CampusGuard, a Nelnet Company, provides information security services for campus-based organizations including higher education institutions, healthcare providers, city, county and state government agencies and hospitality markets. As a full-service information security firm, we leverage our knowledge combined with the industry standards for compliance and information security issues to provide our customers with world class information security & compliance services.
CampusGuard, a Nelnet company, provides cybersecurity and compliance services for campus-based organizations including higher education institutions, healthcare providers, state and local government agencies, utilities and hospitality markets. As a full-service firm, we leverage our knowledge combined with the industry standards for compliance and information security issues to provide our customers with world class information cybersecurity & compliance services.
The Security Advisor provides information security and compliance consulting services using accepted standards, frameworks, and best practices including but not limited to PCI DSS, NIST SPs 800-53 and 800-171, NIST CSF, and ISO 27001. Security Advisors assess and report on customers’ compliance with various rules, regulations, and standards such as PCI DSS, CMMC, GDPR, FERPA, HIPAA/HITECH, GLBA, and FCRA Red Flags. The Security Advisor will gather and analyze customer information, make remote and/or physical site visits, conduct interviews, make observations, take appropriate notes, perform gap analysis, review evidence and documentation, and complete reports on findings, with remediation recommendations included where necessary. Security Advisors provide ongoing consultation services to customers via recurring and ad-hoc meetings and email communications, and assist with periodic support activities with customers, such as tabletop exercises and facilitating risk assessments, to ensure continued compliance. The Security Advisor provides sales support in the form of conference attendance/presentations, collaborates with Customer Relationship Manager (CRM) partners, and performs other tasks as needed/assigned, including but not limited to: time entry, internal meetings, create/revise both internal- and customer-facing documents and tools, and attend training seminars/webinars.
JOB RESPONSIBILITIES:
Security Advisors are responsible for assessing and reporting on customer business and technical environments, operations/procedures, administration of infrastructure (from network border to endpoints and everything in-between), and overall compliance programs, as measured against relevant industry standards. The PCI Practice Security Advisor will focus primarily on PCI DSS assessments and compliance (including Reports on Compliance), though work to support other service lines, including those within the Privacy Practice, can arise periodically. Customer support of general information security is a shared responsibility between the PCI and Privacy Practices.
Responsibilities of the PCI Practice Security Advisor include, but are not limited to the following:
Consult both onsite and remotely with customers to collect, review, and analyze data related to current institutional policies, business practices and procedures, network infrastructure, IT system configurations and physical security as they relate to multiple compliance requirements (primarily PCI DSS).
Performing gap analysis of sampled merchant environments and overall compliance program/centralized controls.
Provide in-person or remote orientation sessions to customer personnel.
Review requirements with third-party service providers as necessary to clarify roles and help the customers achieve information security and compliance objectives.
Make recommendations for remediation steps required to achieve information security and compliance objectives.
Upon requests from ongoing customers, the Security Advisor may review customer-prepared industry reports (such as a PCI Self-Assessment Questionnaire) and provide feedback/guidance to ensure accurate reporting, or in some cases assist the customer with the preparation of required industry-standard reporting obligations.
This is a remote work position.Candidate must be able to work in a home office environment with minimal supervision.
Ability to travel required (potentially up to 50%).
Other duties as assigned.
Security Advisors use standardized procedures and methods to assess the security and monitor the on-going compliance of each customer:
Perform gap assessments through interviews, observations, evidence review, and physical/remote assessments to evaluate customer networks, infrastructure and operations as it relates to compliance objectives (primarily PCI DSS).
Report on findings and provide customers with remediation options when appropriate.
Security Advisors assist with sales and marketing activities:
Participate in sales calls as an industry expert. Attend conferences as appropriate.
Prepare and perform industry-related presentations and/or webcasts. Other sales/marketing support duties as requested.
EDUCATION:
Minimum acceptable education requirements: Bachelor’s degree, and/or 5 years’ experience in the information security industry (preferably at an institution of higher education) Minimum acceptable certification requirements: Possess at least one of the industry-recognized information security and/or audit certification(s) required to obtain the Qualified Security Assessor (QSA) certification. See lists below. Possessing both information security and audit certifications and an active QSA certification is a plus.
Information Security certifications:
- ISC2 Certified Information System Security Professional (CISSP)
- ISACA Certified Information Security Manager (CISM)
- Certified ISO 27001 Lead Implementer (when issued by an accredited certification body)
Audit certifications:
- ISACA Certified Information Systems Auditor (CISA)
- GIAC Systems and Network Auditor (GSNA)
- Certified ISO 27001 Lead Auditor or Internal Auditor (when issued by an accredited certification body)
- IRCA ISMS Auditor or higher—e.g., Auditor/Lead Auditor, Principal Auditor (“Provisional” auditor designations are not sufficient)
- IIA Certified Internal Auditor (CIA)
Note: Candidates must agree to prepare for and pass the PCI Qualified Security Assessor (QSA) certification and any other certifications as directed by their manager.
**Pay Range for this position is -$95,000 and up (amount changes on industry certifications and PCI assessment experience.)
EXPERIENCE:
Minimum acceptable work experience requirements: All candidates must have a minimum of five years of relevant information security experience, to align with the minimum experience requirements for a QSA. This experience must cover at least one year each in application security, information systems security, network security, IT security auditing, and information security risk assessment or risk management. At least two years’ experience working with PCI DSS compliance is required, either as an assessor or internally to manage PCI DSS compliance.
SKILLS/KNOWLEDGE/ABILITIES:
Knowledge and experience with consulting, implementing, or supporting PCI DSS and other compliance/assessment efforts including:
Understanding and familiarity with PCI DSS and supporting standards/programs, including but not limited to: PTS, SSF, P2PE, SPoC, MPoC, etc.
Core PCI DSS compliance program elements, such as policy, procedure, training, service provider oversight, device protection, inventory/scope verification, and incident response.
Targeted risk analyses.
SAQs, Report on Compliance template, and other relevant guidance documents and tools provided by the PCI SSC.
Familiarity with industry-standard security and compliance documents/frameworks, such as NIST SP 800-171, NIST CSF, ISO 27001, GLBA and other standards.
Creative problem-solving and customer engagement including:
Collaborating, identifying, and addressing customer needs through relationship building and understanding customer’s business and needs.
Familiarity with Education, Healthcare, and Government institution and their structures, operations, and security needs.
Understanding of information systems, networks, and related security issues.
Communicating in written, verbal, and video formats.
Communicating both quantitative and qualitative analyses.
Creating high-quality deliverables using appropriate business and technical language.
Our benefits package includes medical, dental, vision, HSA and FSA, generous earned time off, 401K/student loan repayment, life insurance & AD&D insurance, employee assistance program, employee stock purchase program, tuition reimbursement, performance-based incentive pay, short- and long-term disability, and a robust wellness program. Click here to learn more about our benefits: LINK.
Nelnet is an Equal Opportunity Employer, complies with Executive Order 11246, and takes affirmative action to ensure that qualified applicants are employed, and that employees are treated during employment, without regard to race, color, religion/creed, national origin, gender, or sex, marital status, age, disability, use of a guide dog or service animal, sexual orientation, military/veteran status, or any other status protected by Federal or State law or local ordinance.
Qualified individuals with disabilities who require reasonable accommodations in order to apply or compete for positions at Nelnet may request such accommodations by contacting Corporate Recruiting at 402-486-5725 or[email protected].
Nelnet is a Drug Free and Tobacco Free Workplace.