Senior Consultant – Cyber Security & PCI Qualified Security Assessor
Remote
Full Time
Experienced
Remote Role
Role Purpose
The Senior Consultant – Cyber Security & PCI Qualified Security Assessor (QSA) is a senior delivery and trusted-advisor role within our GRC Advisory practice, accountable for leading high-quality cyber security and compliance engagements with a primary focus on PCI DSS, supplemented by broader cyber risk, governance, and assurance services.Role Purpose
The role leads client engagements end-to-end—planning, execution, quality assurance, stakeholder management, and close-out—working independently or leading small project teams. The Senior Consultant contributes actively to the growth, capability, and reputation of the practice.
Key Responsibilities & Accountabilities
Client Delivery & Engagement Leadership- Lead cyber security and PCI DSS client engagements from initiation through delivery and closure.
- Act as primary client point of contact, ensuring clear communication, scope control, and expectation management.
- Deliver high-quality, concise, and actionable reports suitable for technical teams, senior management, and executive stakeholders.
- Apply judgement and experience to complex risk and compliance issues, ensuring pragmatic, proportionate recommendations.
- Perform PCI DSS assessments in line with PCI SSC requirements, including:
- Scoping and gap assessments
- On-site and remote assessments
- Completion of SAQs, Reports on Compliance (ROC), and Attestations of Compliance (AOC)
- Provide expert advice on PCI DSS control implementation, compensating controls, and remediation planning.
- Support clients in achieving and maintaining PCI DSS compliance across complex environments.
- Stay current with PCI DSS standard updates, guidance, and assessor program requirements.
- Deliver broader cyber security advisory services, including:
- Information security risk assessments and business impact analysis
- Governance, risk, and compliance (GRC) assessments
- Framework-based assessments (e.g. ISO/IEC 27001, ISO/IEC 42001, NIST CSF, NIST 800-53, SOC 2, HIPAA, SABSA, COBIT)
- Cyber supply chain security and third-party risk assessments
- Advise clients on the design and improvement of cyber security strategies, policies, and control environments.
- Investigate significant security incidents or control failures and recommend control improvements.
- Take responsibility for quality assurance of own work and contributions from junior team members.
- Ensure delivery is compliant with internal methodologies, standards, and contractual requirements.
- Participate in peer reviews, knowledge sharing, and continuous improvement of consulting practices and assets.
- Identify and nurture commercial opportunities during engagements and contribute to account growth.
- Support pre-sales activities including proposal writing, tender responses, and client presentations.
- Mentor consultants and junior team members, supporting their professional and technical development.
- Contribute to internal training, capability development, and thought leadership activities.
Key Performance Indicators
- Successful delivery of cyber security and PCI DSS engagements to time, quality, and budget.
- Client satisfaction and trusted-advisor status.
- Identification and support of new commercial opportunities.
- Effective stakeholder engagement and team leadership.
- Contribution to practice capability, knowledge sharing, and mentoring.
Person Specification
Knowledge & Experience (Essential)- Minimum 2+ years' experience as a PCI DSS Qualified Security Assessor (QSA) delivering PCI DSS engagements.
- Proven experience leading or independently delivering consulting engagements in cyber security or information risk.
- Strong experience completing PCI DSS deliverables including SAQs, ROCs, and AOCs.
- Experience advising clients on scoping, remediation, and ongoing compliance strategies.
- Demonstrable experience working with at least two major security frameworks (e.g. PCI DSS, ISO/IEC 27001, ISO/IEC 42001, NIST CSF, NIST 800-53, SABSA, COBIT).
- Experience communicating complex cyber security concepts to both technical and non-technical stakeholders, including senior management and boards.
Information Security & Assurance
- Conducts cyber security risk assessments, vulnerability analysis, and business impact assessments.
- Interprets and applies security and assurance policies, standards, and regulatory requirements.
- Investigates significant security control failures or incidents and recommends improvements.
- Builds and maintains strong, long-term client relationships.
- Leads stakeholder engagement strategies and manages complex client environments.
- Acts confidently as a trusted advisor.
- Leads medium-scale consulting projects with direct business impact.
- Manages scope, resources, risks, and quality to achieve successful outcomes.
- Uses appropriate delivery approaches (predictive or agile).
- Identifies sales opportunities and contributes to pipeline development.
- Supports pre-sales and proposal activities.
- Understands client business drivers and market context.
Qualifications & Certifications
| Essential | Desirable |
|
|
Travel & Language Requirements
- Willingness to travel nationally and internationally.
- Business-level fluency in English.
- Additional languages desirable.
Personal Qualities & Behaviours
- Client-centric and committed to excellence in service delivery.
- Confident, professional, and credible under pressure.
- Strong integrity, impartiality, and ethical standards.
- Results-focused with strong problem-solving skills.
- Adaptable, collaborative, and open to change.
- Proactive self-manager and mentor to others.
- Strategic thinker who connects long-term objectives with day-to-day delivery.
Apply for this position
Required*