Senior Lead Consultant – PCI and Frameworks

• Cyber Security
• Hybrid Remote
• Permanent

• Assist clients in meeting compliance obligations by evaluating business, technology, and operations against security standards.  
• Produce detailed, high-quality reports for clients and industry third parties (e.g., payment card brands and the PCI Security Standards Council). 
• Take ownership of project work, such as a PCI DSS assessment, from start to finish, including deliverables and work products. 
• Delivery of wider client engagements to a high-quality, work could cover ISMS development, assisting companies gain ISO27001 certification, NIS D compliance and assisting with other areas of governance, risk and compliance as required. 
• Staying on top of the latest developments within cyber security by attending training and conferences. 
• Working with the leadership and sales team to respond to tenders and provide pre-sales support. 
• Quality Assure other consultants work as required. 
• Input into the development of Bridewell security methodologies. 

• Leading PCI DSS engagements across both merchant and service provider environments including assessment and non-assessment delivery. 
• Conducting PCI DSS v4 assessments and documenting associated RoC and AoC materials. 
• Designing and supporting clients to implement PCI DSS compliant solutions including documenting CCWs and Customised Approach templates. 
• Working within highly regulated environments e.g. financial services or gaming. 
• Working with complex technical architectures including public and private cloud, containerisation and integrated third party service providers. 
• Implementing other security standards such as ISO27001, NIST, NIS-D/NIS 2/NCSC CAF. 
• Conducting cyber security risk assessments and managing risk management activities. 
• Working with both technical teams and board members. 
• Conducting cyber security assessments and gap analysis against various frameworks. 
• Working with regulators or industry bodies. 
• Developing solutions to address client security requirements. 
• Supporting business development opportunities, proposal development and presentations. 

• In depth understanding of PCI DSS, ISO 27001 and other similar standards. 
• Expertise in the execution and delivery of information security assessments. 
• Excellent spoken and written communication to explain your methods to a technical and non-technical audience.
• Attention to detail, to be able to plan and execute tests while considering client requirements.
• Good time management and organizational skills to meet client deadlines.
• Ability to perform root cause analysis and deliver strategic recommendations during client reviews.
• Teamwork skills, to support colleagues and share techniques.
• Commitment to continuously update your technical knowledge base. 

• Be an existing active QSA in good standing with the PCI SSC, or  
• Have more than 5 years’ current experience in delivering PCI DSS engagements and hold at least one qualification from both List A and List B: 
• Certified Information Systems Security Professionals (CISSP) (List A) 
• Certified Information Security Manager (CISM) (List A)
• ISO27001 Lead Implementer (List A) 
• Certified Information Systems Auditor (CISA) (List B)
• ISO27001 Lead Auditor (List B) 

• Competitive Salary  
• 25 Days Holiday - Plus buy and sell options 
• Flexible Working (around core office hours) 
• Profit Share Scheme 
• Company Pension 
• Employee Shareholder Scheme 
• Dedicated Training Budget 
• Home Office Equipment (for remote working employees) 
• Life Assurance 
• Cycle to Work Scheme 
• Electric Vehicle Scheme 
• Private Healthcare (incl. Gym discounts) 
• Vision Care 
• Birthday off (After 1 year)