PCI Qualified Security Assessor (QSA) | On-Site, Arizona

united states • Compliance Services • Full-Time

About MegaplanIT

MegaplanIT is an industry expert in cybersecurity testing, compliance, and managed security services, working with businesses of all sizes to protect their brand, grow their value, and improve their reputation as the threat landscape evolves around them. By delivering an unrivaled suite of services, we provide organizations with peace of mind that their most important assets are available, operating as expected, and protected at all times. Our experience and knowledge position us to help businesses identify, assess, mitigate & respond to the Cyber and Operational risks they face. We are committed to helping our clients achieve and maintain compliance while improving their security capabilities. MegaplanIT serves its new and long-standing clients from multiple offices in the U.S. and employs industry professionals that drive value for our clients in a trusted advisor role.

Position Details

As a Qualified Security Assessor (QSA), you will deliver security assessments and provide consulting services to a wide range of clients against industry standards such as PCI DSS, ISO, HIPAA, and NIST. In addition, the QSA will prepare executive and technical level reports for clientele detailing the assessment findings, including any security gaps, and help to identify solutions to improve the client’s security posture. This role is a remote position with minimal travel requirements.


  • Provide practical recommendations for information security and governance around a diverse range of technology and compliance drivers, which include ISO, PCI, and HIPAA.
  • Perform comprehensive technical audits such as PCI DSS, ISO27001/27002, NIST 800-53/171/CSF, and HIPPA Security for MegaplanIT clients.
  • Provide Trusted Advisory Services and Policy and Procedure Development during auditing engagements.
  • Develop reports that detail compliance gaps for all assessments, including risk severity level, systems impacted, business risk summary, and recommendations for remediation.
  • Create roadmaps to achieve full compliance before a formal audit via gap assessment techniques with prioritized remediation steps, estimated work efforts, and associated timelines.
  • Manage and drive evidence gathering for all standards’ requirements and advise clients on how to achieve compliance.
  • Review Deliverables with clients and provide remediation guidance and advisory on beneficial services that could align with industry trends and support compliance (i.e., technical solutions).
  • Serve as a Subject Matter Expert, providing knowledge and assistance in a broad range of security, risk, and compliance fields. 
  • Assist Business Development/Sales team by answering operational and technical questions related to areas, including PCI DSS, PCI SSF (SLC, Secure Software), ISO27001/27002, Policy and Procedure, Penetration Testing, and HIPAA compliance. 
  • Support security practice offerings in pre-sales and post-sales roles. 
  • Assist with developing and managing internal and external delivery processes, procedures, and methodologies. 
  • Develop and maintain positive relationships with client personnel. 
  • Maintain high morale by contributing to an effective, positive work environment. 
  • Navigate through the professional development process and participate in timely reviews, goal setting, and additional training and certification plans. 
  • Deliver work that meets or exceeds expectations based on a solid understanding of the client’s business and needs.
  • Maintain effective communication between other consultants, management, and client stakeholders. 
  • Participate in industry conferences and professional organizations. 
  • Provide additional value for clients by offering constructive insights and consultative advice based on personal experience with the client, their industry, established standards, and leading practices. 
  • Demonstrate a high level of commitment to client success, as shown by responding promptly to changes in client expectations both professionally and effectively. 


  • Able to multi-task and work independently with minimum supervision to meet client deadlines.
  • Be flexible, proactive, quick to learn, and possess a can-do attitude.
  • Excellent written and oral communication skills with the ability to express their thoughts clearly, know how to listen, and be able to contribute to a team environment. 
  • Proven experience conducting enterprise risk and security assessments
  • Ability to conduct IT audits that include reviewing policies, process and procedure design, and information security aspects of privacy and regulatory compliance standards.
  • Communicate compliance, information security, and technology issues clearly to business and technical client stakeholders. 


  • Pass criminal background check.
  • Possess sufficient information security knowledge and experience to conduct technically complex security assessments.
  • Possess a minimum of one year of experience in each of the following information security disciplines:
    • Application security
    • Information systems security
    • Network security
  • Possess a minimum of one year of experience in each of the following audit/assessment disciplines:
    • IT security auditing
    • Information security risk assessment or risk management
  • Possess at least one of the following accredited, industry-recognized professional certifications from each list:
    • List A – Information Security
      • (ISC)2 Certified Information System Security Professional (CISSP)
      • ISACA Certified Information Security Manager (CISM)
      • Certified ISO 27001 Lead Implementer 1
    • List B – Audit
      • ISACA Certified Information Systems Auditor (CISA)
      • GIAC Systems and Network Auditor (GSNA)
      • Certified ISO 27001, Lead Auditor, Internal Auditor 1
      • IRCA ISMS Auditor or higher (e.g., Auditor/Lead Auditor, Principal Auditor)
        • Note: “Provisional” auditor designations do not meet the requirement.
      • IIA Certified Internal Auditor (CIA)
  • Possess knowledge about PCI DSS and all applicable published documents on the PCI SSC website.