Senior Security Consultant (QSA)

Claranet Cyber Security is in the process of growing the governance, risk and compliance (GRC) team within the business. GRC team members work on a variety of clients ranging from smaller merchants to larger merchants and service providers. Work carried out by the GRC team can include; PCI DSS engagement (PCI DSS consultancy to full onsite PCI DSS assessment), ISO 27001 consultancy, Cyber Security Assessments and Risk Assessment work. Additional, bespoke pieces of work can also be carried out to cater for client's individual needs. The GRC team may also support other Claranet units' efforts where there are some cross-selling opportunities.

As a Security Consultant within the Claranet Cyber Security GRC team, your primary role will be delivering GRC consultancy to our clients which depending on experience and certifications can include, but not limited to; PCI DSS related consultancy, ISO27001 consultancy and auditing, Cyber Security Assessments, Policy & Procedure Reviews and Data Protection Consultancy. You will compose your findings into a concise report and interact closely with clients to help articulate advice and guidance contained within the final reports. Working within other GRC area's may also be expected new service offerings are developed.

Essential duties & responsibilities

Key duties and responsibilities of this job role can include some or all the following (depending on experience and certifications held):

• Performing PCI DSS consultancy consisting of: cardholder data mapping exercises, gap analysis, de-scoping recommendations/advice and architecture reviews
• Performing internal Report on Compliance assessments (if QSA)
• Performing Q/A reviews of customer reports produced by the GRC team
• Undertaking other customer consultancy / projects; such as ISO27001, Cyber Security Reviews, Risk Assessments, etc. as required
• Communicating within Claranet Cyber Security, the wider Claranet Group and with clients, both orally and in writing
• Assisting with the development and growth of the Security Business Unit GRC team and services offerings
• Assisting with the development of cutting-edge training material for internal and external delivery
• Maintaining CPEs and re-certification requirements for any industry certifications/qualifications required to fulfil dutieS

About the Candidate

• 1+ years' as a QSA (for previous QSAs)
• 3+ ROCs completed (for previous QSAs)
• 3+ years' information technology and network security experience
• 3+ years' experience managing client projects
• 3+ years' information consulting experience

ESSENTIAL QUALIFICATIONS/SKILLS

• Ability to meet the QSA Qualification requirements (for non-QSAs); i.e. CISSP, CISM, CISA, ISO27001 Lead Auditor
• Ability to manage own workload
• Ability to work alone and within a team
• Ability to work to tight deadlines, prioritise and manage workload
• Good numeracy and organisational skills
• Excellent attention to detail
• Excellent communication skills (spoken and written)
• Ability to quickly learn and understand new skills and technologies specific to the Cyber Security industry
• Take own initiate to expand information security knowledge
• Ability to write concise, accurate and timely reports

DESIRABLE QUALIFICATIONS/SKILLS

• Been involved in PCI DSS projects (non-QSA)
• Some ISO 27001 Audit/Implementor Experience
• Any exposure to other audit frameworks; NIST, SOC 2, etc???
• GDPR Experience
• Full UK Driving License

GENERAL REQUIREMENTS

• Willing to travel and conduct information security consultancy work out of normal office hours as required by our clients
• Client facing, able to confidently and professionally represent the company
• Must be self-motivated and able to work in an independent manner
• Excellent written and oral communications skills