1. Summary
As part of our ongoing commitment to securing cardholder data and maintaining compliance with the Payment Card Industry Data Security Standard (PCI-DSS), our organization conducts a regular self-assessment using the appropriate Self-Assessment Questionnaire (SAQ). This process is essential for identifying any gaps in our current security posture and ensuring adherence to the 12 core PCI-DSS requirements.
While internal teams have historically managed this process, the increasing complexity of the PCI-DSS requirements—along with evolving business operations, technologies, and threat landscapes—necessitates additional expert input. Specifically, we seek to ensure that the interpretation of each control is accurate, remediation plans are appropriately defined, and the assessment is as robust and risk-aligned as possible.
To support this initiative, we are seeking to engage an external consultant with proven expertise in PCI-DSS compliance. The consultant will bring a fresh perspective and specialized knowledge to help us critically analyze our current SAQ submission, validate responses, provide actionable recommendations, and assist in developing a roadmap for addressing any identified deficiencies.
This engagement will not only help affirm our compliance posture but will also contribute to a more mature, secure, and audit-ready payment environment.
2. Output Indicator
| Output |
Indicator |
Target |
| Review and analyze the current PCI-DSS Self-Assessment Questionnaire (SAQ) |
Assess the completeness, accuracy, and alignment of SAQ responses with actual technical and procedural controls. |
100% - September 2025 |
| Validate the interpretation of PCI-DSS requirements |
Ensure that internal understanding of control applicability is consistent with PCI-DSS guidance and industry best practices. |
|
| Identify gaps or areas of non-compliance |
Provide a detailed analysis of control deficiencies, supporting evidence, and risk implications. |
|
| Recommend practical remediation actions |
Offer prioritized, actionable guidance for addressing any identified weaknesses or control gaps. |
|
| Support audit readiness and continuous improvement |
Help position the organization for a successful compliance review and contribute to the overall enhancement of our security and compliance posture. |
|
| Reducing SAQ scoping to SAQ-A |
Help shifting scoping to SAQ-A |
|
| Issuance of Self-Assessment Questionnaire (SAQ), Attestation of Compliance (AOC) and Certificate of Compliance (COC) |
Release the final SAQ, AOC and COC to the WV Indonesia with all the necessary evidence collected for retention purpose. |
|
3. Consultant Qualification
- Professional Certification(s): Certified PCI Professional (PCIP), Qualified Security Assessor (QSA), or other relevant industry certifications.
- Demonstrated Experience: At least 3–5 years of hands-on experience supporting PCI-DSS compliance efforts, particularly with SAQ analysis and remediation planning.
- Technical Knowledge: Strong understanding of security controls, network architecture, system configurations, and data protection technologies relevant to PCI-DSS.
- Regulatory Awareness: Familiarity with evolving PCI-DSS standards (e.g., version 4.0) and the ability to interpret complex compliance requirements in a business-appropriate context.
- Analytical and Communication Skills: Ability to evaluate technical documentation and control evidence, provide clear written and verbal recommendations, and interact effectively with both technical and non-technical stakeholders.
- Independence and Objectivity: A track record of providing unbiased, client-focused assessments without conflict of interest.
Here the SOW related to this Project through active linkhttps://drive.google.com/file/d/1SsuH6RqIpHWRoIXqQ69o0VQDH9D2ynEi/view?usp=drivesdk
If you are interested on taking part to be the consultant, please do submit proposal at this email address below no later than 31 July 2025:
Email : [email protected]
Phone number : 0811 1901 0825
Only selected candidate will be notified for further process of this open tender