PCI Security Standards Council, LLC
**Remote working opportunity**
The PCI Security Standards Council (PCI SSC), the global leader in standards development for payment data card security and provider of training for payment security companies, is seeking a quality assurance strategist with a global perspective to leverage their expanding international partnerships. The Director will both strategize and execute the vision for operational excellence and scalability.
As a remote working opportunity in a small, entrepreneurial environment, the successful candidate will demonstrate a willingness to operate within a flexible culture in a company that is experiencing a significant inflection point in its growth cycle. The abilities both to navigate within a changing dynamic and to operationalize systems for a sustainable structure will be keys to long-term success for this mission critical role.
Reporting directly to the Vice President of Operations, the Director of Quality Assurance Programs will play a lead role in the administration and ongoing operations of the Quality Assurance components of the Qualified Security Assessor (QSA), Approved Scanning Vendor (ASV), Payment Application Qualified Security Assessor (PA-QSA), PCI Forensic Investigator (PFI), and PIN Transaction (PTS) Security Requirements by contributing to various technical development projects and maintaining a robust quality assurance program. In this capacity, the Director of Quality Assurance Programs will use former audit experience to manage staff who exhaustively review reports provided by assessors to their clients and work closely with these security vendors to resolve issues. The Director of Quality Assurance Programs will use proven team leadership experience to oversee and develop QA policies and strategies for the support of existing and future standards and certification programs.
- Provides strategic direction on the operational effectiveness of QA program and scalability of processes on a global level;
- Creates formal documentation of workflow processes to ensure consistency in quality assurance;
- Facilitates and directs team projects; manages resources, fosters open dialogue and holds staff accountable for their work;
- Ensures team completes the evaluation of reports performed by PCI SSC approved security companies including PCI DSS Reports on Compliance (ROC), Approved Scanning Vendor (ASV), and PCI PA-DSS Reports of Validation (ROV);
- Document and present QA findings to leadership and the PCI SSC;
- Consults on reports prior to ROC submission
- Consults with PA-QSAs on report submissions
- Provide Quality Assurance guidance on new and future Standards and program evolution
- Provide status reports for consistent findings and proposed solutions;
- Interact with QSA, PA-QSA, PFI and ASV security professionals to confirm findings and resolve misunderstandings resulting from the review;
- Work in a team environment to analyze the QA test process and help develop procedural strategies for reviewing reports and services;
- Help ensure relevant test coverage and appropriate sampling;
- Participate as an integral part of the team, exhibiting ownership, follow through, initiative, awareness and effective communication with peers and management
- Continually learn, actively share knowledge and foster exchange of skills;
- Proactively identify opportunities to improve the quality of reporting and usability of that information;
- Contribute to newsletters, whitepapers, QA reports, Report on Compliance (ROC) and other written communication sent by the Council as needed;
- Perform ad hoc projects as required;
- Be willing to participate in minimal travel (up to 15%);
- Other duties as assigned.
- Bachelor’s degree required, Master’s degree preferred.
- Minimum of 10+ years of hands-on security assessment, quality assurance, or PCI DSS experience;
- Must have experience in quality assurance on a global scale
- Candidate must have at least five years of QA Lead experience and a year of managing a team of at least seven resources.
- Outstanding interpersonal skills and with strong public speaking abilities
- Industry certifications (such as CISSP, CISA, CISM);
- Understanding of information systems and networking diagrams;
- Experience evaluating the security infrastructure for large enterprise merchants or service providers;
- Working knowledge of the financial industry and the lifecycle of payment card transactions;
- Working experience with software development methodologies and practices;
- Working knowledge of audit methodologies and security assessment tools;
- Demonstrated project management experience;
- Methodical and organized; able to manage multiple opportunities, projects, and partners concurrently;
- Excellent written and oral communication skills, can express thoughts clearly, knows how to listen and is able to contribute in a team environment;
- Deep analytical skills enabling comprehension and development of complex business and technical issues, topics and plans;
- Able to multi-task and work independently with minimum supervision to meet firm deadlines;
- Flexible, proactive, quick to learn and possessing a can-do attitude;
- A blend of curiosity, creativity, persistence, commitment, passion and optimism.
- As a QA Lead for a PCI DSS or CISP PABP project;
- Proven QA Management experience of seven plus staff.
- As a PCI Qualified Security Assessor and/or CISP Qualified Payment Application Security Professional (QPASP)
- Evaluating various information systems, networks and/or payment applications
- Scanning networks for vulnerabilities such as an Approved Scanning Vendor (ASV)
- Testing and documenting software security lifecycle from development to deployment
- Demonstrating writing skills (e.g. QA reports, Report on Compliance (ROC), whitepapers, etc.)
- Working with a diverse group of security professionals with various roles and responsibilities
- Understanding the financial and payment card processing industries
For Immediate Consideration
This is a retained search. Email cover letter, resume and salary requirements to Shira Harrington at firstname.lastname@example.org.