PCI Qualified Security Assessor (QSA)

Job Description: PCI Qualified Security Assessor (QSA) ( GOVT EXP is MUST)
Location: [Seattle, WA Onsite]
Position Type: [Contract long Term ]


About the Port of Seattle:
The Port of Seattle is a public agency that operates critical infrastructure in the Puget Sound region, including Seattle-Tacoma International Airport (SEA), multiple marine terminals, and various commercial real estate properties. As a major hub for travel and commerce, we process a significant volume of payment card transactions and are committed to the highest standards of data security and privacy for our customers and partners.
Position Overview:
The Port of Seattle is seeking a certified PCI Qualified Security Assessor (QSA) to perform a comprehensive assessment of our compliance with the Payment Card Industry Data Security Standard (PCI DSS). The successful candidate will be responsible for evaluating our people, processes, and technologies to validate our security posture, identify gaps, and guide us toward achieving and maintaining full compliance. This role is critical in ensuring the secure handling of payment card data across our diverse operations.
Key Responsibilities:

• Conduct a thorough PCI DSS gap analysis and scoping exercise to identify all systems and processes involved with the storage, processing, or transmission of cardholder data (CHD).
• Perform on-site and remote assessments of the Port’s IT infrastructure, applications, and policies against all applicable PCI DSS requirements.
• Evaluate and validate the effectiveness of security controls, including network security, access control, encryption, vulnerability management, and logging/monitoring.
• Work collaboratively with internal IT, security, and business teams to gather evidence, clarify processes, and explain findings.
• Document the assessment procedures, evidence, and results in detail.
• Author a formal Report on Compliance (ROC) for submission to acquiring banks and payment card brands.
• Provide clear, actionable guidance and recommendations for remediation of any identified compliance gaps.
• Advise on best practices for maintaining ongoing PCI DSS compliance.

Required Qualifications & Certifications:

• Active PCI SSC Qualification: Must hold a current, valid PCI Qualified Security Assessor (QSA) certification issued by the PCI Security Standards Council (PCI SSC).
• Experience: Minimum of 5 years of experience in information security, IT audit, or risk management, with at least 3 years of hands-on experience leading PCI DSS assessments.
• Technical Expertise: Deep understanding of the PCI DSS requirements and their practical implementation in a complex organizational environment.
• Auditing Skills: Proven experience performing security assessments, interviewing personnel, reviewing evidence, and writing detailed reports (ROCs).
• Communication: Exceptional written and verbal communication skills, with the ability to articulate complex technical issues and compliance requirements to both technical and non-technical stakeholders.

Preferred Qualifications:

• Experience assessing large, complex organizations with diverse IT environments (e.g., airports, transportation hubs, retail, hospitality).
• Additional relevant certifications such as CISSP, CISA, CRISC, or CISM.
• Experience with other compliance frameworks (NIST, ISO 27001, SOC 2).