Manager - PCI QSA

Job Description

You'll assist organizations in developing robust data protection programs to safeguard critical assets, particularly the cardholder data environments of RSM USI clients. Your team will focus on assessing, designing, and implementing cybersecurity risk management practices such as network segmentation, vulnerability management, data classification, encryption, de-identification, and sensitive data monitoring solutions to ensure cyber regulatory alignment for data-rich organizations.

• Manage the timely delivery of engagement results and high-quality deliverables, adhering to professional and industry standards.
• Hands-on delivery and execution of project tasks for complex technology environments.
• Present project status, risk-based observations, and proposed solutions to clients senior management.
• As a first-choice advisor, cultivate and maintain relationships with stakeholders, identifying opportunities for technological and operational risk mitigation.
• Assess payment card compliance maturity and assist clients in building and implementing sustainable PCI compliance programs.
• Support organizations in developing and implementing information governance frameworks.
• Aid clients in designing and maintaining payment card industry and cyber compliance programs, including operational processes, technology, and guidelines.
• Identify opportunities to expand service scope within engagements and contribute to market-facing initiatives to attract new client prospects.
• Communicate strategic and tactical risks of account data protection, advanced security threats, enterprise security management practices, and innovative security solutions to clients.
• Translate complex technical issues into executive-style reports and presentations for senior management.
• Leverage industry and technical expertise to identify improvement opportunities for clients and support remediation services.
• Supervise, train, and mentor staff, coordinating with client resources as necessary.
• Assist in building the SPRC practice by expanding the team's size and skill set.
• Set performance expectations for staff and provide constructive feedback.
• Oversee and train junior team members during service delivery, ensuring quality and fostering growth.
• Support business development efforts to acquire new clients and expand existing relationships.
• Identify business opportunities and enhance go-to-market strategies.
• Advise area leadership on SPRC service line growth and market strategies.
• Participate in professional organizations and develop thought leadership in relevant cybersecurity topics for internal and external branding.
• Ensure revenue targets are met, and service offerings remain responsive to the evolving business environment.

• Active or former PCI QSA certification with experience preparing Level 1 and Level 2 PCI DSS Reports on Compliance (ROCs) or 3+ years of PCI DSS experience with one or more of the following certifications:
• (ISC)2 Certified Information System Security Professional (CISSP)
• ISACA Certified Information Security Manager (CISM)
• Certified ISO 27001 Lead Implementer 1
• (METI) Registered Information Security Specialist (RISS)
• ISACA Certified Information Systems Auditor (CISA)
• GIAC Systems and Network Auditor (GSNA)
• Certified ISO 27001 Lead Auditor
• IRCA ISMS Auditor or highere.g., Auditor/Lead Auditor, Principal Auditor
• IIA Certified Internal Auditor (CIA)
• Bachelor's degree in information technology, business, or related discipline from an accredited college/university.
• 5+ years of related work experience in cyber compliance consulting or equivalent advanced academic experience.
• Familiarity with cybersecurity program components and supporting workflows, such as:
• Regulatory monitoring
• Business requirements definition
• Data inventory and information flow mapping
• Cybersecurity risk management
• Third-party vendor management
• Interactions with consumers (data subject requests)
• Incident management and breach notifications
• Technical knowledge of network and IT infrastructure, application/database design, IT governance, risk management, incident response, and typical network/IT security components.
• Working knowledge of key cybersecurity compliance standards and regulations, including PCI DSS, NIST CSF, GLBA, etc.
• Proven people skills with experience operating in a professional services firm, large consultancy, or similar environment.
• Demonstrated ability to collaborate effectively, especially with cross-functional teams.

• Proven experience engaging with diverse organizational stakeholders, including management, business, marketing, HR, IT, and Legal teams.
• Advanced degree focused on data protection, privacy, or a related field.
• Strong written, oral, and presentation skills with an innovative mindset.
• Knowledge of PCI DSS practices in retail and financial services.
• Proven ability to work seamlessly in a virtual environment with globally dispersed team members.
• Creative thinking, individual initiative, and flexibility in navigating rapid changes in technology, regulation, and client needs.
• Commitment to staying updated with advancements, challenges, and discoveries in the Security and Privacy industry.