Empresa: Advantio
Provincia: Barcelona
Población:
Descripción:
Role
Due to our continued expansion we now have an immediate opening for a Security Consultant in Madrid and Barcelona.
Mission: to lead Cyber Security Consultancy engagements with clients and customer within financial services and payment card industries. Focusing on delivery of PCI DSS and/or PA-DSS Information Security compliance assessments, Cyber Security Maturity Assessments and ISO27001 engagements.
Responsibilities
Main:
Lead customer engagements and provide senior cyber security advice and services to a broad range of clients and industries.
Provide detailed analytical reporting, internal reporting metrics and program management.
Provide leadership and mentorship to Junior consultants.
Preliminary Analysis:
Identifying all the stakeholders, sponsors, technical references (e.g. IT Project Manager, Software Engineer, Security Analyst) of the client in order to define the initial conditions and the needs analysis
Gap Analysis and Scoping
Review and validation of the PCI DSS scope and network segmentation controls, payment application design and functionality
Review of all locations and flows of cardholder data, as well as asset inventories
Conducting PCI standards interviews to have a complete map of information/data workflows, processes and procedures, payment card data flow, information security controls
Conducting technical interviews to understand eventual data security problems from in-depth technical point of view
Producing Scoping and Gap Analysis Documentation
Remediation
Providing the customer with a remediation plan/gap report
Guiding and supporting all the remediation processes ensuring that the gaps are mitigated correctly
Formal Assessment
Conducting PCI DSS/PA-DSS related interviews with responsible employees in order to have a complete map of information/data workflows, processes and procedures, payment card data flows, application design and functionality
Conducting technical interviews to understand eventual data security problems from in-depth technical point of view
Analysis of network diagrams, asset lists to understand the infrastructure used by the customers
Analysis of Penetration Testing reports (PCI DSS Compliance Process) and/or performance of applications penetration tests and forensic analysis (PA-DSS Compliance Process) within ad-hoc penetration testing laboratories
Documentation
Preparation, validation and approval Reports on Compliance (RoC) and/or Reports of Validation (RoV) according to the standard templates provided by PCI SSC
Preparation, validation and approval of Attestation of Compliance (AoC) and/or Attestation of Validation (AoV) according to the standard templates provided by PCI SSC
Submission all the documentation to PCI SSC for the final approval in case of PA-DSS process (signed RoV, AoV, Implementation Guide and Vendor Release Agreement)
Knowledge and Skills (Security Consultant)
Information Security Experience
PCI DSS (PA-DSS, P2PE, PCI 3DS), GDPR
Virtualization
Cloud technologies
Authentication methods and techniques
Integrity controls
Networking
Operating Systems (Linux/Unix, Windows)
Values and Competencies
Problem Solving (analysis, helicopter view, problem setting, decision making)
Planning and Organization (time management, scheduling and control)
Communication (clearness, listening, persuasion)
Networking (reinforce relationships, use emotional intelligence and personal proximity)
Results Orientation (delivering solutions, work under pressures
Tecnologías: PCI, ISO
Tipo de Contrato:
Temporal
Salario: Sin especificar
Experiencia: 3 años
Funciones: Ciberseguridad
Formación mínima:
Licenciado
Descubre más: https://www.tecnoempleo.com/security-consultant-pci-barcelona/pci-iso/rf-c423v12f4aa14k4704da
