PCI DSS QSA

We are looking for an experienced and motivated PCI DSS QSA to join our lively international team and work on projects for Europe's leading brands!

The PCI Qualified Security Assessor (QSA) will be responsible for conducting PCI DSS (Payment Card Industry Data Security Standard) compliance assessments for clients across various industries. The ideal candidate has in-depth knowledge of data security regulations, experience in IT security audits, and the ability to collaborate with clients to ensure compliance with PCI DSS standards.

Key Responsibilities

• Conduct PCI DSS Assessments: Perform audits and evaluations to verify clients’ adherence to PCI DSS standards, including technical and organizational requirements.
• Prepare Compliance Reports: Draft and deliver detailed Reports on Compliance (ROC) and Attestations of Compliance (AOC) with accuracy and clarity.
• Provide Client Guidance: Offer practical recommendations to enhance data security and address any compliance gaps identified during assessments.
• Project Management: Plan and manage assessment activities, coordinating with internal and external teams to meet deadlines.
• Risk Analysis: Identify and evaluate security risks related to the cardholder data environment.
• Training and Awareness: Support clients in understanding PCI DSS requirements and implementing security best practices.
• Regulatory Monitoring: Stay updated on changes to PCI DSS standards and other relevant security regulations.
• Cross-Functional Collaboration: Work with clients’ IT, risk management, and legal teams to ensure an integrated approach to compliance.

• Valid PCI QSA certification or equivalent experience in information security.
• At least 3-5 years of experience in IT security audits, compliance management, or security consulting.
• In-depth knowledge of PCI DSS standards and other security regulations (e.g., ISO 27001, GDPR).
• Technical expertise in areas such as networking, encryption, vulnerability management, and application security.
• Excellent written and verbal communication skills, with the ability to present technical information to non-technical audiences.
• Ability to manage multiple projects simultaneously and meet tight deadlines.
• Preferably, experience in industries such as fintech, retail, e-commerce, or payment services.

• Additional certifications such as CISSP, CISM, ISO 27001, RISS or CISA, GSNA, IRCA ISMA, CIA.
• Experience with vulnerability scanning tools.
• Knowledge of security frameworks like NIST or COBIT.
• Proficiency in foreign languages to support international clients.

ForFirm is an equal opportunities employer that values diversity within the company. Qualified applicants will receive consideration for employment without discrimination about race, religion, colour, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.