Skip to main content

Enter Keywords


We have a tremendous opportunity for a senior level client service professional to work as a Qualified Security Assessor in the Enterprise Risk Management (ERM) team in Rochester, NY. This hands-on role would involve technical security assessments of applications and infrastructure, security design reviews as well as risk assessments. A qualified applicant would have strong technical skills from the hardware to the application layer. This is a remote position and can be located anywhere in the US.


  • Performing mid and large IT and information security risk and compliance assessments, PCI engagements, audits, gap analyses, and remediation
  • Actively lead projects in the areas of PCI-DSS and PA-DSS
  • Communicating with project stakeholders to effectively convey requirements of technical and process improvements
  • Develop customized policies, procedures and controls, disaster recovery plans and technical documentation for applications, systems and infrastructure
  • Possess an in-depth knowledge of IT security and various frameworks (i.e CobiT, NIST, ISO etc.)
  • Experience in managing policy exceptions, including working directly with the teams to document exceptions, identify compensating controls and remediation action plans



  • Compliance: regulatory, privacy, international laws and statutory requirements.
  • Risk: risk frameworks, maturity models, and enterprise IT security risk methodologies.
  • Governance: vendor management, policy frameworks, control design and security design/architecture.
  • Security architecture: infrastructure, network and systems design.
  • Knowledge of and hands-on experience with PCI audits and PCI attestations.


  • Communicate effectively across business and technical boundaries.
  • Work independently without detailed guidance.
  • Be proficient in writing executive level reports and technical documentation.

Education and Experience

  • Must be PCI-QSA (Qualified Security Assessor) certified or have held the certification within the last three years.
  • At least one other Security, Risk or IT certification (i.e. CobiT, CRISC, CISA, CISM, CISSP, or ISO 27001) achieved.
  • Minimum of an Associates Degree (AS). BS degree is a plus
  • Minimum 4 years of experience in the Cyber Security, Information Assurance, Enterprise Risk or Compliance field.


  • This is a full-time remote opportunity.
  • Frequent travel to client locations is required.

In the fast-changing accounting industry, FoxPointe Solutions, a division of the Bonadio Group, is always on the cutting edge of growth and innovation. Top-rated employee policies keep our workforce energized and advancing, and because of our many teams and specialty services, we offer more paths to partnership, including non-traditional arrangements. Add to that our robust training and mentoring programs, and the opportunities for growth really add up. Truly, at FoxPointe Solutions, your trajectory is limitless. Get on board, grow with us, and find your path to partnership. Apply today!

We are an Equal Opportunity/Affirmative Action/AA Disability/Veteran Employer


Apply Now