Senior Consultant - QSA

Job ID:41876
Location:Birmingham : 1 Trinity Park : Bi, LRQA Nettitude:Birmingham :1  
Position Category:Information Technology
Position Type:Employee Regular

The Cyber Services element of LRQA has been around since 2003 (formerly known as Nettitude), and our focus has always been on delivering excellence in cyber security. We have teams that offer world class services in red teaming, penetration testing, threat intelligence, research and development, detection and response, governance, risk, and compliance, and plenty more. Our business is global and so are our clients. We work closely with central banks, central and local government, critical national infrastructure, large retailers, and plenty more besides! 

We’re an award winning provider of cyber security services and we’re are at a very exciting stage of development. We are looking for the right people to join us as we embrace the challenges thrown up by the advancements within the IT industry and within the threats faced. LRQA will be at the forefront of this arena and we want to seek the right people to join the team and make it happen.

The Role

We are looking for a QSA to join our Advisory Services team in the UK. This role is home-based, with travel to client sites.

You’ll be part of a team delivering security consultancy in a client-facing role, with a primary focus on PCI DSS consultancy and assessments; however, there will also be opportunies to cover a breadth of other GRC related engagements:

• Security reviews against standards or guidelines such as NIST CSF and the NCSC 10 Steps to Cyber Security
• ISO 27001 gap analyses
• Helping our clients to implement Information Security Management Systems and achieve and maintain ISO27001 certification
• Cyber Maturity Assessments
• Conducting risk assessments
• Creating or supporting third-party risk management and audit programmes

Essential skills and experience:
 

• You are a current QSA who has completed multiple on-site PCI DSS assessments, and be able to demonstrate a mature understanding of complex PCI DSS environments, and an ability to consult as well as assess
• Have experience with ISO 27001, including implementing an ISMS and achieving certification
• Have experience working with the NIST CSF
• A good understanding of core concepts and technologies. For example, networking, Windows and Linux operating systems, and security technologies such as antimalware, IDS/IPS, etc. You do not need hands-on experience with these technologies or to have worked in an operational role
• Be experienced working as a consultant in a client-facing role, leading delivery. You’ll be friendly and approachable and able to work well with our clients
• Ability to work in a structured and methodical manner, with support to manage your own time with a focus on quality work

Location:

• This role is home-based, with an expectation of travel to client sites, primarily in the UK, but with some opportunities for European and international travel; therefore, all candidates must be willing to travel when required
• PCI DSS assessment activities require on-site work, but most other work is delivered at least partly from home
• We can support working from across the UK
• All applicants will require residence in the UK

What you'll be doing in the role?

In your role, you will deliver consultancy services to our clients, covering the following areas:

• Conduct security reviews against standards or guidelines such as the NCSC 10 Steps to Cyber Security, NIST CSF, Cyber Essentials
• Perform ISO 27001 gap analyses
• Help our clients to implement Information Security Management Systems and achieve and maintain ISO27001 certification
• PCI DSS consultancy and gap analyses
• Assistance in implementing PCI DSS requirements such as policy writing
• Complete on-site assessments and reports on compliance
• Complete risk assessments
• Conduct third-party risk reviews
• Support pre-sales where required by assisting in the pre-sales process, understanding client requirements and contributing to proposals and scoping of engagements

Key Skills:

Essential:

• Be a current QSA who has completed multiple on-site PCI DSS assessments, and be able to demonstrate a mature understanding of complex PCI DSS environments, and an ability to consult as well as assess
• Have experience of ISO 27001, including implementing an ISMS and achieving certification
• A good understanding of core concepts and technologies. For example, networking, Windows and Linux operating systems, and security technologies such as antimalware, IDS/IPS, etc. You do not need hands-on experience with these technologies or to have worked in an operational role
• Be experienced working as a consultant in a client-facing role, leading delivery. You’ll be friendly and approachable and able to work well with our clients
• Ability to work in a structured and methodical manner, with support to manage your own time with a focus on quality work

Desirable:

• Experience working with the NIS directive, NCSC CAF or CAA ASSURE
• Be experienced at C-Level, including presenting to top-level management, decision makers and risk owners. You will have the ability to articulate information security risks in a way that demonstrates an understanding of the broader business impact
• Demonstrate leadership as a senior team member. You will be expected to have input into developing the wider team, take ownership of service areas, and be able to support and mentor other team members
• Experience in delivering security awareness training to end-users
• Hand-on technical experience, even if not recent

Certifications

As an active QSA you must hold a certification from list A and list B per the PCI SSC requirements. Whilst a collection of certifications is less important than experience, many areas in which our team works have pre-requisite certifications that our consultants either hold or are working towards achieving.

Any of the following certifications would be beneficial:

• ISO 27001 lead auditor or lead implementer
• CISSP - (ISC)2 Certified Information System Security Professional
• CISM  - ISACA Certified Information Security Manager
• CISA - ISACA Certified Information Systems Auditor
• CRISC - ISACA Certified in Risk and Information Systems Control

What we offer:

We are a people-focused, high-performing, high-trust professional services team. You’ll be part of a diverse and growing international group of consultants, and we go out of our way to make sure our consultants feel part of our team. We use technology to ensure we’re always communicating with each other and schedule time every week to talk as a team.

The successful candidate will have opportunities to:

• Make a difference – as clichéd as it sounds, this really is true. We encourage all consultants to challenge norms and empower them to get involved. This might be getting involved with other teams or developing a new service offering – but if you want to do something, we always try to make it happen
• Get involved – enjoy blogging or public speaking? Our team is committed to getting involved in industry discussions. We make time to attend conferences and get involved in the infosec community
• Develop their skills – we love learning and ensure we find time for professional development. This isn’t just about collecting certifications and attending training courses – gaining and sharing knowledge in new areas is vital. These don’t always have to be directly related to your “day job”; in fact, we actively encourage developing knowledge in new and exciting domains

Diversity and Inclusion at LRQA:

We are on a mission to be the place where we all want to work and we are passionate about embracing different perspectives because we understand the value this brings to our business, our clients and each other. We are all about creating a safer and more sustainable future and our inclusive culture is right at the heart of our business.

Together our employees make our communities better and we want you to be part of our diverse team!

LRQA is a leading global assurance provider.  The integrity and expertise we bring to our partnership with clients support their journey to a safer, more secure and more sustainable future. (Group entities).

Copyright © LRQA 2021. All rights reserved. Terms of use.  Privacy Policy.