This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more.

Role Description

We have a tremendous opportunity for a senior level client service professional to work as a Qualified Security Assessor in the Information Risk Management (IRM) team in Rochester, NY. This hands-on role would involve:

• Technical security assessments of applications and infrastructure
• Security design reviews
• Risk assessments

A qualified applicant would have strong technical skills from the hardware to the application layer. This is a remote position and can be located anywhere in the US.

Responsibilities

• Performing mid and large IT and information security risk and compliance assessments, PCI engagements, audits, gap analyses, and remediation
• Actively lead projects in the areas of PCI-DSS and ISO 27001
• Communicating with project stakeholders to effectively convey requirements of technical and process improvements
• Develop customized policies, procedures and controls, disaster recovery plans and technical documentation for applications, systems and infrastructure
• Possess an in-depth knowledge of IT security and various frameworks (i.e. PCI, ISO, NIST, CMMC etc.)
• Experience in managing policy exceptions, including working directly with the teams to document exceptions, identify compensating controls and remediation action plans

Qualifications

• Compliance: regulatory, privacy, international laws and statutory requirements
• Risk: risk frameworks, maturity models, and enterprise IT security risk methodologies
• Governance: vendor management, policy frameworks, control design and security design/architecture
• Security architecture: infrastructure, network and systems design
• Knowledge of and hands-on experience with PCI audits and PCI attestations

Requirements

• Communicate effectively across business and technical boundaries
• Work independently without detailed guidance
• Be proficient in writing executive level reports and technical documentation
• Frequent travel to client locations is required
• Must be PCI-QSA (Qualified Security Assessor) certified or have held the certification within the last three years
• At least one current Information Security certification (i.e. CISSP, CISM, ISO 27001:2022 Lead Implementer)
• At least one current IT Audit certification (CISA, GSNA, ISO 27001:2022 Lead Auditor, CIA)
• Minimum of an associate’s degree. BS degree is a plus
• Minimum 4 years of experience in the Cyber Security, Information Assurance, Enterprise Risk or Compliance field

Benefits

• This is a full-time remote opportunity
• Office hours are Monday through Friday from 8:00 a.m. until 5:00 p.m.
• Summer hours are Monday through Thursday from 8:00 a.m. until 5:00 p.m. and Friday from 8:00 a.m. until 12:00 p.m.
• Flexibility in working hours, with the ability to work additional hours at peak times