Security Advisor - CampusGuard

Nelnet is a diversified and innovative company committed to enriching lives through the power of service as a student loan servicer, professional services company, consumer loan originator and servicer, payments processor, renewable energy solutions, and K‑12 and higher education expert. For over 40 years, Nelnet has been serving its customers, associates, and communities.

The perks of working at Nelnet go beyond our benefits package. When you join the Nelnet team, you’re part of a community invested in the success of each individual. That support comes through in our work, as we are united by our mission of creating opportunities for people where they live, learn, and work.

The Security Advisor provides information security and compliance consulting services using accepted standards, frameworks, and best practices including but not limited to PCI DSS, NIST SPs 800-53 and 800-171, NIST CSF, GLBA, CMMC, GDPR, HIPAA, and ISO 27000 series. The Security Advisor will gather and analyze customer information, make remote and/or physical site visits, conduct interviews, make observations, take appropriate notes, perform gap analysis, review evidence and documentation, and complete reports on findings, with remediation and best practice recommendations included where necessary.

Security Advisors also provide ongoing consultation services to customers via recurring and ad-hoc meetings and email communications, and assist with periodic support activities with customers, such as tabletop exercises and facilitating risk assessments, to ensure continued compliance. The Security Advisor provides support to the sales and marketing team in the form of conference attendance/presentations and webinars, collaborates with Customer Relationship Manager (CRM) partners, and performs other tasks as needed/assigned, including but not limited to: time entry, internal meetings, create/revise both internal- and customer-facing documents and tools, and attend training seminars/webinars.

Security Advisors are responsible for assessing and reporting on customer business and technical environments, operations/procedures, administration of infrastructure (from network border to endpoints and everything in-between), and overall compliance programs, as measured against relevant industry standards. A Security Advisor assigned to the PCI Practice will focus primarily on PCI DSS assessments and compliance (including Reports on Compliance), though work to support other service lines, including those within the Information Assurance Practice, can arise periodically.

Customer support of general information security is a shared responsibility between the PCI and Information Assurance Practices. Responsibilities of a Security Advisor assigned to the PCI Practice include, but are not limited to the following:

• Consult both onsite and remotely with customers to collect, review, and analyze data related to current institutional policies, business practices and procedures, network infrastructure, IT system configurations and physical security as they relate to multiple compliance requirements (primarily PCI DSS).
• Performing gap analysis of sampled merchant and service provider environments and overall compliance program/centralized controls.
• Provide in-person or remote PCI DSS orientation sessions to customer finance, merchants, and IT personnel.
• Review requirements with customers’ third-party service providers as necessary to clarify roles and help the customers achieve information security and compliance objectives.
• Make recommendations for remediation steps required to achieve information security and compliance objectives.
• Upon requests from ongoing customers, the Security Advisor may review customer-prepared industry reports (such as a PCI Self-Assessment Questionnaire) and provide feedback/guidance to ensure accurate reporting, or in some cases assist the customer with the preparation of the required industry-standard reporting obligations.
• This is a remote work position. Candidate must be able to work in a home office environment with minimal supervision.
• Ability to travel required (potentially up to 50%).

• Perform gap…