Employment Eligibility Statement Due to specific project and client requirements, this position is open to U.S. Citizens and U.S. Lawful Permanent Residents (s) . Sponsorship is not available at this time. OpenKyber evaluates all candidates in compliance with the Immigration and Nationality Act (INA) and EEOC guidelines . All hiring decisions are made without regard to race, color, religion, sex, gender identity, sexual orientation, national origin, age, disability, veteran status, or any other protected characteristic.
Role-PCI Qualified Security Assessor (QSA) Consultant Location- Remote (Preferably Long Island, NY) Contract- 6+ months & extendable Pay rate : $55/hr on W2/OpenKyber payroll (OR) $65/hr on C2C Role - PCI QSA Consultant / Payment Security & GRC Advis key words PCI DSS Consulting & Assessment. GRC & Security Framework Assessments preferred Skills Proven experience as a PCI QSA (Qualified Security Assessor) Must Have Strong working knowledge of: PCI DSS requirements (v3.x and v4.0) documentation Good to have Security audits and compliance assessments Risk management frameworks and control mapping Certifications PCI QSA CISA CRISC Min to Max Experience needed 8 to 12 years of experience Role Overview Client is seeking a highly experienced PCI Qualified Security Assessor (QSA) Consultant to lead and deliver end-to-end Payment Card Industry (PCI DSS) advisory, assessment, and validation services . This role focuses on guiding clients through PCI DSS compliance journeys , conducting formal validations (RoC/Client), and providing strategic security advisory across GRC, application security, and cloud risk domains . The ideal candidate will bring deep expertise in PCI DSS standards, audit execution, compliance strategy, and executive advisory , with the ability to translate regulatory requirements into actionable security and business outcomes.
Key Responsibilities 1. PCI DSS Consulting & Assessment (Core Function) Lead end-to-end PCI DSS compliance engagements , including: Gap assessments and readiness assessments Formal audits and validation activities Conduct PCI DSS assessments and produce: Reports on Compliance (RoC) Attestations of Compliance (Client) Advise clients on: PCI DSS scoping and segmentation strategies Compensating controls and requirement interpretation Perform impact assessments for PCI DSS version upgrades , including: Resource planning (people, tools, time) Required architecture and system changes
2. GRC & Security Framework Assessments Conduct compliance and maturity assessments across frameworks such as: PCI DSS (primary focus) NIST (CSF, 800-53, 800-171) ISO 27001 / 27002 HIPAA and other regulatory standards Perform: Security program evaluations Control gap analysis and remediation roadmaps
3. Application & Cloud Security Assurance (Optional) Lead Application Security Certification (AppSec/AppCert) initiatives: Black Box, Gray Box, and Crystal Box testing SDLC maturity assessments aligned to OWASP SAMM Conduct cloud risk assessments across: AWS, Azure, and Google Cloud Platform Evaluate: Cloud configurations, identity controls, and data protection mechanisms
4. Executive Advisory & Cyber Risk Quantification (Optional) Operate as a Security Program Advisor / Executive Consultant , providing: Strategic compliance roadmap guidance Risk posture insights to senior leadership Utilize frameworks such as: FAIR (Factor Analysis of Information Risk) for financial risk quantification Support board-level and C-suite communications , including: Risk reports Compliance status dashboards
5. E-Discovery, Audit Support & Documentation Support compliance and audit programs with: Evidence collection and validation Audit documentation and reporting Develop: Policies, standards, and procedures aligned with PCI DSS and GRC frameworks Deliver high-quality audit artifacts and technical reports
6. Operational Technology (OT) & Specialized Assessments (Optional) Conduct security assessments in OT/ICS environments , including: Passive network monitoring and traffic analysis Non-intrusive evaluation of control systems and networks
Required Skills & Experience Core PCI Expertise Proven experience as a PCI QSA (Qualified Security Assessor) Strong working knowledge of: PCI DSS requirements (v3.x and v4.0) Cardholder Data Environment (CDE) scoping and segmentation Experience producing: RoC and Client documentation GRC & Compliance Skills Hands-on experience with: Security audits and compliance assessments Risk management frameworks and control mapping Familiarity with: NIST, ISO 27001, HIPAA, and industry-specific standards Application & Cloud Security (optional) Experience in: SAST/DAST testing methodologies Secure SDLC governance Exposure to: Cloud platforms (AWS, Azure, Google Cloud Platform) Cloud compliance frameworks and risk models Tools & Platforms Experience with: App security tools (e.g., Burp Suite or equivalent) Compliance and audit management tools Risk quantification models (FAIR or similar) Certifications (Required/Preferred) PCI QSA certification (Required) Preferred: CISA (Certified Information Systems Auditor) CISM (Certified Information Security Manager) CRISC (Certified in Risk and Information Systems Control) Additional cloud or security certifications are a plus Soft Skills & Attributes Strong stakeholder engagement with CISO, CIO, and board-level stakeholders Ability to translate regulatory requirements into business-aligned outcomes Strong technical writing and audit report development skills Excellent communication and presentation skills High attention to detail and structured problem-solving approach Key Success Metrics Successful delivery of PCI DSS certifications (RoC/Client) Quality and defensibility of audit outputs Client satisfaction and repeat advisory engagements Ability to drive measurable compliance posture improvements
Notes :- All qualified applicants will receive consideration for employment without regard to race, color, religion, religious creed, sex, national origin, ancestry, age, physical or mental disability, medical condition, genetic information, military and veteran status, marital status, pregnancy, gender, gender expression, gender identity, sexual orientation, or any other characteristic protected by local law, regulation, or ordinance.
Benefits : OpenKyber offers a compensation package to all W2 employees that are competitive in the industry. It consists of competitive pay, the option to elect healthcare insurance (Dental, Medical, Vision), Major holidays and Paid sick leave as per state law. The rate/ Salary range is dependent on numerous factors including Qualification, Experience and Location.
For applications and inquiries, contact: hirings@openkyber.com
We have an immediate need for a Project Office Associate for our Long Island City location. Come join our team! We are looking to build services and capabilities through the growth of our key asset- our staff. Ranked among the nation's top A/E firms by Engineering...
...motivated individuals who align with our Core Values: Team First, Motivated to Move Forward, and Own Your Role. This role involves hands-on work in irrigation installation. If you are passionate about working outdoors and have a positive attitude, we want to hear from...
...Job Title: Locum Tenens OB/GYN Physician Location: North Carolina Position Overview: Our team is looking for an OB/GYN Physician to join our Medical Center in North Carolina on a 1-month locum tenens basis, beginning in late November 2024, with the possibility...
...develop professionally. ~ Employee Assistance Program: Life can be challenging at times, and were here to support you with our confidential Employee Assistance Program that offers counseling and resources for a variety of personal and professional needs. ~ Wellness...
...Champions. This is a perfect opportunity for those who excel in a supportive role and are committed to creating exceptional customer experiences from their home office. Key Responsibilities: Address and resolve customer inquiries with urgency and empathy. Ensure...