action follow-ups, and proactively interact with clients to move projects forward to ultimate completion 
  • Creating professional reports for our clients that detail your assessment findings, and your advice
  • Consulting with clients to help them understand our findings and their remediation options
  • Providing advisory and input on security architecture with regards to PCI.
  • Assisting our sales team with pre-sales activities, proposal creation, needs analysis, and solution design
  • Attending industry events and leading webinars
  • Working with multiple clients on a number of projects
  • Writing summaries and executive briefs
  • Travel to company offices and client work sites across Canada and United States

Education and Work Experience:
  • Degree in Information Security or related field is an asset
  • Minimum 2 years of experience as a PCI QSA in good standing
  • Minimum 5- 7 years of experience in an Information Technology field
  • Minimum 5- 7 years of experience working in Information Security domains
  • Minimum 5-7 years of experience measuring security controls, IT auditing, business processes, providing advice, and/or related security consulting experience

Industry Certifications:
  • PCI QSA, PCI PA-QSA, PCI P2PE, or PCI ISA is required
  • CISA and/or CISSP certifications is an asset
  • Multiple industry certifications in the Information Security/Audit is an asset

Technical Skills:
  • Ability to lead PCI Reports on Compliance assessments individually or with a team, including CDE scoping, assessment planning, governance reviews, onsite assessment activities, status reporting, report writing, and managing customer resources with the support of our project management team
  • Experience with Information Technology systems
  • Experience with various information security concepts, including; network and wireless security, application security, industry best practices, systems hardening, data encryption, data privacy, incident response, business continuity, physical security, risk assessments, vulnerability scanning, penetration testing, file integrity monitoring, log monitoring, and documented security governance controls (i.e. policies, processes, standards, procedures)
  • Experience with a variety of security products and technologies
  • Experience with industry best practices and standards such as CIS and NIST, including security hardening techniques
  • Good understanding of Unix, Linux, Windows and database server configurations
  • Good understanding of networking systems configurations, including firewalls
  • Good understanding of application architecture, software development lifecycle processes, including secure coding techniques
  • Good understanding of server virtualization technologies, including AIX, ZOS, and SAN storage systems

Soft Skills:
  • Exceptional customer service, communication and interpersonal skills
  • Strong written and verbal communication skills.
  • Strong organizational skills
  • Strong time management skills
  • Honesty and integrity
  • Dedication to providing solutions to meet or exceed client's needs and expectations
  • Ability to handle challenges and project work loads

Benefits:
  • Company paid medical and dental benefits and wellness plan
  • Company paid continuing professional education and certification maintenance
  • 4 weeks of paid vacation, with 5 weeks of paid vacation after 5 years of service
  • Company team building events throughout each year
  • RRSP contribution
  • Control Gap offers custom-built state of the art tools and a proven processes that allows our assessors to be comfortable, efficient, and organized while providing excellent audit quality.

Work Options:
  • You must possess reliable transportation to travel to company offices and to client work sites
  • Flexible work options, including working from home or Fully remote.

Know someone who would be a perfect fit? Let them know!