Consultant/AQSA, Sensitive Data Cybersecurity Compliance at Mazars USA LLP in Fort Washington, Pennsylvania

Job Description:

Job Description:

Consultant/AQSA, Sensitive Data Cybersecurity Compliance

Mazars USA is hiring - If you are looking for a career where you can truly have a say, make an impact, and be valued, Mazars is the right place for you!

Our Cybersecurity practice seeks an experienced professional with take responsibility for performing security assessment and advisory projects, namely for PCI DSS, HITRUST, NIST, ISO and other sensitive data global standards and regulations. The Consultant/AQSA will interact with clients both on-site and remotely and work closely with clients to identify vulnerabilities, assess risks, and provide recommendations to help clients meet compliance to the standards and regulations being assessed.

This is a national practice and we offer flexible work hours and locations: in office, remote, hybrid.

What You Will Do:

• 
  
  Compliance Assessments:
  
  
  
  • 
    
    Conduct comprehensive assessments of the organization's IT infrastructure, systems, and processes to ensure compliance with PCI DSS, HITRUST, ISO, and/or NIST standards.
    
    
  
  
  • 
    
    Evaluate security controls, policies, and procedures related to the handling, processing, and storage of payment card data.
    
    
  
  
  • 
    
    Identify gaps and weaknesses in the security posture and provide recommendations for remediation.
    
    
  
  
  
  

• 
  
  Security Audits and Reviews:
  
  
  
  • 
    
    Perform regular security audits and reviews to ensure ongoing compliance with PCI DSS, HITRUST, ISO, and/or NIST requirements.
    
    
  
  
  • 
    
    Review and analyze security logs, reports, and other relevant documentation to identify potential security issues.
    
    
  
  
  • 
    
    Collaborate with internal stakeholders to address security findings and implement corrective actions.
    
    
  
  
  
  


• 
  
  Risk Assessment and Mitigation:
  
  
  
  • 
    
    Conduct risk assessments to identify potential threats and vulnerabilities to the organization's payment card data environment.
    
    
  
  
  • 
    
    Evaluate the effectiveness of existing security controls and recommend improvements to mitigate identified risks.
    
    
  
  
  • 
    
    Develop risk management strategies and assist in the implementation of risk mitigation measures.
    
    
  
  
  
  


• 
  
  Client Consultation and Communication:
  
  
  
  • 
    
    Serve as the primary point of contact for clients regarding PCI DSS, HITRUST, ISO, and/or NIST compliance issues and concerns.
    
    
  
  
  • 
    
    Provide expert guidance and advice to clients on security best practices, compliance requirements, and regulatory changes.
    
    
  
  
  • 
    
    Communicate assessment findings, recommendations, and remediation plans to clients in a clear and understandable manner.
    
    
  
  
  
  


• 
  
  Documentation and Reporting:
  
  
  
  • 
    
    Prepare detailed assessment reports documenting the findings, conclusions, and recommendations resulting from PCI DSS, HITRUST, ISO, and/or NIST compliance assessments.
    
    
  
  
  • 
    
    Maintain accurate and up-to-date documentation of assessment activities, including work papers, checklists, and supporting evidence.
    
    
  
  
  • 
    
    Present assessment reports to clients and assist in developing remediation plans to address identified deficiencies.
    
    
  
  
  
  


• 
  
  Continuous Learning and Development:
  
  
  
  • 
    
    Stay updated on the latest developments, trends, and best practices in cybersecurity, payment card industry regulations, and compliance standards.
    
    
  
  
  • 
    
    Pursue relevant certifications and training opportunities to enhance knowledge and skills in PCI DSS, HITRUST, ISO, and/or NIST compliance and security assessment methodologies.
    
    
  
  
  
  

What We Seek:

• 
  
  2 Years+ experience in information security assessment and audit required
  
  

• 
  
  Education required: Bachelor's degree in relevant field (e.g., Engineering, Computer Science, IT, Audit) or sufficient relevant work experience in IT audit, information security, or similar field
  
  


• 
  
  Certification required/preferred: Must possess at least one accredited, industry-recognized professional certifications listed as a requirement to become a QSA.
  
  


• 
  
  Ability to travel to client locations as needed: 25- 50% travel, so ability to travel that extensively, and be in planes without issues is required
  
  


• 
  
  Our firm does not anticipate hiring experienced or entry level job seekers who will need sponsorship through the H-1B lottery, now or in the future.
  
  


• 
  
  Knowledge of PCI DSS, NIST, ISO and/or HITRUST and at least basic familiarity with other PCI standards (e.g., P2PE, SSF) and with similar security control frameworks
  
  


• 
  
  Effective presence in front of client personnel, including executive leadership when presenting findings, providing status updates, or communicating project plans.
  
  


• 
  
  Knowledge of the underlying disciplines of information security and compliance, such as systems or application security, cloud environment security, cryptographic controls, vulnerability and threat management, or the like
  
  


• 
  
  Strong analytical ability
  
  


• 
  
  Excellent verbal, written, and presentation skills
  
  

Why Mazars:

• 
  
  We offer a generous compensation package with discretionary bonus opportunities, paid time off and a 401K plan with a firm matching contribution
  
  


• 
  
  The salary range for this role takes into account many factors including, but not limited to, years and type of experience, skill sets, and certifications. The projected salary range for this position is $83,000 to $95,000.
  
  


• 
  
  We are committed to diversity, in all of its forms, in our workforce
  
  


• 
  
  We are committed to work/life balance, offering a flexible "Dress for Your Day" dress code and summer Fridays "kickstart" program
  
  


• 
  
  We are committed to the values inherent in making ESG (environmental, social and governance) a priority in everything we do -- to being a firm that's responsible to our employees, clients, society and our planet
  
  


• 
  
  Mazars offers a wide range of mentoring, training and professional development opportunities to support you in reaching your fullest potential
  
  


• 
  
  We offer a graduate school support program and tuition reimbursement
  
  


• 
  
  We offer international rotation opportunities with the Mazars Group of member firms in Europe, Asia Pacific, the Middle East, Africa, Latin America and the Caribbean
  
  

Who We Are:

Mazars USA LLP is an independent member firm of Mazars Group, an international audit, tax and advisory organization with operations in nearly 100 countries and territories. With roots going back to 1921 in the US, the firm has significant national presence in strategic geographies, providing seamless access to 30,000+ professionals around the world.

Our industry specialists deliver tailored services to a wide range of clients across sectors, including individuals, high-growth emerging companies, privately-owned businesses and large enterprises.

Mazars Partners and professionals work as a single, integrated team, committed to helping our clients and their people succeed by respecting who they are and how they work. We take great pride in the quality of our work and the services we provide, and we are committed to helping build the economic foundations of a fair and prosperous world.

Mazars USA LLP is an equal opportunity/affirmative action employer and maintains a drug-free workplace.