We are the leading provider of professional services to the middle market globally, our purpose is to instill confidence in a world of change, empowering our clients and people to realize their full potential. Our exceptional people are the key to our unrivaled, inclusive culture and talent experience and our ability to be compelling to our clients. You’ll find an environment that inspires and empowers you to thrive both personally and professionally. There’s no one like you and that’s why there’s nowhere like RSM.
At RSM, we established the Security and Privacy Risk Consulting (SPRC) group to meet the critical cybersecurity needs of our clients. This team of dedicated cybersecurity professionals focuses exclusively on cybersecurity and information protection. Our SPRC group, located throughout the country, helps clients prevent, detect, and respond to security threats impacting their critical systems and ensures regulatory compliance in handling, processing, and protecting sensitive information. We support a diverse client base across various industries, providing expertise in information security risk management, security testing, enterprise architecture, governance, regulatory privacy compliance, and digital forensics.
We are seeking a Manager-level Payment Card Industry (PCI) Qualified Security Assessor (QSA) to join our Security and Privacy Risk consulting practice. As a Manager of CyberCompliance, you will drive the growth of cybersecurity service offerings while understanding industry-specific risks and payment card security requirements. You’ll assist organizations in developing robust data protection programs to safeguard critical assets, particularly the cardholder data environments of RSM clients. Your team will focus on assessing, designing, and implementing cybersecurity risk management practices such as network segmentation, vulnerability management, data classification, encryption, de-identification, and sensitive data monitoring solutions to ensure cyber regulatory alignment for data-rich organizations.
Responsibilities
- Manage the timely delivery of engagement results and high-quality deliverables, adhering to professional and industry standards.
- Hands-on delivery and execution of project tasks for complex technology environments.
- Present project status, risk-based observations, and proposed solutions to clients’ senior management.
- As a first choice advisor, cultivate and maintain relationships with stakeholders, identifying opportunities for technological and operational risk mitigation.
- Assess payment card compliance maturity and assist clients in building and implementing sustainable PCI compliance programs.
- Support organizations in developing and implementing information governance frameworks.
- Aid clients in designing and maintaining payment card industry and cyber compliance programs, including operational processes, technology, and guidelines.
- Identify opportunities to expand service scope within engagements and contribute to market-facing initiatives to attract new client prospects.
- Communicate strategic and tactical risks of account data protection, advanced security threats, enterprise security management practices, and innovative security solutions to clients.
- Translate complex technical issues into executive-style reports and presentations for senior management.
- Leverage industry and technical expertise to identify improvement opportunities for clients and support remediation services.
- Supervise, train, and mentor staff, coordinating with client resources as necessary.
- Assist in building the SPRC practice by expanding the team’s size and skill set.
- Set performance expectations for staff and provide constructive feedback.
- Oversee and train junior team members during service delivery, ensuring quality and fostering growth.
- Support business development efforts to acquire new clients and expand existing relationships.
- Identify business opportunities and enhance go-to-market strategies.
- Advise area leadership on SPRC service line growth and market strategies.
- Participate in professional organizations and develop thought leadership in relevant cybersecurity topics for internal and external branding.
- Ensure revenue targets are met, and service offerings remain responsive to the evolving business environment.
Required Qualifications
- Active or former PCI QSA certification with experience preparing Level 1 and Level 2 PCI DSS Reports on Compliance (ROCs) or 3+ years of PCI DSS experience with one or more of the following certifications:
- (ISC)2 Certified Information System Security Professional (CISSP)
- ISACA Certified Information Security Manager (CISM)
- Certified ISO 27001 Lead Implementer 1
- (METI) Registered Information Security Specialist (RISS)
- ISACA Certified Information Systems Auditor (CISA)
- GIAC Systems and Network Auditor (GSNA)
- Certified ISO 27001 Lead Auditor
- IRCA ISMS Auditor or higher—e.g., Auditor/Lead Auditor, Principal Auditor
- IIA Certified Internal Auditor (CIA)
- Bachelor’s degree in information technology, business, or related discipline from an accredited college/university.
- 5+ years of related work experience in cyber compliance consulting or equivalent advanced academic experience.
- Familiarity with cybersecurity program components and supporting workflows, such as:
- Regulatory monitoring
- Business requirements definition
- Data inventory and information flow mapping
- Cybersecurity risk management
- Third-party vendor management
- Interactions with consumers (data subject requests)
- Incident management and breach notifications
- Technical knowledge of network and IT infrastructure, application/database design, IT governance, risk management, incident response, and typical network/IT security components.
- Working knowledge of key cybersecurity compliance standards and regulations, including PCI DSS, NIST CSF, GLBA, etc.
- Proven people skills with experience operating in a professional services firm, large consultancy, or similar environment.
- Demonstrated ability to collaborate effectively, especially with cross-functional teams.
Preferred Qualifications
- Proven experience engaging with diverse organizational stakeholders, including management, business, marketing, HR, IT, and Legal teams.
- Advanced degree focused on data protection, privacy, or a related field.
- Strong written, oral, and presentation skills with an innovative mindset.
- Knowledge of PCI DSS practices in retail and financial services.
- Proven ability to work seamlessly in a virtual environment with globally dispersed team members.
- Creative thinking, individual initiative, and flexibility in navigating rapid changes in technology, regulation, and client needs.
- Commitment to staying updated with advancements, challenges, and discoveries in the Security and Privacy industry.
At RSM, we offer a competitive benefits and compensation package for all our people. We offer flexibility in your schedule, empowering you to balance life’s demands, while also maintaining your ability to serve clients. Learn more about our total rewards at https://rsmus.com/careers/working-at-rsm/benefits https://rsmus.com/careers/el-salvador.html.
RSM does not tolerate discrimination and/or harassment based on race; colour; creed; sincerely held religious beliefs, practices or observances; sex (including pregnancy or disabilities related to nursing); gender (including gender identity and/or gender expression); sexual orientation; HIV Status; national origin; ancestry; familial or marital status; age; physical or mental disability; citizenship; political affiliation; medical condition (including family and medical leave); domestic violence victim status; past, current or prospective service in the Salvadoran Military/Veteran status; pre-disposing genetic characteristics or any other characteristic protected under applicable provincial employment legislation.
Accommodation for applicants with disabilities is available upon request in connection with the recruitment process and/or employment/partnership. RSM is committed to providing equal opportunity and reasonable accommodation for people with disabilities. If you require a reasonable accommodation to complete an application, interview, or otherwise participate in the recruiting process, please send us an email at [email protected].