Senior Information Security Consultant - Madrid, España - Advantio

Advantio

Empresa verificada

Madrid, España

hace 1 día

Publicado por:

Isabel García

beBee Recruiter

Descripción

About Advantio

Established in 2009, Advantio maintains an extensive team of consultants and security testing experts to provide digital security and assurance to its customers.

Originally established as a payment compliance market leader, Advantio has grown from an established and leading payment security and compliance organisation in Europe to develop its comprehensive Cyber Security and Managed Security Services expertise - offering consultancy, products, and services to support organisations to first understand or their own cyber security related business risks and then by providing suitable and affordable solutions to manage those risks effectively and to remediate against threats proportionately.

Advantio primarily serves the FinTech and Payment Card industries and is recognised by VISA as one of Europe's top Qualified Security Assessor (QSA) providers.

Role Mission
To lead Security Consultancy engagements with clients within financial services and payment card industries.

Focusing on delivery of Payment Compliance services, which include but are not limited to:

PCI specialized assessment (PIN, P2PE, SSF, 3DS, etc.)
PCI DSS, Swift, PSD2 assessments,
GAP Analysis,
Policy and Procedure review.

Key Responsibilities

Lead customer engagements and provide senior cyber security advice and services to a broad range of clients and industries.
Provide detailed analytical reporting, internal reporting metrics and program management.
Provide leadership and mentorship to Junior consultants.

Preliminary Analysis

Identifying all the stakeholders, sponsors, technical references (e.g. IT Project Manager, Software Engineer, Security Analyst) of the client in order to define the initial conditions and the needs analysis

Gap Analysis and Scoping

Review of all locations and flows of cardholder data, as well as asset inventories
Conducting PCI standards interviews to have a complete map of information/data workflows, processes and procedures, payment card data flow, information security controls
Conducting technical interviews to understand eventual data security problems from indepth technical point of view Producing Scoping and Gap Analysis Documentation

Remediation

Providing the customer with a remediation plan/gap report
Guiding and supporting all the remediation processes ensuring that the gaps are mitigated correctly

Formal Assessment

Conducting technical interviews to understand eventual data security problems from indepth technical point of view
Analysis of network diagrams, asset lists to understand the infrastructure used by the customers

Documentation

Preparation, validation and approval Reports on Compliance (RoC) and/or Reports of Validation (RoV) according to the standard templates provided by PCI SSC
Preparation, validation and approval of Attestation of Compliance (AoC) and/or Attestation of Validation (AoV) according to the standard templates provided by PCI SSC
Submission all the documentation to PCI SSC for the final approval in case of PA-DSS/P2PE process (signed RoV, AoV, Implementation Guide and Vendor Release Agreement)

Knowledge and Skills (PCI QSA)

PCI QSA qualification
P2PE qualification and/or relevant Encryption experience would be a distinct advantage.
PCI DSS (PA-DSS, P2PE, PCI 3DS), GDPR Knowledge
Virtualization
Cloud technologies
Cryptography techniques including algorithms, key management, and key lifecycle.
Knowledge of industry standards for cryptographic techniques and key management, including but not limited to, ISO 11568 and 13491, ANSI X9.24 and X9.97, and NIST 1402 Level
Public key infrastructure (PKI) and the role and operations of a Certification Authority (CA) and Registration Authority (RA)
Hardware security modules (HSMs) operations, policies, and procedures
POI keyinjection systems and techniques including keyloading devices (KLDs) and key management methods, such as Master/Session or DUKPT
Physical security techniques for highsecurity areas
Relevant PTS Security Requirements (e.g., SRED, SCR, OP)
Authentication methods and techniques
Networking (routing, switching, firewall network filtering)
Operating Systems (Linux/Unix, Windows)

Values and Competencies

Problem Solving (analysis, helicopter view, problem setting, decision making)
Planning and Organization (time management, scheduling and control)
Communication (clearness, listening, persuasion)
Networking (reinforce relationships, use emotional intelligence and personal proximity)
Results Orientation (delivering solutions, work under pressures

Advantio Core Values