Job Description

Remote Role 

Role Purpose

The Senior Consultant – Cyber Security & PCI Qualified Security Assessor (QSA) is a senior delivery and trusted-advisor role within our GRC Advisory practice, accountable for leading high-quality cyber security and compliance engagements with a primary focus on PCI DSS, supplemented by broader cyber risk, governance, and assurance services.
The role leads client engagements end-to-end—planning, execution, quality assurance, stakeholder management, and close-out—working independently or leading small project teams. The Senior Consultant contributes actively to the growth, capability, and reputation of the practice.

Key Responsibilities & Accountabilities

Client Delivery & Engagement Leadership

• Lead cyber security and PCI DSS client engagements from initiation through delivery and closure.
• Act as primary client point of contact, ensuring clear communication, scope control, and expectation management.
• Deliver high-quality, concise, and actionable reports suitable for technical teams, senior management, and executive stakeholders.
• Apply judgement and experience to complex risk and compliance issues, ensuring pragmatic, proportionate recommendations.

PCI DSS & QSA Responsibilities

• Perform PCI DSS assessments in line with PCI SSC requirements, including:
  • Scoping and gap assessments
  • On-site and remote assessments
  • Completion of SAQs, Reports on Compliance (ROC), and Attestations of Compliance (AOC)
• Provide expert advice on PCI DSS control implementation, compensating controls, and remediation planning.
• Support clients in achieving and maintaining PCI DSS compliance across complex environments.
• Stay current with PCI DSS standard updates, guidance, and assessor program requirements.

Cyber Security & Risk Advisory

• Deliver broader cyber security advisory services, including:
  • Information security risk assessments and business impact analysis
  • Governance, risk, and compliance (GRC) assessments
  • Framework-based assessments (e.g. ISO/IEC 27001, ISO/IEC 42001, NIST CSF, NIST 800-53, SOC 2, HIPAA, SABSA, COBIT)
  • Cyber supply chain security and third-party risk assessments
• Advise clients on the design and improvement of cyber security strategies, policies, and control environments.
• Investigate significant security incidents or control failures and recommend control improvements.

Quality, Assurance & Professional Practice

• Take responsibility for quality assurance of own work and contributions from junior team members.
• Ensure delivery is compliant with internal methodologies, standards, and contractual requirements.
• Participate in peer reviews, knowledge sharing, and continuous improvement of consulting practices and assets.

Commercial & Practice Contribution

• Identify and nurture commercial opportunities during engagements and contribute to account growth.
• Support pre-sales activities including proposal writing, tender responses, and client presentations.
• Mentor consultants and junior team members, supporting their professional and technical development.
• Contribute to internal training, capability development, and thought leadership activities.

Key Performance Indicators

• Successful delivery of cyber security and PCI DSS engagements to time, quality, and budget.
• Client satisfaction and trusted-advisor status.
• Identification and support of new commercial opportunities.
• Effective stakeholder engagement and team leadership.
• Contribution to practice capability, knowledge sharing, and mentoring.

Person Specification

Knowledge & Experience (Essential)

• Minimum 2+ years' experience as a PCI DSS Qualified Security Assessor (QSA) delivering PCI DSS engagements.
• Proven experience leading or independently delivering consulting engagements in cyber security or information risk.
• Strong experience completing PCI DSS deliverables including SAQs, ROCs, and AOCs.
• Experience advising clients on scoping, remediation, and ongoing compliance strategies.
• Demonstrable experience working with at least two major security frameworks (e.g. PCI DSS, ISO/IEC 27001, ISO/IEC 42001, NIST CSF, NIST 800-53, SABSA, COBIT).
• Experience communicating complex cyber security concepts to both technical and non-technical stakeholders, including senior management and boards.

Skills & Abilities
Information Security & Assurance

• Conducts cyber security risk assessments, vulnerability analysis, and business impact assessments.
• Interprets and applies security and assurance policies, standards, and regulatory requirements.
• Investigates significant security control failures or incidents and recommends improvements.

Stakeholder & Relationship Management

• Builds and maintains strong, long-term client relationships.
• Leads stakeholder engagement strategies and manages complex client environments.
• Acts confidently as a trusted advisor.

Project Management

• Leads medium-scale consulting projects with direct business impact.
• Manages scope, resources, risks, and quality to achieve successful outcomes.
• Uses appropriate delivery approaches (predictive or agile).

Commercial Awareness

• Identifies sales opportunities and contributes to pipeline development.
• Supports pre-sales and proposal activities.
• Understands client business drivers and market context.

Qualifications & Certifications

Essential	Desirable
PCI DSS Qualified Security Assessor (QSA) – current and in good standing ISO/IEC 27001 Lead Auditor or Lead Implementer NIST CSF / NIST 800-53 working knowledge or certification One or more of: CISSP, CISM, or CISA Bachelor's degree, or equivalent professional experience	ISO/IEC 42001 Lead Implementer SOC 2 audit experience HIPAA experience CRISC Security+ / Network+

Travel & Language Requirements

• Willingness to travel nationally and internationally.
• Business-level fluency in English.
• Additional languages desirable.

Personal Qualities & Behaviours

• Client-centric and committed to excellence in service delivery.
• Confident, professional, and credible under pressure.
• Strong integrity, impartiality, and ethical standards.
• Results-focused with strong problem-solving skills.
• Adaptable, collaborative, and open to change.
• Proactive self-manager and mentor to others.
• Strategic thinker who connects long-term objectives with day-to-day delivery.

Job Tags

Full time, Remote work

Similar Jobs