Skip to main content

Key Responsibilities 

You will be working within our GRC team, you will be expected to plan and deliver a variety of client engagements, with a strong focus on PCI-DSS compliance. You will lead complex PCI projects end to end, while also supporting broader security and compliance initiatives. 

Plan and deliver consultancy engagements including, but not limited to: 

  • PCI-DSS: Leading end-to-end engagements including complex scoping workshops, SAQ and ROC readiness, evidence reviews, ASV scanning, cardholder data discovery, and advising on segmentation, scope reduction, and remediation strategies 
  • Cyber Security Maturity & Gap Assessments: Against ISO 27001, NIST CSF, CIS Controls, SCF, NCSC CAF, TISAX, SWIFT CSP, DORA, and GDPR 
  • vCISO Engagements: Supporting clients with policy development, governance structures, and executive-level reporting 
  • Security Architecture & Secure Development: Reviewing technical controls and secure development practices, including DevOps pipelines and basic cloud architecture 

Work across a range of technologies and environments, including firewalls, IDS/IPS, anti-malware, logging and monitoring, patch/change management, and both on-premises and cloud-based infrastructure (e.g., AWS, Azure) 

Required Experience & qualifications 

  • Minimum 5+ years delivering complex PCI-DSS engagements (ROC, SAQ, ASV, cardholder data discovery) 
  • Strong understanding of common frameworks and standards: ISO27001, NIST CSF, CIS Controls, Cyber Essentials 
  • Required: A valid PCI QSA qualification  
  • Desirable: One or more certifications: CISA, CISM, CISSP, CRISC, ISO27001 Lead Auditor/Implementer 

Scoping & Pre-sales 

  • Collaborate with the sales team to provide domain expertise during the pre-sales process 
  • Participate in sales calls to address client questions and amend scopes as needed 
  • Be competent in assessing incoming scoping requests and produce a clearly defined statement of work in a timely manner 
  • Ensure statements of work are of high quality and bespoke to the client’s needs and clearly define pre-engagement requirements and document classification 

Engagement delivery 

  • Plan and conduct assigned security assessments across a range of consultancy services 
  • Collect context and commercial terms of the engagement, ensuring statement of work is fully understood in advance of assessment start date, collecting pre-engagement requirements and attending kick off calls where required 
  • Work through complex client requirements and resolve conflicts when situations arise 
  • Act as lead consultant for multi-phase and enterprise-scale projects, giving guidance and communicating with the client on behalf of the project team 

Reporting 

  • Produce high-quality, tailored reports that include actionable and risk-prioritised recommendations 
  • Ensure all documentation adheres to internal QA, document classification, and version control policies 
  • Provide technical peer review of colleague deliverables 

Delivery & Debrief 

  • Deliver final agreed outcome to the correct client contact via secure means in a timely manner 
  • Deliver debriefs and findings to a range of technical and non-technical audiences 

Internal Development 

  • Share knowledge and help to upskill the team or build skill through shadowing opportunities, mentoring or training 
  • Support updating of service line collateral where required, including but not limited to: 
  • Methodologies 
  • Guides & process documentation 
  • Sample reports & proposal templates 

Send your CV with a covering email to [email protected]