Senior Security Consultant, QSA

Consulting & Advisory Services Remote (US)


Description

 

Senior Security Consultant, QSA

Location: Chicago or Remote US

About VikingCloud

VikingCloud is the leading Predict-to-Prevent cybersecurity and compliance company, offering businesses a single, integrated solution to make informed, predictive, and cost-effective risk mitigation decisions – faster. Powered by the Asgard Platform™, the industry’s largest repository of anonymized cybersecurity and compliance event data, we continuously monitor and analyze over 6+ billion online events every day.

VikingCloud is the one-stop partner trusted by 4+ million customers to provide the predictive intelligence and competitive edge they need to stay one step ahead of cybersecurity and compliance disruptions to their business. Our 1,000 dedicated cybersecurity and compliance expert advisors understand that it’s not just about technology. It’s about transacting business and delivering an exceptional customer experience every day, without fail. That’s the measurable value we deliver. And that’s what we call, Business Uninterrupted.

 

This Position

As a Qualified Security Assessor (QSA) you will provide assessments and consulting to our clients. The Senior Security Consultant will focus their efforts on client-facing delivery of various security regulatory and best practice consulting engagements, including PCI DSS, Secure Software (SSF), PIN, 3DS, P2PE, and Card Production Assessments. You will manage your own book of work and be the master of your own work schedule to the degree that it coincides with your clients’ requirements (that have been assigned to you) and delivery times required. You will conduct remote assessment activities and travel to client locations which usually last anywhere from 3-5 days for on-site activities over a 3–5-month timeframe for a single engagement. You will be working on an average of 3-4 active projects at any given time.

 

Responsibilities

  • Perform both consulting, advisory and assessment services.
  • Must maintain relevant certification required by industry and complete relevant ongoing continuing education required by certifications.
  • Provide competent and relevant cybersecurity, governance, compliance, risk, and auditing in the technical space in accordance with various regulations and standards.
  • Provide engagement management and high-level project management for delivery of services to multiple client which have been assigned to you by management.
  • Evaluate client compliance with regulations such as Payment Card Industry Data Security Standard (PCI DSS), ISO 27K series, NIST, or other compliance standards and frameworks.
  • Conduct audits and risk assessment based on National Institute of Science (NIST) standards like NIST Risk Management Framework, NIST Cyber Security Framework, NIST Privacy Framework, and International Standards organization (ISO) frameworks for risk and cybersecurity.
  • Consultative support with clients in using risk assessment and audit based on National Institute of Science (NIST) or ISO27002.
  • Sharing your expertise with clients and colleagues to aid in making decisions on topics like strategy and scope as well as deep and highly technical projects like web application architecture and security.
  • Providing clear, organized findings and recommendations to clients and tracking progress towards resolution and compliance.
  • Producing detailed, high-quality reports for clients and industry third parties like payment card brands and the PCI Security Standards Council.
  • Learning from our close-knit group of consultants as well as contributing your thoughts, tools, industry news or lessons learned.
  • Working with clients to implement practices to produce secure applications and identify and eliminate security vulnerabilities.
  • Working independently, undertaking information security engagements including working co-ordination and project management (client interaction, deliverables, work plans, escalation’s, etc.).
  • Growing the business by identifying up-sells with existing and potential clients.
  • Providing regular status reports on all projects assigned.
  • Being a team player and having the capability to expand having the capability to expand/adapt your skills in a fast-paced ever-changing industry.

Qualifications

  • Bachelor’s degree or similar, and/or at least seven (7) + years of experience in a consulting or audit role, alternatively have experience in Information Security or IT security.
  • MUST have active PCI DSS QSA certification needed
  • Have at least one industry-recognized professional certification from each list below:

 

 

List A: (ISC)2

-      Certified Information System Security Professional (CISSP)

-      ISACA Certified Information Security Manager (CISM)

-      Certified ISO 27001 Lead Implementer

 

List B:

-      ISACA Certified Information Systems Auditor (CISA)

-      Certified ISO 27001, Lead Auditor, Internal Auditor 1

-      IRCA ISMS Auditor or higher (e.g., Auditor/Lead Auditor, Principal Auditor)

-      IIA Certified Internal Auditor (CIA)

 

  • Experience working in sectors such as retail, banking, fintech, software development (or any other industry where card payments are accepted).
  • Strong understanding of IT infrastructure including applications, servers, databases, network devices and security solutions.
  • Strong understanding of IT and security processes including change control, patch management, vulnerability management, configuration management, incident response etc.
  • Experience with software development methodologies and practices.
  • Virtualization experience beneficial.
  • Cloud security (AWS, Oracle) experience beneficial.
  • Understanding of regulatory requirements and compliance issues affecting clients related to privacy and data protection.

We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, political affiliation or opinion, medical condition, status as a veteran, and/or any other federal, state, or local protected class.