|Date Posted||March 25, 2021|
The Senior Security Assessor supports PCI Compliance, ISO, NIST, Risk Assessment, HIPAA, CCPA, GDPR project initiatives by undertaking risk assessments, advising on implementation of security measures, recommending appropriate risk mitigations, interpreting security policy and standards in the context of projects and business scenarios to help the business operate securely. This
role has a significant client consulting and management component in advising, defining client security requirements to industry best practice standards, and nd ensuring that all projects meet these requirements, or that exceptions and issues are noted and remediated as appropriate.
Essential Duties and Responsibilities
- Five or more (5+) years of experience in an IT security audit, assessment, and/or compliance role
- Strong knowledge of the PCI-DSS security standards
- Current or former PCI-QSA certification, with experience preparing and presenting Tier 1 and Tier 2 Reports on Compliance (ROCs)
- CISSP, CISM or ISO 27001 Lead Implementer
- CISA, GSNA, ISO 27001 Lead Auditor, IRCA ISMS Auditor or IIA CIA
- Assess existing controls to determine level of compliance to the PCI DSS standard, ISO, HIPAA, GDPR, NIST, FedRAMP etc. inclusive of: their maturity, state of compliance, and the risk associated with any findings.
- Supports PCI-DSS, Risk, NIST, ISO, FedRAMP, Cyber Security Compliance gap analyses and assessments.
- Support compliance privacy client
engagements and familiarity with GDPR, CCPA, PIPEDA or similar privacy frameworks.
- Supports sites in testing, documentation and issue resolution associated with cyber security programs
- Perform comprehensive threat/risk assessments and business impact analysis of current system, data, application and technology environments to determine possible internal and external threats to information assets, and identify security measures required to counter such threats
- Participate in the development and implementation of the enterprise security architecture and supporting security standards to ensure compliance with corporate policies, and relevant legislative and regulatory requirements
- Perform technical security reviews or assessments to ensure targeted systems, networks, applications and/or data are in compliance with corporate policies and standards
- Proven track record of successfully delivering business requirements to time and budget constraints
- A thorough understanding of the best practices of Cyber Security Compliance for services execution
- Knowledge of vendor/supplier contracts reviews
- Knowledge of Security Governance, Risk Management and Compliance
- Demonstrates advanced knowledge of the principles, best practices architecture and design approaches to applicable capabilities, services and standard controls that fall under the scope of the PCI-DSS
- Exposure as a QSA (Qualified Security Assessor), HITRUST, NIST, ISO, ITIL, CISSP or an ISA (Internal Security Assessor) would be a definite asset
- A university degree in Computer Science, Engineering, or a field which relates to the role
- Security certification such as CISSP, CISA, CISM, SANS GIAC - GSNA, ISO27001 Certified Lead Implementer/Lead Auditor/Internal Auditor, IRCA ISMS Auditor or higher, IIA Certified Internal Auditor (CIA)
- PCI QSA or ISA OR
- Five (5) + years of Information Security experience in Security Governance, Risk and Compliance practices and methodologies
- Experience with performing cyber security assessments and familiarity with industry cyber security tools or experience auditing systems
- Experience of security hardening techniques and policy development, particularly with regards to secure software development methodologies and process
- Previous experience in PCI-DSS, NIST, ISO compliance program including pre-assessment or assessment and gap remediation programs
To All Agencies: Please, no phone calls or emails to any employee of Specialized Security Services, Inc. outside of the Talent Acquisition Team. Agencies must have a valid fee agreement in place and they must have been assigned the specific requisition to which they submit resumes, by the Talent Acquisition Team. Any resume submitted outside of this process will be deemed the sole property of Specialized Security Services, Inc. and in the event a candidate is submitted outside of this policy is hired, no fee or payment of any kind will be paid.