Information Security Consultant / Senior / Principal – PCI QSA
An exciting, well established and market leading Security consultancy are looking for experienced Information Security Consultants – ideally PCI QSA certified with a deep passion for InfoSec.
This awards winning provider of cyber security, compliance, infrastructure and incident response services to organisations globally always go the extra mile to provide clients with an excellent security service experience.
As an Information Security Consultant it is desirable to be qualified as a PCI QSA, with experience within various information security standards and frameworks, e.g.
- ISO/IEC 27001:2013;
- Department of Financial Services (DFS) 23 NYCRR 500;
This is a home based and high-profile client facing role, with a requirement to be delivering on client sites.
You will be involved in guiding and leading clients with a range of security work including cyber strategy, risk assessments, security assessment, secure network and system architecture design and awareness training. You will be able to lead others and be an authority on cyber security practices and principals.
As a consultancy role, you must deliver with the business objectives at the forefront of all recommendations for alignment and enhancement of current business operations, against the appropriate industry security standard.
- Solid understanding of risk, threats and vulnerabilities
- 5+ years’ experience within security disciplines
- Solid grasp of technical subjects around networks, servers, databases and software applications
- Demonstrated thought leadership and the ability to influence, shape and guide security programmes and business owners
- Ability to communicate clearly, with impact, to both technical and exec/board level staff
- Previous experience in a client-facing consultancy role
- In depth experience of security architecture, design and configurations
- 1+ years’ experience of conducting PCI DSS Assessments, Reports on Compliance (RoC) and Gap Analysis workshops
- Experience and understanding of both offensive (testing) and defence (monitoring & logging) security
- Solid understanding of breach detection and SOC maturity processes/models
- Experience delivering security awareness training
- Experience and understanding of HIPAA and HITRUST
- PCI QSA desirable, PA DSS QSA / P2PE QSA advantageous
If you are without a QSA accreditation it is essential that you have one, or more, of the following qualifications:
- Certified ISO 27001, Lead Auditor, Internal Auditor
- Certified ISO 27001 Lead Implementer
- IRCA ISMS Auditor or higher (e.g., Auditor/Lead Auditor, Principal Auditor)
- GIAC Systems and Network Auditor (GSNA)
- IIA Certified Internal Auditor (CIA).
- Eligibility for UK Security Clearance required
Position is UK home based