Qualified Security Assessor (QSA)
GBR Remote
NCC Group
ROLE: Senior Consultant - PAYMENTS (QSA)
Location: UK
Division: Consulting & Implementation (C&I)
Summary of role
NCC Group provides Information Assurance consultancy to help businesses protect critical systems and information. We do this by defining security strategies, developing policies, conducting security maturity and risk assessments, architecture reviews and by delivering security awareness & training. We also provide security expertise to businesses to provide an on-demand cyber capability in the short, medium or long term to solve pressing business cyber orientated problems and challenges.
Our core services include:
- Strategy and governance
- On-demand augmentation roles
- Data discovery and mapping Risk advisory and assurance
- Business resilience Data privacy and GDPR
- ISO 27001 assessments
- Supply chain assurance
- PCI 3DS, PCI P2PE, PCI SSF audits
- Incident response readiness and planning
- Card production and PIN audits Cyber maturity assessments
- Incident response planning Gold/Silver/Bronze tabletops
Alongside our core services, we have a range of bespoke services to help organisations protect their systems and information:
- Risk mitigation assessments
- Security architecture review
- Security awareness and Training programmes
- Security policy development and adoption
- Cyber transformation programmes
We have a fantastic new opportunity to join our UK Consulting and Implementation division for a Senior Consultant operating as a Qualified Security Assessor (QSA). The ideal candidate will have prior extensive PCI consulting experience and commercial exposure within the cyber and payments space, gained from delivering a diverse range of cyber and assurance services ideally across a broad client base. In addition to your technical skills, you will have strong client facing skills and be comfortable dealing with senior client stakeholders.
Key responsibilities
- Build and maintain sustainable trusted client relationships through high-quality delivery, ensuring output exceeds client expectations.
- Conduct onsite and remote activities to advise, assess, analyse, and report in line with the engagement and client business requirements. This will involve meeting client stakeholders, conduct of documentation reviews, auditing technical solutions and systems as well as presenting information and advice to senior business partners.
- Translate the technical and non-technical findings from an assessment or exercise into relevant, actionable remediation road maps for customers.
- Responsible for adhering to all internal policy and procedures in relation to security and quality best practice.Engage with Markets and Pre-Sales teams during the sales cycle to assist in quantifying, pricing and assessing the capability required for the project delivery.
- Assist with sales proposals, bids and tenders for delivery of Assurance & Compliance services.
- You will act as mentor to less experienced consultants and foster knowledge sharing throughout the delivery team.
Requirements
- You hold or have held a PCI Qualified Security Assessor (QSA) qualification and delivered PCI DSS assessments.
- You hold or have held other PCI assessor qualifications such as PCI 3DS Assessor, PCI Card Production Security Assessor (CPSA), P2PE Assessor, Qualified PIN Assessor (QPA) or Secure Software Assessor. You are interested in expanding your PCI skills to include assessing against these standards.
- You will be working in areas mainly focusing on PCI QSA however other skills include as NIST 800-53, SANS Top 20 CSC, ISO 27001, Risk Assessment (ISO27005) EU GDPR and other frameworks as requested by clients.
- Have the ability to deliver projects within time and in budget and to a high level of customer satisfaction – exercising customer care at all times
- Demonstrate a strong ability to develop a rapport with customers and to engender long lasting relationships
- Have strong business, consultancy and technical skills within the IT Security Industry
- Excellent communication and presentation skills
Desired Skills and Qualifications
Demonstrable capability and qualifications across multiple of the following technical areas is advantageous.
- · SOC / SIEM assessments and tooling
- · Identity and Zero trust
- · Security design and architecture
- · GovAssure
- · Operational Technology (OT)
- · ISA 62443
- · Artificial Intelligence
- · SWIFT CSP
- · Cloud related certifications across AWS/GCP/Azure
- · CISM / CISSP / CRISC / ISO 27001 LI/LA / CISA
Behaviours:
- Focusing on Clients and Customers.
- Working as One NCC.
- Always Learning.
- Being Inclusive and Respectful.
- Delivery Brilliantly.
- Enabling Performance.
Why NCC Group?
At NCC Group, our mission is to create a more secure digital future. That mission underpins everything we do, from our work with our incredible clients to groundbreaking research shaping our industry. Our teams' partner with clients across a multitude of industries, delving into, securing new products, and emerging technologies, as well as solving complex security problems. As global leaders in cyber and escrow, NCC Group is a people-powered business seeking the next group of brilliant minds to join our ranks.
Our colleagues are our greatest asset, and NCC Group is committed to providing an inclusive and supportive work environment that fosters creativity, collaboration, authenticity, and accountability. We want colleagues to put down roots at NCC Group, and we offer a comprehensive benefits package, as well as opportunities for learning and development and career growth. We believe our people are at their brilliant best when they feel bolstered in all aspects of their well-being, and we offer wellness programs and flexible working arrangements to provide that vital support.
What do we offer in return?
We have a high-performance culture which is balanced evenly with world-class well-being initiatives and benefits;
⏰Flexible working
💸 Financial & Investment
- Pension
- Life Assurance
- Share Save Scheme
- Maternity & Paternity leave
🙋🏾Community & Volunteering Programmes
⚡ Green Car Scheme
🚴 Cycle Scheme
🏥 Healthcare
🏙️ Office Lifestyle
🧑🏻🤝🧑🏻 Employee Referral Program
🧘🏻 Lifestyle & Wellness
🎓 Learning & Development
👨🏿🦽 Diversity & Inclusion
So, what’s next?
If this sounds like the right opportunity for you, then we would love to hear from you! Click on apply to this job to send us your CV and the relevant member of our global talent team will be in touch with you. Alternatively send your details to global.ta@nccgroup.com .
About your application
We review every application received and will get in touch if your skills and experience match what we’re looking for. If you don’t hear back from us within 10 days, please don’t be too disappointed – we may keep your CV on our database for any future vacancies and we would encourage you to keep an eye on our career opportunities as there may be other suitable roles.
If you do not want us to retain your details, please email global.ta@nccgroup.com. All personal data is held in accordance with the NCC Group Privacy Policy (candidate-privacy-notice-261023.pdf (nccgroupplc.com)). We are committed to diversity and flexibility in the workplace. If you require any reasonable adjustments to support you during the application process, please tell us at any stage.
Please note that this role involves mandatory pre-employment background checks due to the nature of the work NCC Group does. To apply, you must be willing and able to undergo the vetting process. This role being advertised will be subject to BS7858 screening as a mandatory requirement.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Artificial Intelligence Audits AWS Azure C CISA CISM CISSP Cloud Compliance CRISC GCP GDPR Governance Incident response ISO 27001 ISO 27005 NIST NIST 800-53 PCI DSS PCI QSA Privacy Risk assessment SANS SIEM SOC Strategy Zero Trust
Perks/benefits: Career development Flex hours Parental leave Wellness
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.