Position: Payment Card industry Qualified Security Assessor
Location: Columbus, OH (Mostly remote with occasional visits in Ohio)
Visa: Any Visa except TN/CPT
Interview Type: Webcam
Job Description
Initial project duration is three (3) years with possibility of 2-year further extension.
I. Project Overview
The Ohio Turnpike and Infrastructure Commission seeks to procure the services of a certified Payment Card industry (PCI) Qualified Security Assessor (QSA) to complete its annual Report on Compliance (ROC) according to the most current version of the Payment Card Industry Data Security Standard (PCI DSS). This includes an assessment of all systems, sub-systems, and applications associated with the credit card payment process. Proposals should take great care to fully explain services for the quoted costs and differentiate themselves from their competitors.
The Consultant will perform PCI DSS certification for one (1) PCI Level 1 merchant, provide subject matter expertise and guidance to OTIC internal PCI team in performing its annual certification, assist with clarifying PCI requirements, and provide guidance on the applicability of requirements.
II. Scope of Services
Provide services which may include, among others that may be defined during the course of the contract, the following:
PCI DSS level 1 certification for OTIC
Subject matter expertise and guidance to OTIC team in performing PCI DSS certification
Guidance on how to meet the technical requirements under PCI DSS
Review of physical and logical network diagrams to determine flow of payment card data
Assistance with preparation of Responsibility Matrices among OTIC and various toll system integrators
Review of credit card data devices and network infrastructure against the various PCI requirements
Control observation, review and validation
Identification of risks that may lead to non-compliance with PCI DSS requirements
Policy and Procedures guidance and input
In-field physical site security assessments of OTIC locations
Design and/or delivery of supplemental PCI DSS training materials such as videos, presentations, learning portal content, or written documentation
Documentation of steps needed to remediate any gaps in compliance
Participation in project or program management and planning activities
Create reusable structures to streamline future certification effort
Develop templates and artifacts to aid in future certification efforts
Other related services as request by OTIC
Seniority level
Entry level
Employment type
Full-time
Job function
Accounting/Auditing and Finance
Industries
Information Technology & Services
Referrals increase your chances of interviewing at SmartIPlace by 2x