Security Compliance PCI Auditor

Company: The Judge Group ( Learn More )

General Information
Not Specified
Not Specified
Not Specified
Job Description Our client is currently seeking a Security Compliance PCI Auditor

The Information Security Compliance candidate will be responsible for helping demonstrate compliance posture relative to Information Security within the company and to external parties by driving continued compliance efforts with external and internal requirements. This includes maintaining the security controls required primarily by PCI and other regulatory compliance frameworks.

This role’s responsibilities include:

  • Support the identification, implementation, and maintenance of security controls required by PCI, and other regulatory compliance frameworks in a collaborative manner with other key stakeholders
  • Participate in the development and oversight of required corrective action plans relating to security compliance and PCI issues
  • Provide oversight in order to monitor and maintain and GRC platform (Archer)
  • Support security assessments, develop mitigation plans, and work with internal project managers to assign responsibility
  • Establish and manage the security risk assessment for new and ongoing projects and advise on architectures, security, and mitigating controls.
  • Understand technical implementation details necessary to assess and design practical security controls in conjunction with other functional areas
  • Partner with team members and cross functional groups to ensure programs align with PCI compliance requirements
  • Assist with responding to external PCI auditor requests inquiring about security posture
  • Promote security compliance internally while maintaining core values of transparency, fairness and trust
  • Required Experience

  • 8 - 10 years of experience in information security, preferably in the audit & compliance related fiel
  • Experience with PCI Compliance, preferably as an active Internal Security Assessor (ISA) or Qualified Security Assessor (QSA)
  • Deep understanding of PCI Data Security Standards and other security frameworks such as ISO 27000 Series, NIST, etc.
  • Experience working with GRC platforms – Archer GRC v6 strongly preferred
  • Experience in performing information security risk assessments
  • Strong foundation in and in-depth technical knowledge of security engineering, computer and network security, authentication, and security controls
  • Strong understanding of most of the following common security compliance frameworks, controls, and best practices:, OWASP Top 10, SANS CIS Critical Security Controls, (SSAE 16 - SOC 2 and 3; regulations governing personally identifiable information (PII), and other applicable regulatory compliance frameworks
  • History of successful engagements with external auditors for various compliance audits
  • In-depth understanding of network and system security technology and practices across all major-computing areas
  • Security certifications desired such as CISA, CISSP, CISM, CRISC, ISO 27001 etc.
  • Job Requirements