PCI DSS Compliance & Security Consultant

Title: PCI DSS Compliance & Security Consultant
Job Location: Hybrid in Minneapolis, MN or Possibility for Remote
Employment Type: Contractual (6-8 months), depending on the project

We have a few critical needs on which we need your support, and I would really appreciate if your team could line up some qualified candidates here at the earliest.

Key Responsibilities
Minimum experience required 4-5 years in Information Security, with 2+ years dedicated to PCI DSS compliance and implementation
PCI DSS Scoping & Gap Analysis
Define and validate the cardholder data environment (CDE).
Conduct detailed PCI DSS readiness assessments and identify control gaps.
Provide scoping guidance across on-premises, cloud, and hybrid environments.
Implementation & Remediation
Develop remediation roadmaps and work with IT/security teams to close gaps.
Guide in implementing PCI DSS controls across:
Network security (firewalls, segmentation, IDS/IPS, WAF)
Access control & identity management
Encryption, key management, and tokenization
Logging, monitoring, and SIEM integration
Secure application development and testing practices
Vulnerability management and penetration testing programs
Audit & Documentation Support
Prepare compliance artifacts: policies, procedures, risk assessments, evidence packs.
Support SAQ (Self-Assessment Questionnaire) and ROC (Report on Compliance) preparation.
Work directly with QSAs during external assessments.
Map PCI DSS controls with other frameworks (ISO 27001, SOC 2, HIPAA, NIST CSF) to streamline compliance efforts.
Stakeholder Engagement
Act as a subject matter expert (SME) for PCI DSS requirements.
Advise client stakeholders (CISO, IT leads, risk managers) on best practices.
Conduct training and awareness sessions for client teams

Required skills & Knowledge:

PCI DSS Expertise
Strong working knowledge of PCI DSS v4.0 (and previous versions).
Proven experience leading PCI DSS compliance programs end-to-end.
Familiarity with merchant/acquirer environments and service provider obligations.

Technical Skills
PCI DSS implementation experience (AWS, Azure, Google Cloud Platform).
Solid understanding of secure coding, DevSecOps, and application security.
Strong vulnerability management and penetration testing knowledge.

Compliance & Audit
Experience preparing for QSA audits, ROC, and SAQ submissions.
Familiarity with risk management frameworks.

Soft Skills
Excellent documentation and report writing abilities.
Strong communication skills with technical and non-technical stakeholders.
Ability to work independently and drive client engagement.
Experience in multicultural/global client environments is a plus.

Skills & Competencies
Strong analytical, problem-solving, and decision-making skills.
Ability to interpret and apply regulatory guidelines and operational risk frameworks.
Excellent communication and interpersonal skills, with proven stakeholder engagement.
Strong knowledge of Microsoft Office (Word, Excel, Outlook) and basic database management.
Ability to prepare and present reports to management and boards.
Strategic thinker with the ability to link risk management practices to organizational goals.
Detail-oriented with excellent time management and ability to handle multiple priorities.
CISA / CISM