My client is a fast-growing cyber security consulting firm that offers a broad range of cyber risk advisory services. They have positioned themselves successfully in the market as they are already industry-leading and award-winning working with government bodies, FTSE 100 companies and other blue-chip brands. They are now expanding the GRC team and are in the market looking for a PCI QSA with a broad cyber risk background.

Responsibilities of Senior Cyber Security Consultant:

• Consulting and Cyber Risk Advisory Services – Conducting gap analysis and risk assessments related to multiple information security frameworks such as PCI DSS, ISO27001 and GDPR and ensuring information risks are adequately addressed with stakeholders (internal and external) at all levels, as required
• Creating professional reports for our clients that detail assessment finding
• Document the information risk management strategy
• Work closely with technical teams and the Qualified Security Assessor (QSA), to ensure correct and common understanding of PCI requirements, provide advice and review technical designs
• Scope, procure and organise regular quarterly vulnerability scans; penetration tests/IT health checks
• Provide advice for the management of risks that you have identified
• Share knowledge, coach and mentor other members of the information services team to raise the bar and maintain the necessary collateral to promote user education & awareness

Experience and Expertise required

• Experience in managing PCI and ISO 27001 compliance
• Knowledge of payment industry regulations/standards: PCI DSS
• Experience of delivering reports to customers and stakeholders on services
• Experience working for a consulting firm is essential
• A broad range of cyber and information security and risk management expertise
• Experience of security architecture and system design and the security controls needed to protect these services and the data that they process and store
• An understanding of the Data Protection Act and GDPR and be experienced in ensuring compliance
• An understanding of UK and international, legal and regulatory requirements that could affect organisational security and assurance policies
• Industry best practices for privacy, security and information risk management
• Experience of information security/application vulnerabilities, their effective treatment/mitigation and the level of risk they introduce

My client is looking to hire the best professionals within the PCI-DSS industry, so if you are looking to take the next step and join a leading team with a great reputation and desirable client list, then this is a role that you should strongly consider!