Senior Consultant – Cyber Security & PCI Qualified Security Assessor
Remote
Full Time
Experienced
Job Description
Job Title: Senior Consultant – Cyber Security & PCI Qualified Security Assessor
Practice: GRC Advisory
Reports to: Practice Manager / Divisional Director - GRC Advisory
Location: US (with national and international travel)
Purpose of the Role
The Senior Consultant – Cyber Security & PCI Qualified Security Assessor (QSA) plays a key leadership role in delivering high‑quality cyber security and compliance advisory services, with a primary focus on PCI DSS assessments and advisory engagements, supplemented by broader cyber risk, governance, and assurance services.
The role is accountable for leading client engagements end‑to‑end, acting as the senior delivery resource, trusted advisor, and subject matter expert. This includes planning, execution, quality assurance, stakeholder management, and successful close‑out of projects. The Senior Consultant may work independently or lead small project teams and contributes actively to the growth and reputation of the Digital Risk Advisory practice.
Key Responsibilities & Accountabilities
Client Delivery & Engagement Leadership
Knowledge & Experience (Essential)
Information Security & Assurance
Qualifications & Certifications
Essential
Job Title: Senior Consultant – Cyber Security & PCI Qualified Security Assessor
Practice: GRC Advisory
Reports to: Practice Manager / Divisional Director - GRC Advisory
Location: US (with national and international travel)
Purpose of the Role
The Senior Consultant – Cyber Security & PCI Qualified Security Assessor (QSA) plays a key leadership role in delivering high‑quality cyber security and compliance advisory services, with a primary focus on PCI DSS assessments and advisory engagements, supplemented by broader cyber risk, governance, and assurance services.
The role is accountable for leading client engagements end‑to‑end, acting as the senior delivery resource, trusted advisor, and subject matter expert. This includes planning, execution, quality assurance, stakeholder management, and successful close‑out of projects. The Senior Consultant may work independently or lead small project teams and contributes actively to the growth and reputation of the Digital Risk Advisory practice.
Key Responsibilities & Accountabilities
Client Delivery & Engagement Leadership
- Lead cyber security and PCI DSS client engagements from initiation through delivery and closure.
- Act as the primary point of contact for clients during assigned engagements, ensuring clear communication, scope control, and expectation management.
- Deliver high‑quality, concise, and actionable reports suitable for technical teams, senior management, and executive stakeholders.
- Apply judgement and experience to complex risk and compliance issues, ensuring pragmatic and proportionate recommendations.
- Perform PCI DSS assessments in line with PCI SSC requirements, including:
- Scoping and gap assessments
- On‑site and remote assessments
- Completion of SAQs, Reports on Compliance (ROC), and Attestations of Compliance (AOC)
- Provide expert advice on PCI DSS control implementation, compensating controls, and remediation planning.
- Support clients in achieving and maintaining PCI DSS compliance across complex environments.
- Stay current with PCI DSS standard updates, guidance, and assessor program requirements.
- Deliver broader cyber security advisory services including:
- Information security risk assessments and business impact analysis
- Governance, risk, and compliance (GRC) assessments
- Framework‑based assessments (e.g. ISO/IEC 27001, ISO/IEC 42001, NIST CSF, NIST 800-53, SOC 2, HIPPA, SABSA, COBIT)
- Cyber supply chain security and third‑party risk assessments
- Advise clients on the design and improvement of cyber security strategies, policies, and control environments.
- Investigate significant security incidents or control failures and recommend control improvements.
- Take responsibility for quality assurance of own work and contributions from junior team members.
- Ensure delivery is compliant with internal methodologies, standards, and contractual requirements.
- Participate in peer reviews, knowledge sharing, and continuous improvement of consulting practices and assets.
- Identify and nurture commercial opportunities during engagements and contribute to account growth.
- Support pre‑sales activities including proposal writing, tender responses, and client presentations.
- Act as a mentor to consultants and junior team members, supporting their professional and technical development.
- Contribute to internal training, capability development, and thought leadership activities.
- Successful delivery of cyber security and PCI DSS engagements to time, quality, and budget
- Client satisfaction and trusted‑advisor status
- Identification and support of new commercial opportunities
- Effective stakeholder engagement and team leadership
- Contribution to practice capability, knowledge sharing, and mentoring
- Willingness to travel nationally and internationally
- Business‑level English (fluent)
- Additional languages desirable
Knowledge & Experience (Essential)
- Minimum 2+ years’ experience as a PCI DSS Qualified Security Assessor (QSA) delivering PCI DSS engagements.
- Proven experience leading or independently delivering consulting engagements in cyber security or information risk.
- Strong experience completing PCI DSS deliverables including SAQs, ROCs, and AOCs.
- Experience advising clients on scoping, remediation, and ongoing compliance strategies.
- Demonstrable experience working with at least two major security frameworks (e.g. PCI DSS, ISO/IEC 27001, ISO/IEC 42001, NIST CSF, NIST 800-53, SABSA, COBIT).
- Experience communicating complex cyber security concepts to both technical and non‑technical stakeholders, including senior management and boards.
Information Security & Assurance
- Conducts cyber security risk assessments, vulnerability analysis, and business impact assessments.
- Interprets and applies security and assurance policies, standards, and regulatory requirements.
- Investigates significant security control failures or incidents and recommends improvements.
- Builds and maintains strong, long‑term client relationships.
- Leads stakeholder engagement strategies and manages complex client environments.
- Acts confidently as a trusted advisor.
- Leads medium‑scale consulting projects with direct business impact.
- Manages scope, resources, risks, and quality to achieve successful outcomes.
- Uses appropriate delivery approaches (predictive or agile).
- Identifies sales opportunities and contributes to pipeline development.
- Supports pre‑sales and proposal activities.
- Understands client business drivers and market context.
Qualifications & Certifications
Essential
- PCI DSS Qualified Security Assessor (QSA) – current and in good standing
- ISO/IEC 27001 Lead Auditor / Implementer
- NIST CSF, NIST 800-53 certifications
- CISSP,
- CISM,
- CISA,
- ISO/IEC 42001 Lead Implementer
- SOC2,
- HIPPA,
- CRISC,
- Security+, Network +
- Bachelor’s Degree, or equivalent professional experience
- Client‑centric and committed to excellence in service delivery
- Confident, professional, and credible under pressure
- Strong integrity, impartiality, and ethical standards
- Results‑focused with strong problem‑solving skills
- Adaptable, collaborative, and open to change
- Proactive self‑manager and mentor to others
- Strategic thinker who can link long‑term objectives with day‑to‑day delivery
Apply for this position
Required*