The Bonadio Group

  • QSA Specialist

    Job Locations US-NY-Pittsford
    Posted Date 2 weeks ago(4/10/2018 4:38 PM)
    # of Openings
    IT Audit/ Risk Managment
  • Overview

    We have a tremendous opportunity for a senior level client service professional to work as a Qualified Security Assessor in the Enterprise Risk Management (ERM) team in several locations to include: Albany, NY, Rochester, NY, and/or Syracuse, NY.  This hands-on role would involve technical security assessments of applications and infrastructure, security design reviews as well as risk assessments.  A qualified applicant would have strong technical skills from the hardware to the application layer. 


    • Performing mid and large IT and information security risk and compliance assessments, PCI engagements, audits, gap analyses, and remediation
    • Actively lead projects in the areas of PCI-DSS and PA-DSS

    • Communicating with project stakeholders to effectively convey requirements of technical and process improvements
    • Develop customized policies, procedures and controls, disaster recovery plans and technical documentation for applications, systems and infrastructure
    • Possess an in-depth knowledge of IT security and various frameworks (i.e CobiT, NIST, ISO etc.)
    • Experience in managing policy exceptions, including working directly with the teams to document exceptions, identify compensating controls and remediation action plans



    • Compliance: regulatory, privacy, international laws and statutory requirements.
    • Risk: risk frameworks, maturity models, and enterprise IT security risk methodologies.
    • Governance: vendor management, policy frameworks, control design and security design/architecture.
    • Security architecture: infrastructure, network and systems design.
    • Knowledge of and hands-on experience with PCI audits and PCI attestations.


    • Communicate effectively across business and technical boundaries.
    • Work independently without detailed guidance.
    • Be proficient in writing executive level reports and technical documentation.

    Education and Experience:

    • Must be PCI-QSA (Qualified Security Assessor) certified or have held the certification within the last three years.
    • At least one other Security, Risk or IT certification (i.e. CobiT, CRISC, CISA, CISM, CISSP, or ISO 27001) achieved.
    • Minimum of an Associates Degree (AS).  BS degree is a plus
    • 4+ years of experience in the Cyber Security, Information Assurance, Enterprise Risk or Compliance field.


    • This is a full-time opportunity located in Pittsford, New York.
    • Frequent travel to client locations is required.
    • Office hours are 8am - 5pm.  Our summer hours are 8:00am – 5:00pm Mon-Th; 8am – 12pm Fri.  The ability to work additional hours during peak time is critical.

    The Bonadio Group is one of upstate New York’s largest, most respected and fastest growing independent CPA and Financial Services firm. We are consistently rated as a “Top 40 CPA Firm” and one of the “Best Accounting Firms to Work For”, in the country! When you join The Bonadio Group, you’ll get the opportunity to work with great people and great clients and make a difference.  With our notable mentoring and training programs, you’ll be able to tackle more interesting issues; and with our local and national presence, you’ll get a chance to work with more interesting people.  Best of all, you’ll get an opportunity to work with great people, great clients, and make a difference.


    We are an Equal Opportunity/Affirmative Action Employer


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed