PCI-DSS Assessor

This position can be entirely remote and we can generally support a W2 or C2C relationship.

We are seeking a highly skilled and experienced PCI-DSS Assessor with deep expertise in the Payment Card Industry Data Security Standard (PCI-DSS) and a comprehensive understanding of the recently released PCI-DSS 4.0 standard. The ideal candidate will have a strong background in conducting assessments, audits, and compliance reviews, with a focus on implementing and evaluating the risk-based approach introduced in PCI-DSS 4.0. As a PCI-DSS Assessor, you will play a critical role in assessing our clients' information security systems, identifying vulnerabilities, and providing recommendations to enhance their overall security posture.

Responsibilities:

• Conduct comprehensive assessments of clients' information security systems, processes, and controls to determine compliance with PCI-DSS 4.0 standards.
• Review and evaluate clients' documentation, policies, and procedures to ensure alignment with PCI-DSS requirements, including the risk-based approach.
• Perform technical evaluations of clients' network infrastructure, applications, and systems to identify vulnerabilities and potential security risks.
• Collaborate with clients' teams to gather necessary evidence, interview key stakeholders, and conduct on-site inspections to validate compliance with PCI-DSS standards.
• Prepare detailed assessment reports, highlighting findings, observations, and recommendations for remediation or improvements based on the risk-based approach.
• Provide guidance and expertise to clients regarding the implementation of security controls and best practices to achieve and maintain compliance with PCI-DSS 4.0.
• Stay up to date with industry trends, emerging threats, and changes in the PCI-DSS framework, including the transition to a risk-based approach.
• Assist clients in developing remediation plans and monitoring their progress towards achieving compliance with PCI-DSS 4.0.
• Act as a subject matter expert and trusted advisor to clients, offering guidance and recommendations on security best practices, vulnerability management, and risk mitigation strategies.

Qualifications:

• Deep understanding and practical experience with the Payment Card Industry Data Security Standard (PCI-DSS) framework, with a focus on the recently released PCI-DSS 4.0 standard and the risk-based approach.
• Proven experience in conducting PCI-DSS assessments, audits, or compliance reviews, preferably within a consulting or professional services environment.
• Strong knowledge of information security principles, best practices, and regulatory requirements.
• Familiarity with industry-recognized security frameworks, such as ISO 27001, NIST Cybersecurity Framework, or COBIT.
• Excellent technical skills, including the ability to assess network architecture, application security, and data protection controls.
• Proficient in conducting interviews, gathering evidence, and performing on-site inspections to validate compliance.
• Exceptional analytical and problem-solving abilities to identify vulnerabilities and recommend appropriate remediation measures.
• Excellent written and verbal communication skills, with the ability to clearly articulate complex security concepts to technical and non-technical stakeholders.
• Professional certifications such as PCI-QSA, CISSP, CISA, or CISM are highly desirable.
• Strong attention to detail and the ability to manage multiple projects simultaneously.

If you are a dedicated professional with deep knowledge of the PCI-DSS 4.0 standard, experience in conducting assessments, and a passion for helping organizations achieve and maintain information security compliance, we invite you to apply for the position of PCI-DSS Assessor. Join our team and contribute to the security of our clients' payment card systems in this rapidly evolving landscape.