Inabia Software & Consulting Inc.
PCI Qualified Security Assessor (QSA)
Inabia Software & Consulting Inc., Seattle, Washington, us, 98127
Overview
Job Description Location :
Seattle, WA Onsite Position Type :
Contract long Term Position Overview :
The Port of Seattle is seeking a certified PCI Qualified Security Assessor (QSA) to perform a comprehensive assessment of our compliance with the Payment Card Industry Data Security Standard (PCI DSS). The successful candidate will be responsible for evaluating our people, processes, and technologies to validate our security posture, identify gaps, and guide us toward achieving and maintaining full compliance. This role is critical in ensuring the secure handling of payment card data across our diverse operations. Key Responsibilities :
Conduct a thorough PCI DSS gap analysis and scoping exercise to identify all systems and processes involved with the storage, processing, or transmission of cardholder data (CHD). Perform on-site and remote assessments of the Port’s IT infrastructure, applications, and policies against all applicable PCI DSS requirements. Evaluate and validate the effectiveness of security controls, including network security, access control, encryption, vulnerability management, and logging / monitoring. Work collaboratively with internal IT, security, and business teams to gather evidence, clarify processes, and explain findings. Document the assessment procedures, evidence, and results in detail. Author a formal Report on Compliance (ROC) for submission to acquiring banks and payment card brands. Provide clear, actionable guidance and recommendations for remediation of any identified compliance gaps. Advise on best practices for maintaining ongoing PCI DSS compliance. Required Qualifications & Certifications :
Active PCI SSC Qualification: Must hold a current, valid PCI Qualified Security Assessor (QSA) certification issued by the PCI Security Standards Council (PCI SSC). Experience: Minimum of 5 years of experience in information security, IT audit, or risk management, with at least 3 years of hands-on experience leading PCI DSS assessments. Technical Expertise: Deep understanding of the PCI DSS requirements and their practical implementation in a complex organizational environment. Auditing Skills: Proven experience performing security assessments, interviewing personnel, reviewing evidence, and writing detailed reports (ROCs). Communication: Exceptional written and verbal communication skills, with the ability to articulate complex technical issues and compliance requirements to both technical and non-technical stakeholders. Preferred Qualifications :
Experience assessing large, complex organizations with diverse IT environments (e.g., airports, transportation hubs, retail, hospitality). Additional relevant certifications such as CISSP, CISA, CRISC, or CISM. Experience with other compliance frameworks (NIST, ISO 27001, SOC 2).
#J-18808-Ljbffr
Job Description Location :
Seattle, WA Onsite Position Type :
Contract long Term Position Overview :
The Port of Seattle is seeking a certified PCI Qualified Security Assessor (QSA) to perform a comprehensive assessment of our compliance with the Payment Card Industry Data Security Standard (PCI DSS). The successful candidate will be responsible for evaluating our people, processes, and technologies to validate our security posture, identify gaps, and guide us toward achieving and maintaining full compliance. This role is critical in ensuring the secure handling of payment card data across our diverse operations. Key Responsibilities :
Conduct a thorough PCI DSS gap analysis and scoping exercise to identify all systems and processes involved with the storage, processing, or transmission of cardholder data (CHD). Perform on-site and remote assessments of the Port’s IT infrastructure, applications, and policies against all applicable PCI DSS requirements. Evaluate and validate the effectiveness of security controls, including network security, access control, encryption, vulnerability management, and logging / monitoring. Work collaboratively with internal IT, security, and business teams to gather evidence, clarify processes, and explain findings. Document the assessment procedures, evidence, and results in detail. Author a formal Report on Compliance (ROC) for submission to acquiring banks and payment card brands. Provide clear, actionable guidance and recommendations for remediation of any identified compliance gaps. Advise on best practices for maintaining ongoing PCI DSS compliance. Required Qualifications & Certifications :
Active PCI SSC Qualification: Must hold a current, valid PCI Qualified Security Assessor (QSA) certification issued by the PCI Security Standards Council (PCI SSC). Experience: Minimum of 5 years of experience in information security, IT audit, or risk management, with at least 3 years of hands-on experience leading PCI DSS assessments. Technical Expertise: Deep understanding of the PCI DSS requirements and their practical implementation in a complex organizational environment. Auditing Skills: Proven experience performing security assessments, interviewing personnel, reviewing evidence, and writing detailed reports (ROCs). Communication: Exceptional written and verbal communication skills, with the ability to articulate complex technical issues and compliance requirements to both technical and non-technical stakeholders. Preferred Qualifications :
Experience assessing large, complex organizations with diverse IT environments (e.g., airports, transportation hubs, retail, hospitality). Additional relevant certifications such as CISSP, CISA, CRISC, or CISM. Experience with other compliance frameworks (NIST, ISO 27001, SOC 2).
#J-18808-Ljbffr