Senior Consultant – PCI Qualified Security Assessor

<div style="border-bottom:solid #2e75b6 1pt;padding:0in 0in 4pt 0in;"><span style="font-size:11pt;"><span style="font-family:Calibri, sans-serif;"><b><span style="font-size:14pt;"><span style="color:#1f3864;">Remote Role <br><br>Role Purpose</span></span></b></span></span></div><span style="font-size:11pt;"><span style="line-height:125%;"><span style="font-family:Calibri, sans-serif;">The Senior Consultant – Cyber Security & PCI Qualified Security Assessor (QSA) is a senior delivery and trusted-advisor role within our GRC Advisory practice, accountable for leading high-quality cyber security and compliance engagements with a primary focus on PCI DSS, supplemented by broader cyber risk, governance, and assurance services.</span></span></span><br><span style="font-size:11pt;"><span style="line-height:125%;"><span style="font-family:Calibri, sans-serif;">The role leads client engagements end-to-end—planning, execution, quality assurance, stakeholder management, and close-out—working independently or leading small project teams. The Senior Consultant contributes actively to the growth, capability, and reputation of the practice.</span></span></span><div style="border-bottom:solid #2e75b6 1pt;padding:0in 0in 4pt 0in;"><span style="font-size:11pt;"><span style="font-family:Calibri, sans-serif;"><b><span style="font-size:14pt;"><span style="color:#1f3864;">Key Responsibilities & Accountabilities</span></span></b></span></span></div><span style="font-size:11pt;"><span style="font-family:Calibri, sans-serif;"><b><span style="font-size:12pt;"><span style="color:#1f3864;">Client Delivery & Engagement Leadership</span></span></b></span></span><ul style="margin-bottom:5px;"><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Lead cyber security and PCI DSS client engagements from initiation through delivery and closure.</span></span></span></li><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Act as primary client point of contact, ensuring clear communication, scope control, and expectation management.</span></span></span></li><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Deliver high-quality, concise, and actionable reports suitable for technical teams, senior management, and executive stakeholders.</span></span></span></li><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Apply judgement and experience to complex risk and compliance issues, ensuring pragmatic, proportionate recommendations.</span></span></span></li></ul><span style="font-size:11pt;"><span style="font-family:Calibri, sans-serif;"><b><span style="font-size:12pt;"><span style="color:#1f3864;">PCI DSS & QSA Responsibilities</span></span></b></span></span><ul style="margin-bottom:5px;"><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Perform PCI DSS assessments in line with PCI SSC requirements, including:</span></span></span><ul><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Scoping and gap assessments</span></span></span></li><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">On-site and remote assessments</span></span></span></li><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Completion of SAQs, Reports on Compliance (ROC), and Attestations of Compliance (AOC)</span></span></span></li></ul></li><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Provide expert advice on PCI DSS control implementation, compensating controls, and remediation planning.</span></span></span></li><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Support clients in achieving and maintaining PCI DSS compliance across complex environments.</span></span></span></li><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Stay current with PCI DSS standard updates, guidance, and assessor program requirements.</span></span></span></li></ul><span style="font-size:11pt;"><span style="font-family:Calibri, sans-serif;"><b><span style="font-size:12pt;"><span style="color:#1f3864;">Cyber Security & Risk Advisory</span></span></b></span></span><ul style="margin-bottom:5px;"><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Deliver broader cyber security advisory services, including:</span></span></span><ul><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Information security risk assessments and business impact analysis</span></span></span></li><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Governance, risk, and compliance (GRC) assessments</span></span></span></li><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Framework-based assessments (e.g. ISO/IEC 27001, ISO/IEC 42001, NIST CSF, NIST 800-53, SOC 2, HIPAA, SABSA, COBIT)</span></span></span></li><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Cyber supply chain security and third-party risk assessments</span></span></span></li></ul></li><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Advise clients on the design and improvement of cyber security strategies, policies, and control environments.</span></span></span></li><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Investigate significant security incidents or control failures and recommend control improvements.</span></span></span></li></ul><span style="font-size:11pt;"><span style="font-family:Calibri, sans-serif;"><b><span style="font-size:12pt;"><span style="color:#1f3864;">Quality, Assurance & Professional Practice</span></span></b></span></span><ul style="margin-bottom:5px;"><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Take responsibility for quality assurance of own work and contributions from junior team members.</span></span></span></li><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Ensure delivery is compliant with internal methodologies, standards, and contractual requirements.</span></span></span></li><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Participate in peer reviews, knowledge sharing, and continuous improvement of consulting practices and assets.</span></span></span></li></ul><span style="font-size:11pt;"><span style="font-family:Calibri, sans-serif;"><b><span style="font-size:12pt;"><span style="color:#1f3864;">Commercial & Practice Contribution</span></span></b></span></span><ul style="margin-bottom:5px;"><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Identify and nurture commercial opportunities during engagements and contribute to account growth.</span></span></span></li><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Support pre-sales activities including proposal writing, tender responses, and client presentations.</span></span></span></li><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Mentor consultants and junior team members, supporting their professional and technical development.</span></span></span></li><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Contribute to internal training, capability development, and thought leadership activities.</span></span></span></li></ul><div style="border-bottom:solid #2e75b6 1pt;padding:0in 0in 4pt 0in;"><span style="font-size:11pt;"><span style="font-family:Calibri, sans-serif;"><b><span style="font-size:14pt;"><span style="color:#1f3864;">Key Performance Indicators</span></span></b></span></span></div><ul style="margin-bottom:5px;"><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Successful delivery of cyber security and PCI DSS engagements to time, quality, and budget.</span></span></span></li><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Client satisfaction and trusted-advisor status.</span></span></span></li><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Identification and support of new commercial opportunities.</span></span></span></li><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Effective stakeholder engagement and team leadership.</span></span></span></li><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Contribution to practice capability, knowledge sharing, and mentoring.</span></span></span></li></ul><div style="border-bottom:solid #2e75b6 1pt;padding:0in 0in 4pt 0in;"><span style="font-size:11pt;"><span style="font-family:Calibri, sans-serif;"><b><span style="font-size:14pt;"><span style="color:#1f3864;">Person Specification</span></span></b></span></span></div><span style="font-size:11pt;"><span style="font-family:Calibri, sans-serif;"><b><span style="font-size:12pt;"><span style="color:#1f3864;">Knowledge & Experience (Essential)</span></span></b></span></span><ul style="margin-bottom:5px;"><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Minimum 2+ years' experience as a PCI DSS Qualified Security Assessor (QSA) delivering PCI DSS engagements.</span></span></span></li><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Proven experience leading or independently delivering consulting engagements in cyber security or information risk.</span></span></span></li><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Strong experience completing PCI DSS deliverables including SAQs, ROCs, and AOCs.</span></span></span></li><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Experience advising clients on scoping, remediation, and ongoing compliance strategies.</span></span></span></li><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Demonstrable experience working with at least two major security frameworks (e.g. PCI DSS, ISO/IEC 27001, ISO/IEC 42001, NIST CSF, NIST 800-53, SABSA, COBIT).</span></span></span></li><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Experience communicating complex cyber security concepts to both technical and non-technical stakeholders, including senior management and boards.</span></span></span></li></ul><span style="font-size:11pt;"><span style="font-family:Calibri, sans-serif;"><b><span style="font-size:12pt;"><span style="color:#1f3864;">Skills & Abilities</span></span></b></span></span><br><span style="font-size:11pt;"><span style="font-family:Calibri, sans-serif;"><b><i><span style="color:#595959;">Information Security & Assurance</span></i></b></span></span><ul style="margin-bottom:5px;"><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Conducts cyber security risk assessments, vulnerability analysis, and business impact assessments.</span></span></span></li><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Interprets and applies security and assurance policies, standards, and regulatory requirements.</span></span></span></li><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Investigates significant security control failures or incidents and recommends improvements.</span></span></span></li></ul><span style="font-size:11pt;"><span style="font-family:Calibri, sans-serif;"><b><i><span style="color:#595959;">Stakeholder & Relationship Management</span></i></b></span></span><ul style="margin-bottom:5px;"><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Builds and maintains strong, long-term client relationships.</span></span></span></li><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Leads stakeholder engagement strategies and manages complex client environments.</span></span></span></li><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Acts confidently as a trusted advisor.</span></span></span></li></ul><span style="font-size:11pt;"><span style="font-family:Calibri, sans-serif;"><b><i><span style="color:#595959;">Project Management</span></i></b></span></span><ul style="margin-bottom:5px;"><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Leads medium-scale consulting projects with direct business impact.</span></span></span></li><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Manages scope, resources, risks, and quality to achieve successful outcomes.</span></span></span></li><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Uses appropriate delivery approaches (predictive or agile).</span></span></span></li></ul><span style="font-size:11pt;"><span style="font-family:Calibri, sans-serif;"><b><i><span style="color:#595959;">Commercial Awareness</span></i></b></span></span><ul style="margin-bottom:5px;"><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Identifies sales opportunities and contributes to pipeline development.</span></span></span></li><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Supports pre-sales and proposal activities.</span></span></span></li><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Understands client business drivers and market context.</span></span></span></li></ul><div style="border-bottom:solid #2e75b6 1pt;padding:0in 0in 4pt 0in;"><span style="font-size:11pt;"><span style="font-family:Calibri, sans-serif;"><b><span style="font-size:14pt;"><span style="color:#1f3864;">Qualifications & Certifications</span></span></b></span></span></div><table class="Table" style="width:6.5in;border-collapse:collapse;border:none;" width="624"><thead><tr><td style="border-bottom:solid #d9d9d9;width:312px;padding:7px 9px 7px 9px;background-color:#eaf1f8;border-top:solid #2e75b6;border-right:none;border-left:none;" valign="top"><span style="font-size:11pt;"><span style="font-family:Calibri, sans-serif;"><b><span style="color:#1f3864;">Essential</span></b></span></span></td><td style="border-bottom:1px solid #d9d9d9;width:312px;padding:7px 9px 7px 9px;background-color:#eaf1f8;border-top:1px solid #595959;border-right:none;border-left:none;" valign="top"><span style="font-size:11pt;"><span style="font-family:Calibri, sans-serif;"><b><span style="color:#1f3864;">Desirable</span></b></span></span></td></tr></thead><tbody><tr><td style="border-bottom:none;width:312px;padding:8px 9px 8px 9px;border-top:none;border-right:none;border-left:none;" valign="top"><ul style="margin-bottom:4px;"><li style="margin-bottom:4px;"><span style="font-size:11pt;"><span style="line-height:108%;"><span style="font-family:Calibri, sans-serif;">PCI DSS Qualified Security Assessor (QSA) – current and in good standing</span></span></span></li><li style="margin-bottom:4px;"><span style="font-size:11pt;"><span style="line-height:108%;"><span style="font-family:Calibri, sans-serif;">ISO/IEC 27001 Lead Auditor or Lead Implementer</span></span></span></li><li style="margin-bottom:4px;"><span style="font-size:11pt;"><span style="line-height:108%;"><span style="font-family:Calibri, sans-serif;">NIST CSF / NIST 800-53 working knowledge or certification</span></span></span></li><li style="margin-bottom:4px;"><span style="font-size:11pt;"><span style="line-height:108%;"><span style="font-family:Calibri, sans-serif;">One or more of: CISSP, CISM, or CISA</span></span></span></li><li style="margin-bottom:4px;"><span style="font-size:11pt;"><span style="line-height:108%;"><span style="font-family:Calibri, sans-serif;">Bachelor's degree, or equivalent professional experience</span></span></span></li></ul></td><td style="border-bottom:1px #FFFFFF;width:312px;padding:8px 9px 8px 9px;border-top:none;border-right:1px #FFFFFF;border-left:none;" valign="top"><ul style="margin-bottom:4px;"><li style="margin-bottom:4px;"><span style="font-size:11pt;"><span style="line-height:108%;"><span style="font-family:Calibri, sans-serif;">ISO/IEC 42001 Lead Implementer</span></span></span></li><li style="margin-bottom:4px;"><span style="font-size:11pt;"><span style="line-height:108%;"><span style="font-family:Calibri, sans-serif;">SOC 2 audit experience</span></span></span></li><li style="margin-bottom:4px;"><span style="font-size:11pt;"><span style="line-height:108%;"><span style="font-family:Calibri, sans-serif;">HIPAA experience</span></span></span></li><li style="margin-bottom:4px;"><span style="font-size:11pt;"><span style="line-height:108%;"><span style="font-family:Calibri, sans-serif;">CRISC</span></span></span></li><li style="margin-bottom:4px;"><span style="font-size:11pt;"><span style="line-height:108%;"><span style="font-family:Calibri, sans-serif;">Security+ / Network+</span></span></span></li></ul></td></tr></tbody></table><div style="border-bottom:solid #2e75b6 1pt;padding:0in 0in 4pt 0in;"><span style="font-size:11pt;"><span style="font-family:Calibri, sans-serif;"><b><span style="font-size:14pt;"><span style="color:#1f3864;">Travel & Language Requirements</span></span></b></span></span></div><ul style="margin-bottom:5px;"><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Willingness to travel nationally and internationally.</span></span></span></li><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Business-level fluency in English.</span></span></span></li><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Additional languages desirable.</span></span></span></li></ul><div style="border-bottom:solid #2e75b6 1pt;padding:0in 0in 4pt 0in;"><span style="font-size:11pt;"><span style="font-family:Calibri, sans-serif;"><b><span style="font-size:14pt;"><span style="color:#1f3864;">Personal Qualities & Behaviours</span></span></b></span></span></div><ul style="margin-bottom:5px;"><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Client-centric and committed to excellence in service delivery.</span></span></span></li><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Confident, professional, and credible under pressure.</span></span></span></li><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Strong integrity, impartiality, and ethical standards.</span></span></span></li><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Results-focused with strong problem-solving skills.</span></span></span></li><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Adaptable, collaborative, and open to change.</span></span></span></li><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Proactive self-manager and mentor to others.</span></span></span></li><li style="margin-bottom:5px;"><span style="font-size:11pt;"><span style="line-height:116%;"><span style="font-family:Calibri, sans-serif;">Strategic thinker who connects long-term objectives with day-to-day delivery.</span></span></span></li></ul>

Back to blog