Employment Eligibility Statement
Due to specific project and client requirements, this position is open to U.S. Citizens and U.S. Lawful Permanent Residents (s). Sponsorship is not available at this time.
Danta Technologies evaluates all candidates in compliance with the Immigration and Nationality Act (INA) and EEOC guidelines. All hiring decisions are made without regard to race, color, religion, sex, gender identity, sexual orientation, national origin, age, disability, veteran status, or any other protected characteristic.
Role-PCI Qualified Security Assessor (QSA) Consultant
Location- Remote (Preferably Long Island, NY)
Contract- 6+ months & extendable
Pay rate : $55/hr on W2/Danta Technologies payroll (OR) $65/hr on C2C
Role - PCI QSA Consultant / Payment Security & GRC Advis
key words
PCI DSS Consulting & Assessment.
GRC & Security Framework Assessments
preferred Skills
Proven experience as a PCI QSA (Qualified Security Assessor)
Must Have
Strong working knowledge of: PCI DSS requirements (v3.x and v4.0) documentation
Good to have
Security audits and compliance assessments
Risk management frameworks and control mapping
Certifications
PCI QSA
CISA
CRISC
Min to Max Experience needed
8 to 12 years of experience
Role Overview
Client is seeking a highly experienced PCI Qualified Security Assessor (QSA) Consultant to lead and deliver end-to-end Payment Card Industry (PCI DSS) advisory, assessment, and validation services.
This role focuses on guiding clients through PCI DSS compliance journeys, conducting formal validations (RoC/Client), and providing strategic security advisory across GRC, application security, and cloud risk domains.
The ideal candidate will bring deep expertise in PCI DSS standards, audit execution, compliance strategy, and executive advisory, with the ability to translate regulatory requirements into actionable security and business outcomes.
Key Responsibilities
1. PCI DSS Consulting & Assessment (Core Function)
- Lead end-to-end PCI DSS compliance engagements, including:
- Gap assessments and readiness assessments
- Formal audits and validation activities
- Conduct PCI DSS assessments and produce:
- Reports on Compliance (RoC)
- Attestations of Compliance (Client)
- Advise clients on:
- PCI DSS scoping and segmentation strategies
- Compensating controls and requirement interpretation
- Perform impact assessments for PCI DSS version upgrades, including:
- Resource planning (people, tools, time)
- Required architecture and system changes
2. GRC & Security Framework Assessments
- Conduct compliance and maturity assessments across frameworks such as:
- PCI DSS (primary focus)
- NIST (CSF, 800-53, 800-171)
- ISO 27001 / 27002
- HIPAA and other regulatory standards
- Perform:
- Security program evaluations
- Control gap analysis and remediation roadmaps
3. Application & Cloud Security Assurance (Optional)
- Lead Application Security Certification (AppSec/AppCert) initiatives:
- Black Box, Gray Box, and Crystal Box testing
- SDLC maturity assessments aligned to OWASP SAMM
- Conduct cloud risk assessments across:
- AWS, Azure, and Google Cloud Platform
- Evaluate:
- Cloud configurations, identity controls, and data protection mechanisms
4. Executive Advisory & Cyber Risk Quantification (Optional)
- Operate as a Security Program Advisor / Executive Consultant, providing:
- Strategic compliance roadmap guidance
- Risk posture insights to senior leadership
- Utilize frameworks such as:
- FAIR (Factor Analysis of Information Risk) for financial risk quantification
- Support board-level and C-suite communications, including:
- Risk reports
- Compliance status dashboards
5. E-Discovery, Audit Support & Documentation
- Support compliance and audit programs with:
- Evidence collection and validation
- Audit documentation and reporting
- Develop:
- Policies, standards, and procedures aligned with PCI DSS and GRC frameworks
- Deliver high-quality audit artifacts and technical reports
6. Operational Technology (OT) & Specialized Assessments (Optional)
- Conduct security assessments in OT/ICS environments, including:
- Passive network monitoring and traffic analysis
- Non-intrusive evaluation of control systems and networks
Required Skills & Experience
Core PCI Expertise
- Proven experience as a PCI QSA (Qualified Security Assessor)
- Strong working knowledge of:
- PCI DSS requirements (v3.x and v4.0)
- Cardholder Data Environment (CDE) scoping and segmentation
- Experience producing:
- RoC and Client documentation
GRC & Compliance Skills
- Hands-on experience with:
- Security audits and compliance assessments
- Risk management frameworks and control mapping
- Familiarity with:
- NIST, ISO 27001, HIPAA, and industry-specific standards
Application & Cloud Security (optional)
- Experience in:
- SAST/DAST testing methodologies
- Secure SDLC governance
- Exposure to:
- Cloud platforms (AWS, Azure, Google Cloud Platform)
- Cloud compliance frameworks and risk models
Tools & Platforms
- Experience with:
- App security tools (e.g., Burp Suite or equivalent)
- Compliance and audit management tools
- Risk quantification models (FAIR or similar)
Certifications (Required/Preferred)
- PCI QSA certification (Required)
- Preferred:
- CISA (Certified Information Systems Auditor)
- CISM (Certified Information Security Manager)
- CRISC (Certified in Risk and Information Systems Control)
- Additional cloud or security certifications are a plus
Soft Skills & Attributes
- Strong stakeholder engagement with CISO, CIO, and board-level stakeholders
- Ability to translate regulatory requirements into business-aligned outcomes
- Strong technical writing and audit report development skills
- Excellent communication and presentation skills
- High attention to detail and structured problem-solving approach
Key Success Metrics
- Successful delivery of PCI DSS certifications (RoC/Client)
- Quality and defensibility of audit outputs
- Client satisfaction and repeat advisory engagements
- Ability to drive measurable compliance posture improvements
Notes:- All qualified applicants will receive consideration for employment without regard to race, color, religion, religious creed, sex, national origin, ancestry, age, physical or mental disability, medical condition, genetic information, military and veteran status, marital status, pregnancy, gender, gender expression, gender identity, sexual orientation, or any other characteristic protected by local law, regulation, or ordinance.
Benefits: Danta offers a compensation package to all W2 employees that are competitive in the industry. It consists of competitive pay, the option to elect healthcare insurance (Dental, Medical, Vision), Major holidays and Paid sick leave as per state law.
The rate/ Salary range is dependent on numerous factors including Qualification, Experience and Location.