Qualified Security Assessor - 100% Remote

Summary: The role of Qualified Security Assessor involves addressing PCI-related gaps in client systems and processes, establishing a comprehensive PCI compliance framework, and ensuring alignment with PCI 4 requirements. The position requires extensive experience in IT and PCI DSS audits, along with the ability to implement remediation strategies and modernize PCI processes. The role is primarily remote, with potential hybrid arrangements in Morris Plains, New Jersey. The position is classified as outside IR35.

Key Responsibilities:

• Work on Client identified PCI-related gaps in many of its systems and processes
• Transform the enterprise to evangelize PCI Compliance as a standard operating procedure.
• Establish Program Framework
• Define organizational roles & responsibilities
• Update critical processes, e.g. scope/descope
• Work on FY26 plan & budget forecast
• Discover and Document Enterprise Landscape
• Prioritize past audit findings
• Establish Remediation Framework and plan
• Deploy automation for data lineage, dependency and impact analysis
• Create program metrics and governance framework
• Build complete PCI / Non-PCI asset inventory
• Elaborate PCI related policies and procedures
• Initiate design and implementation for priority items
• Define Tokenization, Encryption & Key Management Strategies
• Ensure alignment with PCI 4 requirements
• Transition to PCI as core discipline
• Preform PCI Scope Reduction
• Modernize and embed PCI Processes
• Integrate enterprise compliance

Key Skills:

• Must be Certified PCI DSS QSA from PCI Security Standards Council.
• 10+ years overall experience as an IT Professional Infrastructure, Security, Data Engineering and/or Multi-tiered complex application architecture
• 5+ years of experience with PCI DSS audits
• Expert in PCI DSS standards and compliance requirements
• Must be able to determine whether the system is subject to PCI audit
• Clear experience and ability to identify technical, process and documentation requirements to descope systems
• Demonstrated experiences partnering with clients to remediate PCI findings including descoping systems, securing PCI data and ensuring documentation compliance
• Experience establishing PCI compliance programs within complex organizations with a broad range of technology platforms
• Banking, Payments and/or Financial Services experience
• Experience with diverse technology platforms and heterogenous systems (Window/.Net, SQL Server, Java, Linux, Oracle, Cobol, Mainframe, AS400/I-Series, other)
• Strong understanding of Infrastructure storage and network architecture and design for PCI compliance
• Experience with designing/implementing Encryption, Tokenization and other data security mechanisms to either descope systems or bring into compliance
• Excellent verbal and written communication skills
• Must be able to travel for client meetings

Salary (Rate): undetermined

City: undetermined

Country: USA

Working Arrangements: remote

IR35 Status: outside IR35

Seniority Level: undetermined

Industry: IT