Position Summary

The Assessor role supports PCI Compliance, HITRUST, NIST, Risk Assessment project initiatives by undertaking risk assessments, advising on implementation of security measures, recommending appropriate risk mitigations, interpreting security policy and standards in the context of projects and business scenarios to help the business operate securely. This role has a significant component in defining security requirements and ensuring that all projects meet these requirements, or that exceptions and issues are noted and remediated as appropriate.


Responsibilities

  • Provide post-sales technical expertise during the installation, implementation, and maintenance of cyber security products, following detailed customer installation requirements
  • Assess existing controls to determine level of compliance to the PCI DSS standard, HITRUST, AND NIST,
  • inclusive of their maturity, state of compliance, and their level of protection
  • Supports PCI-DSS, HITRUST, NIST gap analyses and other proprietary assessments of business process
  • Supports sites in testing, documentation and issue resolution associated with cyber security programs
  • Perform comprehensive threat/risk assessments and business impact analysis of current system, data, application, and technology environments to determine possible internal and external threats to information assets, and identify security measures required to counter such threats
  • Participate in the development and implementation of the enterprise security architecture and supporting security standards to ensure compliance with corporate policies, and relevant legislative and regulatory requirement
  • Perform technical security reviews or assessments to ensure targeted systems, networks, applications and/or data are in compliance with corporate policies and standards


Qualifications

  • Proven track record of successfully delivering business requirements to time and budget constraints
  • A thorough understanding of the best practices for services execution
  • Knowledge of vendor/supplier contracts reviews
  • Knowledge of Security Governance, Risk Management and Compliance
  • Demonstrates advanced knowledge of the principles, best practices architecture and design approaches to applicable capabilities, services and standard controls that fall under the scope of the PCI-DSS
  • Exposure as a QSA (Qualified Security Assessor), HITRUST, NIST or an ISA (Internal Security Assessor) would be a definite asset


Education and/or Experience

  • A university degree in Computer Science, Engineering, or a field which relates to the role 
  • Security certification such as CISSP, CISA, CISM, SANS GIAC - GSNA, ISO27001 Certified Lead Implementer/Lead Auditor/Internal Auditor, IRCA ISMS Auditor or higher, IIA Certified Internal Auditor (CIA)
  • PCI QSA or HITRUST Preferred
  • Five (5) + years of Information Security experience in Security Governance, Risk and Compliance practices and methodologies
  • Experience with performing cyber security assessments and familiarity with industry cyber security tools or experience auditing systems
  • Experience of security hardening techniques and policy development, particularly with regards to secure software development methodologies and process
  • Previous experience in PCI-DSS, HITRUST, NIST compliance program including pre-assessment or assessment and gap remediation programs


This position has been filled. Would you like to see our other open positions?