Manpower Engineering
Qualified Security Assessor (QSA)
Manpower Engineering, Denver, Colorado, United States, 80285
Job Description: Qualified Security Assessor (QSA)
Location:
100% Remote, travel up to 20%Pay Rate:
$125K - $175KPosition Type: Direct Hire (Billable Expert)Years of Experience:
5+ Years in Information Security, 3+ Years as QSACertification:
Current or former QSA Certified professional (within the past 6 years)Work Authorization:
Must reside in the USA, and be authorized to work for any employer
Job Description:
The Security Professional QSA will perform assessments of client's compliance with the Payment Card Industry Data Security Standard (PCI DSS) covering all phases of our defined compliance methodology. This individual will have extensive interactions relating to technical, procedural, and documentation controls with a wide range of technology and business functions that are required to be compliant. Activities may include assessing, managing, drivingand tracking all PCI compliance-related activities, including the identification of compliance gaps, the development of remediation plans, monitoring compliance status, and ultimate completion of Reports of Compliance (RoC), Self-Assessment Questionnaires (SAQ), and Attestations of Compliance (AoC) consistent with all PCI Standards Security Council (SSC) requirements and specifications.
The individual is expected to possess superior skills in problem-solving, project management, compliance/risk analysis, knowledge of information security processes and technology, technical report writing, and strong client handling and consultative skills. This professional should also have experience in more than one of the following skills: performing security assessments of networks, systems, policies, and processes; applying information security and risk-related frameworks (e.g.,ISO/IEC 27001/2, NIST 800-53, OWAP, etc.).
The successful candidate will be able to work effectively in both individual or team environments, and must be a self-starter, who is able to contribute to the overall success of the client delivery team.
Typical Duties:
Conduct PCI DSS compliance assessment, resulting in a Report on Compliance or Self-Assessment Questionnaire and the corresponding Attestation of Compliance for eitherConduct PCI DSS readiness assessment, providing guidance and recommendations in preparation for formal compliance assessmentInteract with various customer technical groups, business groups, subject matter experts, and key stakeholders to conduct interviews and identify and collect evidence required for the assessmentPerform other (non-PCI ) Security Assessments focused on security infrastructure technology, people and processes vs. requirements defined in common or proprietary security frameworksIdentify areas requiring remediation (i.e., issues or gaps) or potential areas of improvement within the compliance processDemonstrate critical thinking and creative analysis techniques in executing tests and distilling test results, and providing actionable recommendations for mitigation of gaps and improvements or enhancements to existing processes and proceduresMaintain and regularly communicate project status for stakeholder and management review.Create and deliver reports that effectively capture, explain, and communicate the results of assessments to varying technical and business audiencesContribute to the development of services, methodologies, and collateral materials (e.g., templates, marketing materials, SOW's, etc.) required to define and deliver the services of the practice.Basic Qualifications and Skills:
5+ years' experience in Information Security and performing compliance assessments3+ years' experience as a certified QSA (version 3.2.1 of the PCI DSS)Strong background in Information Technology InfrastructureMaintain a current security certification (i.e., CISSP, CISM, ISO 27001 Lead Implementor, METI - Registered Information Security Specialist)Maintain a current audit certification (i.e., CISA, GIAC GSNA, ISO 27001 Lead Auditor, IRCA ISMS LeadPrincipal Auditor, IIA Certified Internal Auditor)Ability to work collaboratively with key customer stake holder (e.g., process owners, technical resources ) and other team membersExcellent time management, written documentation, and oral presentation skillsAdditional Desired Qualifications and Skills:
Current QSA Certification - preferredFamiliarity with multiple security (NIST, ITIL, CobiT, ISO) and regulatory (HIPAA, GLBA, SOX, etc.)3 -5 years consulting experience preferredExperience or familiarity with Cloud environments andor Cloud SecurityExperience or familiarity with Application SecurityExperience or familiarity with Information systems securityExperience or familiarity with Network, design, configuration, and securityExperience or familiarity with conducting Risk AssessmentCollege degree in technical discipline desiredAdditional PCI SSC certifications (e.g., ASV, QPA, ISA, P2PE Assessor 3DES Assessor, etc.) is a plusExperience with Microsoft Office products and the ability to develop clear, concise presentation materials and reports using PowerPoint, Word, and ExcelWillingness to travelas needed to deliver to clients across the U.S.What's in it for you?
Pay Range = $95-115/HourRemote working environment with up to 20% travel to client locationsWhy should you choose Jefferson Wells?
Medical, Dental, Vision, 401kWeekly pay with direct deposConsultant Care supportFree training to upgrade your skillsDedicated Career Partner to help you achieve your career goalsAbout ManpowerGroup, Parent Company of: Manpower, Experis, Talent Solutions, and Jefferson WellsManpowerGroup® (NYSE: MAN), the leading global workforce solutions company, helps organizations transform in a fast-changing world of work by sourcing, assessing, developing, and managing the talent that enables them to win. We develop innovative solutions for hundreds of thousands of organizations every year, providing them with skilled talent while finding meaningful, sustainable employment for millions of people across a wide range of industries and skills. Our expert family of brands -
Manpower, Experis, Talent Solutions, and Jefferson Wells
-creates substantial value for candidates and clients across more than 75 countries and territories and has done so for over 70 years. We are recognized consistently for our diversity - as a best place to work for Women, Inclusion, Equality and Disability and in 2022 ManpowerGroup was named one of the World's Most Ethical Companies for the 13th year - all confirming our position as the brand of choice for in-demand talent.
Location:
100% Remote, travel up to 20%Pay Rate:
$125K - $175KPosition Type: Direct Hire (Billable Expert)Years of Experience:
5+ Years in Information Security, 3+ Years as QSACertification:
Current or former QSA Certified professional (within the past 6 years)Work Authorization:
Must reside in the USA, and be authorized to work for any employer
Job Description:
The Security Professional QSA will perform assessments of client's compliance with the Payment Card Industry Data Security Standard (PCI DSS) covering all phases of our defined compliance methodology. This individual will have extensive interactions relating to technical, procedural, and documentation controls with a wide range of technology and business functions that are required to be compliant. Activities may include assessing, managing, drivingand tracking all PCI compliance-related activities, including the identification of compliance gaps, the development of remediation plans, monitoring compliance status, and ultimate completion of Reports of Compliance (RoC), Self-Assessment Questionnaires (SAQ), and Attestations of Compliance (AoC) consistent with all PCI Standards Security Council (SSC) requirements and specifications.
The individual is expected to possess superior skills in problem-solving, project management, compliance/risk analysis, knowledge of information security processes and technology, technical report writing, and strong client handling and consultative skills. This professional should also have experience in more than one of the following skills: performing security assessments of networks, systems, policies, and processes; applying information security and risk-related frameworks (e.g.,ISO/IEC 27001/2, NIST 800-53, OWAP, etc.).
The successful candidate will be able to work effectively in both individual or team environments, and must be a self-starter, who is able to contribute to the overall success of the client delivery team.
Typical Duties:
Conduct PCI DSS compliance assessment, resulting in a Report on Compliance or Self-Assessment Questionnaire and the corresponding Attestation of Compliance for eitherConduct PCI DSS readiness assessment, providing guidance and recommendations in preparation for formal compliance assessmentInteract with various customer technical groups, business groups, subject matter experts, and key stakeholders to conduct interviews and identify and collect evidence required for the assessmentPerform other (non-PCI ) Security Assessments focused on security infrastructure technology, people and processes vs. requirements defined in common or proprietary security frameworksIdentify areas requiring remediation (i.e., issues or gaps) or potential areas of improvement within the compliance processDemonstrate critical thinking and creative analysis techniques in executing tests and distilling test results, and providing actionable recommendations for mitigation of gaps and improvements or enhancements to existing processes and proceduresMaintain and regularly communicate project status for stakeholder and management review.Create and deliver reports that effectively capture, explain, and communicate the results of assessments to varying technical and business audiencesContribute to the development of services, methodologies, and collateral materials (e.g., templates, marketing materials, SOW's, etc.) required to define and deliver the services of the practice.Basic Qualifications and Skills:
5+ years' experience in Information Security and performing compliance assessments3+ years' experience as a certified QSA (version 3.2.1 of the PCI DSS)Strong background in Information Technology InfrastructureMaintain a current security certification (i.e., CISSP, CISM, ISO 27001 Lead Implementor, METI - Registered Information Security Specialist)Maintain a current audit certification (i.e., CISA, GIAC GSNA, ISO 27001 Lead Auditor, IRCA ISMS LeadPrincipal Auditor, IIA Certified Internal Auditor)Ability to work collaboratively with key customer stake holder (e.g., process owners, technical resources ) and other team membersExcellent time management, written documentation, and oral presentation skillsAdditional Desired Qualifications and Skills:
Current QSA Certification - preferredFamiliarity with multiple security (NIST, ITIL, CobiT, ISO) and regulatory (HIPAA, GLBA, SOX, etc.)3 -5 years consulting experience preferredExperience or familiarity with Cloud environments andor Cloud SecurityExperience or familiarity with Application SecurityExperience or familiarity with Information systems securityExperience or familiarity with Network, design, configuration, and securityExperience or familiarity with conducting Risk AssessmentCollege degree in technical discipline desiredAdditional PCI SSC certifications (e.g., ASV, QPA, ISA, P2PE Assessor 3DES Assessor, etc.) is a plusExperience with Microsoft Office products and the ability to develop clear, concise presentation materials and reports using PowerPoint, Word, and ExcelWillingness to travelas needed to deliver to clients across the U.S.What's in it for you?
Pay Range = $95-115/HourRemote working environment with up to 20% travel to client locationsWhy should you choose Jefferson Wells?
Medical, Dental, Vision, 401kWeekly pay with direct deposConsultant Care supportFree training to upgrade your skillsDedicated Career Partner to help you achieve your career goalsAbout ManpowerGroup, Parent Company of: Manpower, Experis, Talent Solutions, and Jefferson WellsManpowerGroup® (NYSE: MAN), the leading global workforce solutions company, helps organizations transform in a fast-changing world of work by sourcing, assessing, developing, and managing the talent that enables them to win. We develop innovative solutions for hundreds of thousands of organizations every year, providing them with skilled talent while finding meaningful, sustainable employment for millions of people across a wide range of industries and skills. Our expert family of brands -
Manpower, Experis, Talent Solutions, and Jefferson Wells
-creates substantial value for candidates and clients across more than 75 countries and territories and has done so for over 70 years. We are recognized consistently for our diversity - as a best place to work for Women, Inclusion, Equality and Disability and in 2022 ManpowerGroup was named one of the World's Most Ethical Companies for the 13th year - all confirming our position as the brand of choice for in-demand talent.