Payment Card Industry Qualified Security Assessor (PCI QSA)





You will join our Risk, Security and Privacy Practice as a Payment Card Industry Qualified Security Assessor (PCI QSA). You will work closely with our clients to understand their business, technologies, and processes so that you can assist in designing effective security controls to help them achieve PCI compliance, and to improve enterprise-wide security. As a subject matter expert, you’ll advise clients on data security to help prevent potential security breaches before they occur. 
What you'll do
  • Conduct various information security and compliance assessments and analyses, and provide advice and consultation (e.g., PCI Assessments, Risk Assessments, Gap Analysis, and more). 
  • Lead meetings, chair conference calls, action follow-ups, and proactively interact with clients to move projects forward to ultimate completion (e.g., Report on Compliance, Attestation of Compliance). 
  • Create professional reports for our clients that detail your assessment findings and clearly articulate your advice. 
  • Consult with clients to help them understand our findings and their remediation options. 
  • Serve as Trusted Advisor and provide input on security architecture with regards to PCI and cybersecurity. 
  • Assist our sales team with pre-sales activities, proposal creation, needs analysis, and solution design. 
  • Attend industry events and lead webinars and Learning Hours. 
  • Write summaries and executive briefs. 


What we'd like
  • Ability to lead PCI assessments individually or with a team, including CDE scoping, assessment planning, governance reviews, onsite assessment activities, status reporting, report writing, and managing customer resources.
  • Experience writing Reports on Compliance and Attestations of Compliance.
  • Experience with various information security concepts, including network and wireless security, application security, industry best practices, systems hardening, data encryption, data privacy, incident response, business continuity, physical security, risk assessments, vulnerability scanning and penetration testing report reviews, file integrity monitoring, log monitoring, and documented security governance controls.
  • Experience with industry best practices and standards such as PCI DSS, CIS, and NIST, including security hardening techniques. 
  • Good understanding of Unix, Linux, Windows, database server configurations, and storage solutions. 
  • Good understanding of networking systems configurations, including firewalls and other network components. 
  • Good understanding of application architecture and software development lifecycle processes, including secure coding techniques. 
  • Good understanding of server virtualization technologies (e.g., VMware, Hypervisor, Citrix Hypervisor, etc.). 
  • Good understanding of cloud environments (i.e., AWS, Azure, Google Cloud). 
  • Two+ years of experience as a PCI QSA in good standing. 
  • Seven+ years of experience measuring security controls, IT auditing, business processes, providing advice, and/or related security consulting experience. 
  • One Information Security certification (i.e., CISSP, CISM, or ISO 27001 Lead Implementer) strongly preferred. 
  • One Audit certification (i.e., CISA, GSNA, ISO 27001, Lead Auditor, Internal Auditor, IRCA ISMS Auditor, or CIA) strongly preferred. 


What's in it for you?
We have an amazing culture, a supportive environment and team members who are both smart and fun to be around. We know everyone says that; but, if you join us, you'll be saying it too. We offer a competitive compensation and benefits package:

    Professional development budget and time.

    Connection opportunities for learning and socializing.

    Career mentor to help you grow in your career.

    RRSP/401K matches for your future.

    Wellness program to help keep you healthy.

About Online
We are "Onliners" - not employees.
We do amazing things for our Clients. And they keep inviting us back!
We are lifelong learners who continuously challenge ourselves.
We support, respect, and value one another.
We are collaborators. This is not a one-person show.
We believe in balance. We work hard, but we value - and take - our personal time.
We love to have fun, and a sense of humour is appreciated around here.
We deliver Results. Guaranteed.


Location: Remote United States



Business Team: Risk, Security & Privacy



Online Business Systems now serves an international market with team members spanning Canada, US, and EMEA. Click here to see all locations.
Hear from Onliners on why they believe YOU want to work here!






Payment Card Industry Qualified Security Assessor (PCI QSA)


Location: Remote United States



Business Team: Risk, Security & Privacy



You will join our Risk, Security and Privacy Practice as a Payment Card Industry Qualified Security Assessor (PCI QSA). You will work closely with our clients to understand their business, technologies, and processes so that you can assist in designing effective security controls to help them achieve PCI compliance, and to improve enterprise-wide security. As a subject matter expert, you’ll advise clients on data security to help prevent potential security breaches before they occur. 
What you'll do
  • Conduct various information security and compliance assessments and analyses, and provide advice and consultation (e.g., PCI Assessments, Risk Assessments, Gap Analysis, and more). 
  • Lead meetings, chair conference calls, action follow-ups, and proactively interact with clients to move projects forward to ultimate completion (e.g., Report on Compliance, Attestation of Compliance). 
  • Create professional reports for our clients that detail your assessment findings and clearly articulate your advice. 
  • Consult with clients to help them understand our findings and their remediation options. 
  • Serve as Trusted Advisor and provide input on security architecture with regards to PCI and cybersecurity. 
  • Assist our sales team with pre-sales activities, proposal creation, needs analysis, and solution design. 
  • Attend industry events and lead webinars and Learning Hours. 
  • Write summaries and executive briefs. 

What we'd like
  • Ability to lead PCI assessments individually or with a team, including CDE scoping, assessment planning, governance reviews, onsite assessment activities, status reporting, report writing, and managing customer resources.
  • Experience writing Reports on Compliance and Attestations of Compliance.
  • Experience with various information security concepts, including network and wireless security, application security, industry best practices, systems hardening, data encryption, data privacy, incident response, business continuity, physical security, risk assessments, vulnerability scanning and penetration testing report reviews, file integrity monitoring, log monitoring, and documented security governance controls.
  • Experience with industry best practices and standards such as PCI DSS, CIS, and NIST, including security hardening techniques. 
  • Good understanding of Unix, Linux, Windows, database server configurations, and storage solutions. 
  • Good understanding of networking systems configurations, including firewalls and other network components. 
  • Good understanding of application architecture and software development lifecycle processes, including secure coding techniques. 
  • Good understanding of server virtualization technologies (e.g., VMware, Hypervisor, Citrix Hypervisor, etc.). 
  • Good understanding of cloud environments (i.e., AWS, Azure, Google Cloud). 
  • Two+ years of experience as a PCI QSA in good standing. 
  • Seven+ years of experience measuring security controls, IT auditing, business processes, providing advice, and/or related security consulting experience. 
  • One Information Security certification (i.e., CISSP, CISM, or ISO 27001 Lead Implementer) strongly preferred. 
  • One Audit certification (i.e., CISA, GSNA, ISO 27001, Lead Auditor, Internal Auditor, IRCA ISMS Auditor, or CIA) strongly preferred. 

What's in it for you?
We have an amazing culture, a supportive environment and team members who are both smart and fun to be around. We know everyone says that; but, if you join us, you'll be saying it too. We offer a competitive compensation and benefits package:
Professional development budget and days.

Connection opportunities for learning and socializing.

Career mentor to help you grow in your career.

RRSP/401K matches for your future.

Wellness program to help keep everyone healthy.

About Online
We are "Onliners" - not employees.
We do amazing things for our Clients. And they keep inviting us back!
We are lifelong learners who continuously challenge ourselves.
We support, respect, and value one another.
We are collaborators. This is not a one-person show.
We believe in balance. We work hard, but we value - and take - our personal time.
We love to have fun, and a sense of humour is appreciated around here.
We deliver Results. Guaranteed.



Online Business Systems now serves an international market with teams members spanning across Canada, US and EMEA. Click here to see all locations.
Hear from Onliners on why they believe YOU want to work here!


Our story began in 1986 in Winnipeg, Canada, where our CEO grew a small team of University friends into an award-winning Digital Transformation and Cybersecurity consultancy with over 350 team members across North America and EMEA. We have the stability of a larger company but the heart of a small company, even as we continue to grow. We have been on the “Best Workplaces in Canada” list for the past 16 years and you’ll understand why when you read what our team members say on Glassdoor: (https://www.glassdoor.ca/Overview/Working-at-Online-Business-Systems-EI_IE373050.11,34.html)

Online firmly believes in respect, equity, and equality and in providing EVERYONE equal opportunity to apply and succeed in their role. We are committed to creating and maintaining an inclusive and accessible environment for everyone.