PCI Internal Security Assessor (ISA)

PCI Internal Security Assessor (ISA)

Title: PCI (Payment Card Industry) Internal Security Assessor

Work type: 6 – 12-month contract

Industry: Banking & Financial Services

Work location: Hybrid (remote and in-office) - Applications open to resident Caribbean nationals.

Role overview:

The PCI Internal Security Assessor (ISA) is responsible for ensuring compliance with the Payment Card Industry Data Security Standard (PCI DSS). This role involves assessing, monitoring, and enforcing security measures to safeguard cardholder data and maintain PCI compliance across systems and processes. The ISA will collaborate closely with both internal stakeholders and external entities to uphold a secure environment, mitigate risks, and strengthen overall security posture.

Responsibilities:

PCI DSS Compliance Management:

• Conduct regular internal assessments and audits to confirm compliance with PCI DSS.
• Develop and implement policies, procedures, and controls supporting PCI compliance.
• Act as the internal PCI DSS contact and ensure all required security controls are in place.
• Coordinate with external Qualified Security Assessors (QSA) to facilitate annual PCI DSS certification audits.

Risk Assessment and Mitigation:

• Identify and evaluate potential risks within cardholder data environments, providing recommendations for mitigation.
• Implement necessary security controls to address gaps found during assessments.
• Ensure continuous compliance by overseeing vulnerability scans, penetration testing, and security reviews.

Documentation and Reporting:

• Prepare and maintain detailed documentation, including PCI DSS policies, procedures, and reports.
• Document assessment findings, corrective actions, and compliance status.
• Manage submission of Self-Assessment Questionnaires (SAQs) and Attestation of Compliance (AOCs) as needed.

Training and Awareness:

• Deliver internal PCI DSS training to emphasize the importance of compliance and security measures.
• Offer guidance to departments on security best practices related to PCI DSS.

Collaboration and Communication:

• Work with teams across projects, enterprise security, technology, and other relevant departments to align PCI DSS compliance with broader security policies.
• Stay updated on PCI DSS changes and industry best practices.
• Present PCI DSS compliance status updates to senior management and external stakeholders.
• Serve as a liaison between internal teams and external vendors involved with cardholder data processing.

Qualifications:

• Education: Bachelor’s degree in Information Security, Computer Science, or a related field (or equivalent work experience).
• Experience: 3-5 years in information security, PCI compliance, or a related field; prior experience as an ISA, QSA, or in a similar role is highly valued.

Certifications:

• Preferred: Certified PCI Internal Security Assessor (ISA) or Certified PCI Professional (PCIP).
• Additional credentials like CISSP, CISM, CISA, or CEH are advantageous.

Skills and Competencies:

• Strong knowledge of PCI DSS requirements and data security best practices.
• Familiarity with security frameworks (e.g., NIST, ISO 27001) and technologies (e.g., firewalls, IDS/IPS).
• Proficient analytical, problem-solving, and project management skills.
• Effective communicator with cross-functional collaboration abilities.
• Skilled in using security assessment tools (e.g., vulnerability scanners, SIEM).
• Detail-oriented and capable of handling sensitive information confidentially.

Additional Requirements:

Occasional travel may be required for audits or compliance reviews.