Senior Consultant – PCI Qualified Security Assessor

Remote RoleRole PurposeThe Senior Consultant – Cyber Security & PCI Qualified Security Assessor (QSA) is a senior delivery and trusted-advisor role within our GRC Advisory practice, accountable for leading high-quality cyber security and compliance engagements with a primary focus on PCI DSS, supplemented by broader cyber risk, governance, and assurance services.The role leads client engagements end-to-end—planning, execution, quality assurance, stakeholder management, and close-out—working independently or leading small project teams. The Senior Consultant contributes actively to the growth, capability, and reputation of the practice.Key Responsibilities & AccountabilitiesClient Delivery & Engagement LeadershipLead cyber security and PCI DSS client engagements from initiation through delivery and closureAct as primary client point of contact, ensuring clear communication, scope control, and expectation managementDeliver high-quality, concise, and actionable reports suitable for technical teams, senior management, and executive stakeholdersApply judgement and experience to complex risk and compliance issues, ensuring pragmatic, proportionate recommendationsPCI DSS & QSA ResponsibilitiesPerform PCI DSS assessments in line with PCI SSC requirements, including:Scoping and gap assessmentsOn-site and remote assessmentsCompletion of SAQs, Reports on Compliance (ROC), and Attestations of Compliance (AOC)Provide expert advice on PCI DSS control implementation, compensating controls, and remediation planningSupport clients in achieving and maintaining PCI DSS compliance across complex environmentsStay current with PCI DSS standard updates, guidance, and assessor program requirementsCyber Security & Risk AdvisoryDeliver broader cyber security advisory services, including:Information security risk assessments and business impact analysisGovernance, risk, and compliance (GRC) assessmentsFramework-based assessments (e.g. ISO/IEC 27001, ISO/IEC 42001, NIST CSF, NIST 800-53, SOC 2, HIPAA, SABSA, COBIT)Cyber supply chain security and third-party risk assessmentsAdvise clients on the design and improvement of cyber security strategies, policies, and control environmentsInvestigate significant security incidents or control failures and recommend control improvementsQuality, Assurance & Professional PracticeTake responsibility for quality assurance of own work and contributions from junior team membersEnsure delivery is compliant with internal methodologies, standards, and contractual requirementsParticipate in peer reviews, knowledge sharing, and continuous improvement of consulting practices and assetsCommercial & Practice ContributionIdentify and nurture commercial opportunities during engagements and contribute to account growthSupport pre-sales activities including proposal writing, tender responses, and client presentationsMentor consultants and junior team members, supporting their professional and technical developmentContribute to internal training, capability development, and thought leadership activitiesKey Performance IndicatorsSuccessful delivery of cyber security and PCI DSS engagements to time, quality, and budgetClient satisfaction and trusted-advisor statusIdentification and support of new commercial opportunitiesEffective stakeholder engagement and team leadershipContribution to practice capability, knowledge sharing, and mentoringPerson SpecificationKnowledge & Experience (Essential)Minimum 2+ years' experience as a PCI DSS Qualified Security Assessor (QSA) delivering PCI DSS engagementsProven experience leading or independently delivering consulting engagements in cyber security or information riskStrong experience completing PCI DSS deliverables including SAQs, ROCs, and AOCsExperience advising clients on scoping, remediation, and ongoing compliance strategiesDemonstrable experience working with at least two major security frameworks (e.g. PCI DSS, ISO/IEC 27001, ISO/IEC 42001, NIST CSF, NIST 800-53, SABSA, COBIT)Experience communicating complex cyber security concepts to both technical and non-technical stakeholders, including senior management and boardsSkills & AbilitiesInformation Security & AssuranceConducts cyber security risk assessments, vulnerability analysis, and business impact assessmentsInterprets and applies security and assurance policies, standards, and regulatory requirementsInvestigates significant security control failures or incidents and recommends improvementsStakeholder & Relationship ManagementBuilds and maintains strong, long-term client relationshipsLeads stakeholder engagement strategies and manages complex client environmentsActs confidently as a trusted advisorProject ManagementLeads medium-scale consulting projects with direct business impactManages scope, resources, risks, and quality to achieve successful outcomesUses appropriate delivery approaches (predictive or agile)Commercial AwarenessIdentifies sales opportunities and contributes to pipeline developmentSupports pre-sales and proposal activitiesUnderstands client business drivers and market contextQualifications & CertificationsEssentialDesirablePCI DSS Qualified Security Assessor (QSA) – current and in good standingISO/IEC 27001 Lead Auditor or Lead ImplementerNIST CSF / NIST 800-53 working knowledge or certificationOne or more of: CISSP, CISM, or CISABachelor's degree, or equivalent professional experienceISO/IEC 42001 Lead ImplementerSOC 2 audit experienceHIPAA experienceCRISCSecurity+ / Network+Travel & Language RequirementsWillingness to travel nationally and internationallyBusiness-level fluency in EnglishAdditional languages desirablePersonal Qualities & BehavioursClient-centric and committed to excellence in service deliveryConfident, professional, and credible under pressureStrong integrity, impartiality, and ethical standardsResults-focused with strong problem-solving skillsAdaptable, collaborative, and open to changeProactive self-manager and mentor to othersStrategic thinker who connects long-term objectives with day-to-day deliveryPowered by JazzHReei7SwhWG6