Security Advisor - CampusGuard

CampusGuard a Nelnet Company provides information security services for campus-based organizations including higher education institutions healthcare providers city county and state government agencies and hospitality markets. As a full-service information security firm we leverage our knowledge combined with the industry standards for compliance and information security issues to provide our customers with world class information security & compliance services.

JOB RESPONSIBILITIES:

Security Advisors are responsible for assessing and reporting on customer business and technical environments operations/procedures administration of infrastructure (from network border to endpoints and everything in-between) and overall compliance programs as measured against relevant industry standards. A Security Advisor assigned to the PCI Practice will focus primarily on PCI DSS assessments and compliance (including Reports on Compliance) though work to support other service lines including those within the Privacy Practice can arise periodically. Customer support of general information security is a shared responsibility between the PCI and Privacy Practices. Responsibilities of a Security Advisor assigned to the PCI Practice include but are not limited to the following:

• Consult both onsite and remotely with customers to collect review and analyze data related to current institutional policies business practices and procedures network infrastructure IT system configurations and physical security as they relate to multiple compliance requirements (primarily PCI DSS).

• Performing gap analysis of sampled merchant and service provider environments and overall compliance program/centralized controls.

• Provide in-person or remote PCI DSS orientation sessions to customer finance merchants and IT personnel.

• Review requirements with customers third-party service providers as necessary to clarify roles and help the customers achieve information security and compliance objectives.

• Make recommendations for remediation steps required to achieve information security and compliance objectives.

• Upon requests from ongoing customers the Security Advisor may review customer-prepared industry reports (such as a PCI Self-Assessment Questionnaire) and provide feedback/guidance to ensure accurate reporting or in some cases assist the customer with the preparation of the required industry-standard reporting obligations.

• This is a remote work position. Candidate must be able to work in a home office environment with minimal supervision.

• Ability to travel required (potentially up to 50%).

Security Advisors use standardized procedures and methods to assess the security and monitor the on-going compliance of each customer:

• Perform gap assessments through interviews observations evidence review and physical/remote assessments to evaluate customer networks infrastructure and operations as it relates to compliance objectives (primarily PCI DSS).

• Report on findings and provide customers with remediation options when appropriate.

Security Advisors assist with sales and marketing activities:

• Participate in sales calls as an industry expert.

• Attend conferences as appropriate.

• Prepare and perform industry-related presentations and/or webcasts.

• Other sales/marketing support duties as requested.

EDUCATION:

• Minimum acceptable education requirements: Bachelors degree and/or 5 years experience in the information security industry (preferably at an institution of higher education or similar campus-based organization).

• Minimum acceptable certification requirements: Possess at least one of the industry-recognized certifications from Lists A and B below. Possession of both a List A Information Security and List B Audit certification is required to hold the Qualified Security Assessor (QSA) certification which is a requirement of the Security Advisor role when assigned to the PCI Practice. Possessing an active QSA certification is a plus.

Information Security certifications:

• ISC2 Certified Information System Security Professional (CISSP)

• ISACA Certified Information Security Manager (CISM)

• Certified ISO 27001 Lead Implementer (when issued by an accredited certification body)

Audit certifications:

• ISACA Certified Information Systems Auditor (CISA)

• GIAC Systems and Network Auditor (GSNA)

• Certified ISO 27001 Lead Auditor or Internal Auditor (when issued by an accredited certification body)

• IRCA ISMS Auditor or highere.g. Auditor/Lead Auditor Principal Auditor (Provisional auditor designations are not sufficient)

• IIA Certified Internal Auditor (CIA)

Note: Candidates must agree to prepare for and pass the PCI QSA certification and any other certifications as directed by their manager.

EXPERIENCE:

Minimum acceptable work experience requirements: All candidates must have a minimum of five years of relevant information security experience to align with the minimum experience requirements for a QSA. This experience must cover at least one year each in application security information systems security network security IT security auditing and information security risk assessment or risk management. At least two years experience working with PCI DSS compliance is required either as an assessor or internally to manage PCI DSS compliance.

SKILLS/KNOWLEDGE/ABILITIES:

Knowledge and experience with consulting implementing or supporting PCI DSS and other compliance/assessment efforts including:

• Understanding and familiarity with PCI DSS and supporting standards/programs including but not limited to: PTS SSF P2PE SPoC MPoC etc.

• Core PCI DSS compliance program elements such as policy procedure training service provider oversight device protection inventory/scope verification and incident response.

• Targeted risk analyses.

• SAQs Report on Compliance template and other relevant guidance documents and tools provided by the PCI SSC such as the Prioritized Approach Tool.

• Familiarity with industry-standard security and compliance documents/frameworks such as NIST SP 800-171 NIST CSF GLBA etc.

Creative problem-solving and customer engagement including:

• Collaborating identifying and addressing customer needs through relationship building and understanding customers business and needs

• Familiarity with Education Healthcare and Government institution and their structures operations and security needs

• Understanding of information systems networks and related security issues

• Communicating in written verbal and video formats

• Communicating both quantitative and qualitative analyses.

• Creating high-quality deliverables using appropriate business and technical language.

• Creating high-quality deliverables using appropriate business and technical language.

Pay range for this role is $110000-$140000 annually depending on experience & certifications.

#LI-CW1

#LI-Remote

Our benefits package includes medical dental vision HSA and FSA generous earned time off 401K/student loan repayment life insurance & AD&D insurance employee assistance program employee stock purchase program tuition reimbursement performance-based incentive pay short- and long-term disability and a robust wellness program. Click here to learn more about our benefits: LINK.

Nelnet is committed to providing a welcoming and respectful workplace where all associates have the opportunity to succeed. As an Equal Opportunity Employer we ensure that all qualified applicants are considered for employment. Employment decisions are made without regard to race color religion/creed national origin gender sex marital status age disability use of a guide dog or service animal sexual orientation military/veteran status or any other status protected by federal state or local law. We value the unique contributions of every team member and believe that a positive work environment benefits everyone.

Qualified individuals with disabilities who require reasonable accommodations in order to apply or compete for positions at Nelnet may request such accommodations by contacting Corporate Recruiting at or.

Nelnet is a Drug Free and Tobacco Free Workplace.