The goal for the Security Consultant is to become a Payment Card Industry Data Security Standard Qualified Security Assessor (PCI DSS QSA).
The Security Consultant participates and will lead security consultancy and assessment engagements with clients within the financial services and payment card industries.
Focusing on delivery of Payment Compliance services, which include but are not limited to: PCI Data Security Standard assessments, Support in PCI Specialized assessments (PCI PIN, PCI P2PE, etc.), SWIFT Gap analysis, Policy and procedure review, Advisory for audit preparation and remediation.
Starting with the information received from the sales team, independently carry out the estimate of the effort required to deliver a security service, reporting the result to the regional lead for approval.
Lead customer engagements and provide senior cyber security advice and services to a broad range of clients and industries.
Provide detailed analytical reporting, internal reporting metrics and program management.
Provide leadership and mentorship to Junior consultants.
Prepare, organize and support delivery by team members of engagements onsite and offsite including but not limited to gap analysis, security assessment, risk and/or compliance assessment using one or more industry or regulatory standard or framework.
Assess compliance related documentation including policies, procedures, standards and legislative directives.
Provide remediation support and guidance on the security aspects of the administration and maintenance of processes and documentation, infrastructure components, applications, services and security systems.
Deliver detailed reports following Integrity360’s reporting best practice and templates.
Ensure QA process for Payments Compliance standards is initiated and applied for relevant projects, in cooperation with QA and Backoffice team.
Establish new standards and reviews of existing documentation to ensure the correct application of the processes.
In cooperation with Practice Lead(s) and other consultants, estimate, plan and monitor team budget.
Provide regular status update to internal stakeholders (Practice Lead(s), PMO).
Participate in continuous improvement of internal processes (reporting tools, assessment automation etc.).
Participate in external conferences and promote Integrity360 by identifying important industry events.
Support marketing activities related to existing Professional Service portfolio and customer acquisition working in collaboration with marketing team.
Act as a communication point between regional team, other professional services teams, Customer Success and other departments.
Supports sales team in development and effort estimations for new opportunities (e.g. new and evolving industry standards).
Stay up to date on developments in the Payments Compliance realm, understanding new standards and regulations and their impact on Integrity360.
Requirements
Relevant Experience in Fintech industry and security standards and directives consultancy services (e.g. PCI DSS, PSD2, ISO 27001, SWIFT, etc.)
Cryptographic techniques including algorithms, key management, and key lifecycle.
Physical security techniques for high-security areas
Operating Systems hardening and administration (Linux/Unix, Windows).
Public key infrastructure (PKI) and the role and operations of a Certification Authority (CA) and Registration Authority (RA)
Hardware security modules (HSMs) operations, policies, and procedures
POI key-injection systems and techniques including key-loading devices (KLDs) and key management methods, such as Master/Session or DUKPT
Willingness to travel 30 – 40%
Excellent written and oral communication skills in German and English. Must be able to conduct engagements in both languages.
One or more of the following information security certifications: (ISC)2 Certified Information System Security Professional (CISSP) ISACA Certified Information Security Manager (CISM) Certified ISO 27001 Lead Implementer
One or more of the following audit certifications: ISACA Certified Information Systems Auditor (CISA) GIAC Systems and Network Auditor (GSNA) Certified ISO 27001, Lead Auditor, Internal Auditor IRCA ISMS Auditor or higher—e.g., Auditor/Lead Auditor, Principal Auditor IAA Certified Internal Auditor (CIA)