Job Description
Advantio is the recognised leader in the cyber security when it goes down to payment transactions, recognised as Europe’s second largest QSA (qualified security assessor) provider by VISA. With a range of solutions to suit varying regulatory requirements and budgets, Advantio is the security partner of choice of many large global corporates across vertical including but not limiting to Ingenico Group, Accor Hotels, Time Inc. etc.
As part of the consequent phase of Advantio’s aggressive expansion we have an immediate opening for a Senior Security Consultant.
Mission and Key Responsibilities:
To lead PCI DSS and/or PA-DSS Information Security compliance assessments.
Preliminary Analysis
Identifying all the stakeholders, sponsors, technical references (e.g. IT Project Manager, Software Engineer, Security Analyst) of the client in order to define the initial conditions and the needs analysis
Gap Analysis and Scoping
Review and validation of the PCI DSS scope and network segmentation controls, payment application design and functionality
Review of all locations and flows of cardholder data, as well as asset inventories
Conducting PCI standards interviews in order to have a complete map of information/data workflows, processes and procedures, payment card data flow, information security controls
Conducting technical interviews to understand eventual data security problems from in-depth technical point of view
Producing Scoping and Gap Analysis Documentation
Remediation
Providing the customer with a remediation plan/gap report
Guiding and supporting all the remediation processes ensuring that the gaps are mitigated correctly
Formal Assessment
Conducting PCI DSS/PA-DSS related interviews with responsible employees in order to have a complete map of information/data workflows, processes and procedures, payment card data flows, application design and functionality
Conducting technical interviews to understand eventual data security problems from in-depth technical point of view
Analysis of network diagrams, asset lists to understand the infrastructure used by the customers
Analysis of Penetration Testing reports (PCI DSS Compliance Process) and/or performance of applications penetration tests and forensic analysis (PA-DSS Compliance Process) within ad-hoc penetration testing laboratories
Documentation
Preparation, validation and approval Reports on Compliance (RoC) and/or Reports of Validation (RoV) according to the standard templates provided by PCI SSC
Preparation, validation and approval of Attestation of Compliance (AoC) and/or Attestation of Validation (AoV) according to the standard templates provided by PCI SSC
Submisson all the documentation to PCI SSC for the final approval in case of PA-DSS process (signed RoV, AoV, Implementation Guide and Vendor Release Agreement)
As part of the consequent phase of Advantio’s aggressive expansion we have an immediate opening for a Senior Security Consultant.
Mission and Key Responsibilities:
To lead PCI DSS and/or PA-DSS Information Security compliance assessments.
Preliminary Analysis
Identifying all the stakeholders, sponsors, technical references (e.g. IT Project Manager, Software Engineer, Security Analyst) of the client in order to define the initial conditions and the needs analysis
Gap Analysis and Scoping
Review and validation of the PCI DSS scope and network segmentation controls, payment application design and functionality
Review of all locations and flows of cardholder data, as well as asset inventories
Conducting PCI standards interviews in order to have a complete map of information/data workflows, processes and procedures, payment card data flow, information security controls
Conducting technical interviews to understand eventual data security problems from in-depth technical point of view
Producing Scoping and Gap Analysis Documentation
Remediation
Providing the customer with a remediation plan/gap report
Guiding and supporting all the remediation processes ensuring that the gaps are mitigated correctly
Formal Assessment
Conducting PCI DSS/PA-DSS related interviews with responsible employees in order to have a complete map of information/data workflows, processes and procedures, payment card data flows, application design and functionality
Conducting technical interviews to understand eventual data security problems from in-depth technical point of view
Analysis of network diagrams, asset lists to understand the infrastructure used by the customers
Analysis of Penetration Testing reports (PCI DSS Compliance Process) and/or performance of applications penetration tests and forensic analysis (PA-DSS Compliance Process) within ad-hoc penetration testing laboratories
Documentation
Preparation, validation and approval Reports on Compliance (RoC) and/or Reports of Validation (RoV) according to the standard templates provided by PCI SSC
Preparation, validation and approval of Attestation of Compliance (AoC) and/or Attestation of Validation (AoV) according to the standard templates provided by PCI SSC
Submisson all the documentation to PCI SSC for the final approval in case of PA-DSS process (signed RoV, AoV, Implementation Guide and Vendor Release Agreement)
Requirements
PCI DSS (PA-DSS, P2PE, PCI 3DS), GDPR
CISA or CISM certification (preferable)
Virtualization
Cloud technologies
Cryptography principles
Authentication methods and techniques
Integrity controls
Networking (routing, switching, firewall network filtering)
Operating Systems (Linux/Unix, Windows)
Required language(s) written/spoken:
·English FLUENT
Competencies :
Problem Solving (analysis, helicopter view, problem setting, decision making)
Planning and Organization (time management, scheduling and control)
Communication (clearness, listening, persuasion)
Networking (reinforce relationships, use emotional intelligence and personal proximity)
Results Orientation (delivering solutions, work under pressures
CISA or CISM certification (preferable)
Virtualization
Cloud technologies
Cryptography principles
Authentication methods and techniques
Integrity controls
Networking (routing, switching, firewall network filtering)
Operating Systems (Linux/Unix, Windows)
Required language(s) written/spoken:
·English FLUENT
Competencies :
Problem Solving (analysis, helicopter view, problem setting, decision making)
Planning and Organization (time management, scheduling and control)
Communication (clearness, listening, persuasion)
Networking (reinforce relationships, use emotional intelligence and personal proximity)
Results Orientation (delivering solutions, work under pressures
