Information Security Compliance
8 - 10 years experience • IT Consulting/Services
Job Title: Information Security Compliance
Location: Framingham, MA (Boston)
Duration: PERM POSITION ONLY
******Need candidates that have a lot of PCI background, preferably someone who has been a QSA (Qualified Security Assessor – aka PCI Auditor)
Consult Security Compliance
The Information Security Compliance candidate will be responsible for helping demonstrate Client compliance posture relative to Information Security within the company and to external parties by driving Client’s continued compliance efforts with external and internal requirements. This includes maintaining the security controls required primarily by PCI and other regulatory compliance frameworks.
This role’s responsibilities include:
· Support the identification, implementation, and maintenance of security controls required by PCI, and other regulatory compliance frameworks in a collaborative manner with other key stakeholders
· Participate in the development and oversight of requiredcorrective action plans relating to security compliance and PCI issues
· Provide oversight in order to monitor and maintain and Clients GRC platform (Archer)
· Supportsecurity assessments, develop mitigation plans, and work withinternal project managers to assign responsibility
· Establish and manage the securityrisk assessment for new and ongoing projects and advise on architectures, security, and mitigating controls.
· Understand technical implementation details necessary to assess and design practical security controls in conjunction withother Client functional areas
· Partner with team members and cross functional groups to ensure programs align with PCI compliance requirements
· Assist with responding to external PCI auditor requests inquiring about Clients security posture
· Promote security compliance internally while maintaining client core values of transparency, fairness and trust.
· 8 - 10 years of experience in information security, preferably in the audit & compliance related field
· Experience with PCI Compliance, preferably as an active Internal Security Assessor (ISA) or Qualified Security Assessor (QSA)
· Deep understanding of PCI Data Security Standards and othersecurity frameworks such as ISO27000 Series, NIST, etc.
· Experienceworking with GRC platforms – Archer GRC v6 strongly preferred
· Experience in performing information securityrisk assessments
· Strong foundation in and in-depth technical knowledge of securityengineering, computer and networksecurity, authentication, and security controls
· Strong understanding of most of the following common security compliance frameworks, controls, and best practices:, OWASP Top 10, SANS CIS Critical Security Controls, (SSAE 16 - SOC 2 and 3; regulations governing personally identifiable information (PII), and other applicable regulatory compliance frameworks
· History of successful engagements with external auditors for various compliance audits
· In-depth understanding of network and system securitytechnology and practices across all major-computing areas
· Security certifications desired such as CISA, CISSP, CISM, CRISC, ISO27001 etc.