Cotton & Company LLP
Senior Information Security Consultant (QSA)
Cotton & Company LLP, Alexandria, Virginia, us, 22350
Overview
Senior Information Security Consultant (QSA) What to expect when you join the Sikich family Sikich cultivates a diverse and growth‑oriented culture. We believe that diverse perspectives and rewarding action accelerate innovation and drive growth for our clients, for our people, and for our communities. The professional services landscape is evolving. Sikich aims to cement its leadership in this industry and grow our organization with exciting client opportunities, creating a rewarding employee experience as a trusted provider of professional services. Are you ready to grow with us? Position Summary
Are you an experienced information security professional looking to make a significant impact? Join our dynamic team as a Sr. Information Security Consultant (QSA). This remote, full‑time role helps clients meet compliance obligations by evaluating business technology and operations against top security standards such as PCI DSS, NIST, and CMMC. You will produce detailed, high‑quality reports, own projects from start to finish, and mentor other consultants on best practices. As a Subject Matter Expert, you’ll help clients develop and maintain robust security programs, execute control reviews, and contribute to top‑level strategy decisions to drive high‑quality standards and client satisfaction. Responsibilities
Assist clients in meeting compliance obligations by evaluating business, technology, and operations against security standards (e.g., PCI DSS, NIST, CMMC). Produce detailed, high‑quality reports for clients and industry third parties (e.g., payment card brands and the PCI Security Standards Council). Take ownership of project work (e.g., PCI DSS assessments) from start to finish, including deliverables and work product. Mentor and coach other consultants on PCI compliance and security best practices. Serve as a SME to Sikich customers assisting them with developing and/or maintaining their security program. Develop and maintain technology policies, procedures, and standards addressing strategies, regulations, business and technology risks, and industry standards. Execute control reviews across technology and business teams to address risk and compliance against various frameworks (SSA E18 SOC2; NIST CSF, CIS, ISO27001, etc.). Assist clients in meeting compliance obligations by evaluating business, technology, and operations against security standards (e.g., HIPAA, PCI, NIST, CMMC). Contribute to assessment methodology, project planning, reporting, budgeting, and scheduling. Share expertise to help shape strategy and engagement scope; provide clear, organized findings and track progress toward resolution. Analyze requirements and work with team members to produce results aligned to client needs; collaborate with the project team to ensure high‑quality standards. Learn from the Security group and contribute tools, industry news, and lessons learned back to the team. Efficiently juggle several concurrent client projects; travel to client sites and events as needed (up to 50%). Qualifications
Bachelor's degree in computer science, information technology, or related field, or equivalent practical experience. Minimum of three years' experience performing security assessments for PCI compliance as a QSA. Current QSA certification from the PCI Security Standards Council, or ability to obtain it within one month of hire. Audit or security certifications (e.g., CRISC, CRMP, CISSP, CISM, CISA) preferred. Strong experience in assessing, developing, and implementing cybersecurity risk management programs that integrate with Enterprise Risk Management. Ability to present security concepts and findings to technical and functional audiences. Willingness to obtain additional professional certifications; membership in relevant organizations (e.g., OWASP, InfraGard, ISSA) desired. Strong analytical and problem‑solving skills with excellent written and verbal communication. Ability to work independently and with clients and teams, managing multiple projects and deadlines. Willingness to travel up to 50% of the time to client sites as needed. Specific skills/experience include servant leadership, solutions focus, collaboration, trust, and impact thinking. About Sikich
Sikich is a global company specializing in Accounting, Advisory, and Technical professional services. With employees worldwide, Sikich is one of the largest professional services companies in the United States. Our broad range of skills enables us to provide insights and transformative strategies to strengthen our clients’ businesses. Sikich Total Rewards
We offer competitive compensation and benefits, wellness programs, flexible time off, and a focus on health, wellbeing, and work‑life balance. The midpoint base salary for this role is $123,150; actual offers vary based on experience, commission, and geographic location. Some examples of our benefits: Flexible Time Off policy; PTO starts on day one Paid holidays and year‑end time off when project work allows Wellness programs with rewards We also offer: Flexible work arrangements Health, dental, vision, life, and disability insurance options HSA employer contribution Nine paid holidays annually Parental bonding leave 401(k) with employer contributions CPA bonus with paid exam and study days Tuition reimbursement Referral bonuses (employee and client) Pet insurance FORCE - Sikich community volunteer program (paid time for volunteering) Want to learn more? Visit our Careers site or Glassdoor profile. Sikich is an Equal Opportunity Employer M/F/D/V #li-remote Sikich adheres to applicable professional standards and regulations in its operations, including the AICPA Professional Code of Conduct. Sikich CPA LLC is a licensed CPA firm and is related to Sikich LLC for the provision of services.
#J-18808-Ljbffr
Senior Information Security Consultant (QSA) What to expect when you join the Sikich family Sikich cultivates a diverse and growth‑oriented culture. We believe that diverse perspectives and rewarding action accelerate innovation and drive growth for our clients, for our people, and for our communities. The professional services landscape is evolving. Sikich aims to cement its leadership in this industry and grow our organization with exciting client opportunities, creating a rewarding employee experience as a trusted provider of professional services. Are you ready to grow with us? Position Summary
Are you an experienced information security professional looking to make a significant impact? Join our dynamic team as a Sr. Information Security Consultant (QSA). This remote, full‑time role helps clients meet compliance obligations by evaluating business technology and operations against top security standards such as PCI DSS, NIST, and CMMC. You will produce detailed, high‑quality reports, own projects from start to finish, and mentor other consultants on best practices. As a Subject Matter Expert, you’ll help clients develop and maintain robust security programs, execute control reviews, and contribute to top‑level strategy decisions to drive high‑quality standards and client satisfaction. Responsibilities
Assist clients in meeting compliance obligations by evaluating business, technology, and operations against security standards (e.g., PCI DSS, NIST, CMMC). Produce detailed, high‑quality reports for clients and industry third parties (e.g., payment card brands and the PCI Security Standards Council). Take ownership of project work (e.g., PCI DSS assessments) from start to finish, including deliverables and work product. Mentor and coach other consultants on PCI compliance and security best practices. Serve as a SME to Sikich customers assisting them with developing and/or maintaining their security program. Develop and maintain technology policies, procedures, and standards addressing strategies, regulations, business and technology risks, and industry standards. Execute control reviews across technology and business teams to address risk and compliance against various frameworks (SSA E18 SOC2; NIST CSF, CIS, ISO27001, etc.). Assist clients in meeting compliance obligations by evaluating business, technology, and operations against security standards (e.g., HIPAA, PCI, NIST, CMMC). Contribute to assessment methodology, project planning, reporting, budgeting, and scheduling. Share expertise to help shape strategy and engagement scope; provide clear, organized findings and track progress toward resolution. Analyze requirements and work with team members to produce results aligned to client needs; collaborate with the project team to ensure high‑quality standards. Learn from the Security group and contribute tools, industry news, and lessons learned back to the team. Efficiently juggle several concurrent client projects; travel to client sites and events as needed (up to 50%). Qualifications
Bachelor's degree in computer science, information technology, or related field, or equivalent practical experience. Minimum of three years' experience performing security assessments for PCI compliance as a QSA. Current QSA certification from the PCI Security Standards Council, or ability to obtain it within one month of hire. Audit or security certifications (e.g., CRISC, CRMP, CISSP, CISM, CISA) preferred. Strong experience in assessing, developing, and implementing cybersecurity risk management programs that integrate with Enterprise Risk Management. Ability to present security concepts and findings to technical and functional audiences. Willingness to obtain additional professional certifications; membership in relevant organizations (e.g., OWASP, InfraGard, ISSA) desired. Strong analytical and problem‑solving skills with excellent written and verbal communication. Ability to work independently and with clients and teams, managing multiple projects and deadlines. Willingness to travel up to 50% of the time to client sites as needed. Specific skills/experience include servant leadership, solutions focus, collaboration, trust, and impact thinking. About Sikich
Sikich is a global company specializing in Accounting, Advisory, and Technical professional services. With employees worldwide, Sikich is one of the largest professional services companies in the United States. Our broad range of skills enables us to provide insights and transformative strategies to strengthen our clients’ businesses. Sikich Total Rewards
We offer competitive compensation and benefits, wellness programs, flexible time off, and a focus on health, wellbeing, and work‑life balance. The midpoint base salary for this role is $123,150; actual offers vary based on experience, commission, and geographic location. Some examples of our benefits: Flexible Time Off policy; PTO starts on day one Paid holidays and year‑end time off when project work allows Wellness programs with rewards We also offer: Flexible work arrangements Health, dental, vision, life, and disability insurance options HSA employer contribution Nine paid holidays annually Parental bonding leave 401(k) with employer contributions CPA bonus with paid exam and study days Tuition reimbursement Referral bonuses (employee and client) Pet insurance FORCE - Sikich community volunteer program (paid time for volunteering) Want to learn more? Visit our Careers site or Glassdoor profile. Sikich is an Equal Opportunity Employer M/F/D/V #li-remote Sikich adheres to applicable professional standards and regulations in its operations, including the AICPA Professional Code of Conduct. Sikich CPA LLC is a licensed CPA firm and is related to Sikich LLC for the provision of services.
#J-18808-Ljbffr