Payment Card industry Qualified Security Assessor [Mostly Remote] - C2C/W2

Position: Payment Card industry Qualified Security Assessor

Location: Columbus, OH (Mostly remote with occasional visits in Ohio)

Visa: Any Visa except TN/CPT

Interview Type: Webcam

Job Description

Initial project duration is three (3) years with possibility of 2-year further extension.

I.    Project Overview

The Ohio Turnpike and Infrastructure Commission seeks to procure the services of a certified Payment Card industry (PCI) Qualified Security Assessor (QSA) to complete its annual Report on Compliance (ROC) according to the most current version of the Payment Card Industry Data Security Standard (PCI DSS). This includes an assessment of all systems, sub-systems, and applications associated with the credit card payment process. Proposals should take great care to fully explain services for the quoted costs and differentiate themselves from their competitors.

The Consultant will perform PCI DSS certification for one (1) PCI Level 1 merchant, provide subject matter expertise and guidance to OTIC internal PCI team in performing its annual certification, assist with clarifying PCI requirements, and provide guidance on the applicability of requirements.

II.   Scope of Services

Provide services which may include, among others that may be defined during the course of the contract, the following:

•      PCI DSS level 1 certification for OTIC
•      Subject matter expertise and guidance to OTIC team in performing PCI DSS certification
•      Guidance on how to meet the technical requirements under PCI DSS
•      Review of physical and logical network diagrams to determine flow of payment card data
•      Assistance with preparation of Responsibility Matrices among OTIC and various toll system integrators
•      Review of credit card data devices and network infrastructure against the various PCI requirements
•      Control observation, review and validation
•      Identification of risks that may lead to non-compliance with PCI DSS requirements
•      Policy and Procedures guidance and input
•      In-field physical site security assessments of OTIC locations
•      Design and/or delivery of supplemental PCI DSS training materials such as videos, presentations, learning portal content, or written documentation
•      Documentation of steps needed to remediate any gaps in compliance
•      Participation in project or program management and planning activities
•      Create reusable structures to streamline future certification effort
•      Develop templates and artifacts to aid in future certification efforts
•     Other related services as request by OTIC