bloomequitypartners1mo ago

Senior Consultant – Cyber Security & PCI Qualified Security Assessor

Remotesenior

OtherConsultant

2 views0 saves0 applied

Apply Now

Quick Summary

Requirements Summary

Scoping and gap assessments On-site and remote assessments Completion of SAQs, Reports on Compliance (ROC),

Technical Tools

OtherConsultant

Remote Role

Role Purpose

The Senior Consultant – Cyber Security & PCI Qualified Security Assessor (QSA) is a senior delivery and trusted-advisor role within our GRC Advisory practice, accountable for leading high-quality cyber security and compliance engagements with a primary focus on PCI DSS, supplemented by broader cyber risk, governance, and assurance services.
The role leads client engagements end-to-end—planning, execution, quality assurance, stakeholder management, and close-out—working independently or leading small project teams. The Senior Consultant contributes actively to the growth, capability, and reputation of the practice.

Key Responsibilities & Accountabilities

Client Delivery & Engagement Leadership

Lead cyber security and PCI DSS client engagements from initiation through delivery and closure.
Act as primary client point of contact, ensuring clear communication, scope control, and expectation management.
Deliver high-quality, concise, and actionable reports suitable for technical teams, senior management, and executive stakeholders.
Apply judgement and experience to complex risk and compliance issues, ensuring pragmatic, proportionate recommendations.

PCI DSS & QSA Responsibilities

Perform PCI DSS assessments in line with PCI SSC requirements, including:
- Scoping and gap assessments
- On-site and remote assessments
- Completion of SAQs, Reports on Compliance (ROC), and Attestations of Compliance (AOC)
Provide expert advice on PCI DSS control implementation, compensating controls, and remediation planning.
Support clients in achieving and maintaining PCI DSS compliance across complex environments.
Stay current with PCI DSS standard updates, guidance, and assessor program requirements.

Cyber Security & Risk Advisory

Deliver broader cyber security advisory services, including:
- Information security risk assessments and business impact analysis
- Governance, risk, and compliance (GRC) assessments
- Framework-based assessments (e.g. ISO/IEC 27001, ISO/IEC 42001, NIST CSF, NIST 800-53, SOC 2, HIPAA, SABSA, COBIT)
- Cyber supply chain security and third-party risk assessments
Advise clients on the design and improvement of cyber security strategies, policies, and control environments.
Investigate significant security incidents or control failures and recommend control improvements.

Quality, Assurance & Professional Practice

Take responsibility for quality assurance of own work and contributions from junior team members.
Ensure delivery is compliant with internal methodologies, standards, and contractual requirements.
Participate in peer reviews, knowledge sharing, and continuous improvement of consulting practices and assets.

Commercial & Practice Contribution

Identify and nurture commercial opportunities during engagements and contribute to account growth.
Support pre-sales activities including proposal writing, tender responses, and client presentations.
Mentor consultants and junior team members, supporting their professional and technical development.
Contribute to internal training, capability development, and thought leadership activities.

Key Performance Indicators

Successful delivery of cyber security and PCI DSS engagements to time, quality, and budget.
Client satisfaction and trusted-advisor status.
Identification and support of new commercial opportunities.
Effective stakeholder engagement and team leadership.
Contribution to practice capability, knowledge sharing, and mentoring.

Person Specification

Knowledge & Experience (Essential)

Minimum 2+ years' experience as a PCI DSS Qualified Security Assessor (QSA) delivering PCI DSS engagements.
Proven experience leading or independently delivering consulting engagements in cyber security or information risk.
Strong experience completing PCI DSS deliverables including SAQs, ROCs, and AOCs.
Experience advising clients on scoping, remediation, and ongoing compliance strategies.
Demonstrable experience working with at least two major security frameworks (e.g. PCI DSS, ISO/IEC 27001, ISO/IEC 42001, NIST CSF, NIST 800-53, SABSA, COBIT).
Experience communicating complex cyber security concepts to both technical and non-technical stakeholders, including senior management and boards.

Skills & Abilities
Information Security & Assurance

Conducts cyber security risk assessments, vulnerability analysis, and business impact assessments.
Interprets and applies security and assurance policies, standards, and regulatory requirements.
Investigates significant security control failures or incidents and recommends improvements.

Stakeholder & Relationship Management

Builds and maintains strong, long-term client relationships.
Leads stakeholder engagement strategies and manages complex client environments.
Acts confidently as a trusted advisor.

Project Management

Leads medium-scale consulting projects with direct business impact.
Manages scope, resources, risks, and quality to achieve successful outcomes.
Uses appropriate delivery approaches (predictive or agile).

Commercial Awareness

Identifies sales opportunities and contributes to pipeline development.
Supports pre-sales and proposal activities.
Understands client business drivers and market context.

Qualifications & Certifications

Essential	Desirable
PCI DSS Qualified Security Assessor (QSA) – current and in good standing ISO/IEC 27001 Lead Auditor or Lead Implementer NIST CSF / NIST 800-53 working knowledge or certification One or more of: CISSP, CISM, or CISA Bachelor's degree, or equivalent professional experience	ISO/IEC 42001 Lead Implementer SOC 2 audit experience HIPAA experience CRISC Security+ / Network+