PCI Qualified Security Assessor

Overview

Remote
Accepts corp to corp applications
Contract - W2
Contract - Independent
Contract - 3 month(s)

Skills

Active QSA Certification
PCI DSS assessments
o PCI DSS v4.0 requirements
ROC
SAQ
AOC
remediation plans

Job Details

Position: PCI Qualified Security Assessor

Duration: Contract 3 Months

Location: King County, Washington (Remote)

About the Role

We are seeking an experienced PCI SSC Qualified Security Assessor (QSA) to lead the Annual PCI DSS v4.0 Compliance Assessment for King County. The QSA will serve as the primary assessor and trusted advisor to ensure the County maintains compliance with the Payment Card Industry Data Security Standard (PCI DSS v4.0) and will deliver the formal SAQ/ROC and Attestation of Compliance (AOC).

Key Responsibilities

  • Lead the end-to-end PCI DSS v4.0 assessment:
    • Define and document the cardholder data environment (CDE) and scope.
    • Plan and execute assessment activities (evidence collection, interviews, control testing).
    • Validate the County's existing compliance status and identify gaps.
  • Prepare and deliver required PCI documentation:
    • Self-Assessment Questionnaire (SAQ) / Report on Compliance (ROC).
    • Attestation of Compliance (AOC).
    • Gap Analysis Report: findings, risk ratings, corrective actions, owners, target dates, compensating controls.
  • Provide risk-based remediation guidance and advise on compensating controls when full compliance is not immediately feasible.
  • Collaborate with the County's security and IT teams, providing weekly status updates and clear executive reporting.
  • Support governance meetings by presenting findings and recommendations.

Required Qualifications

  • Active QSA Certification issued by the PCI Security Standards Council (PCI SSC) and currently associated with an approved QSA company.
  • 5+ years of hands-on PCI DSS assessments in large enterprise environments.
  • Proven ability to scope and validate complex cardholder data environments and connected systems.
  • Strong understanding of:
    • PCI DSS v4.0 requirements,
    • Payment application security,
    • Network segmentation and encryption controls,
    • Risk-based remediation approaches.
  • Experience working with government agencies, healthcare, or financial services preferred.
  • Strong documentation skills (ROC, SAQ, AOC, remediation plans).
  • Excellent written and verbal communication skills with ability to present to executives and technical teams.

Nice-to-Have

  • CISSP, CISM, CISA, or other security certifications.
  • Experience with remote evidence collection and secure collaboration tools (Microsoft Teams, SharePoint).
  • Prior consulting experience with U.S. local or state government clients.

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.