Job Description: PCI Internal Security Assessor (ISA)
Department: Enterprise Security & Technology Risk Management Location: Regionwide
Reports To: Chief Information Security Officer (CISO)
Employment Type: Full-time
Job Overview
The PCI Internal Security Assessor (ISA) is responsible for ensuring that our client from banking industry complies with the Payment Card Industry Data Security Standard (PCI DSS). The ISA will assess, monitor, and enforce the security measures necessary to protect cardholder data and maintain PCI compliance across all systems and processes. This role works closely with internal stakeholders and external parties to maintain a secure environment, mitigate risks, and improve overall security posture.
Key Responsibilities:
- Conduct regular internal assessments and audits to ensure the organization's compliance with PCI DSS.
Develop and implement PCI compliance policies, procedures, and controls.
- Serve as the internal point of contact for PCI DSS-related matters and ensure all applicable security controls are in place.
- Collaborate with the external Qualified Security Assessor (QSA) to facilitate annual PCI DSS certification audits.
Documentation and Reporting:
- Prepare and maintain comprehensive documentation, including policies, procedures, and reports required for PCI DSS compliance.
- Maintain comprehensive documentation of assessment findings, corrective actions, and compliance status.
- Manage the submission of the Self-Assessment Questionnaires (SAQs) and Attestation of Compliance documents (AOCs) as needed.
Qualifications:
Education:
- Bachelor’s degree in Information Security, Computer Science, or a related field (or
equivalent work experience).
- Minimum of 3-5 years of experience in information security, PCI compliance, or a related field.
- Previous experience as an ISA, QSA, or a similar role is highly desirable.
- Certified PCI Internal Security Assessor (ISA) or Certified PCI Professional (PCIP) certifications preferred.
Additional certifications such as CISSP, CISM, CISA, or CEH are a plus.
- Deep understanding of PCI DSS requirements and data security best practices.
- Familiarity with security frameworks (NIST, ISO 27001, CIS Controls) and security technologies (firewalls, IDS/IPS, encryption, etc.).
- Strong analytical, problem-solving, and project management skills.
- Excellent communication and interpersonal skills with the ability to work cross- functionally.
- Proficiency in using security assessment tools and techniques (e.g., vulnerability scanners, SIEM).
Other Requirements:
Ability to work independently and handle se