GRC Consultant - QSA

Social network you want to login/join with:

a QSA to join our GRC team in the UK. This role is home-based, with travel to client sites.

You’ll be part of a team delivering security consultancy in a client-facing role, with a particular focus on:

1. PCI DSS consultancy and assessments
2. Security reviews against standards or guidelines such as the NCSC Steps to Cyber Security and NIST CSF
3. ISO gap analyses
4. Helping our clients to implement Information Security Management Systems and achieve and maintain ISO certification
5. Conducting risk assessments
6. Creating or supporting third-party risk management and audit programmes

• Be a current QSA who has completed multiple on-site PCI DSS assessments, and be able to demonstrate a mature understanding of complex PCI DSS environments, and an ability to consult as well as assess
• Have experience with ISO, including implementing an ISMS and achieving certification
• Have experience working with the NIST CSF
• A good understanding of core concepts and technologies, such as networking, Windows and Linux operating systems, and security technologies like antimalware, IDS/IPS, etc. Hands-on experience is not required
• Be experienced working as a client-facing consultant, leading delivery. You should be friendly, approachable, and able to work well with clients
• Ability to work in a structured and methodical manner, managing your own time with a focus on quality work

Your primary role will be to deliver PCI DSS consultancy and assessment activities, with opportunities to engage in other listed areas and bespoke projects.

Location
• This role is home-based, with travel primarily within the UK, and some opportunities for European and international travel; all candidates must be willing to travel
• Most work is delivered remotely, except for PCI DSS assessments which require on-site presence
• We support working from anywhere in the UK
• All applicants must reside in the UK
What you’ll be doing in your role:

You will deliver consultancy services covering:

1. Security reviews against standards like NCSC Steps to Cyber Security, NIST CSF, Cyber Essentials
2. ISO gap analyses
3. Assisting clients with ISO implementation and certification
4. PCI DSS consultancy and gap analyses
5. Implementing PCI DSS policies
6. On-site assessments and compliance reports
7. Risk assessments
8. Third-party risk reviews
9. Supporting pre-sales activities, understanding client needs, and contributing to proposals

• Current QSA with experience in multiple PCI DSS assessments and a mature understanding of complex environments
• Experience with ISO, including ISMS implementation and certification
• Good understanding of core concepts and technologies, such as networking, OS, and security tech; hands-on experience not necessary
• Client-facing consulting experience, leadership in delivery, friendly and approachable attitude
• Structured, methodical work approach, good time management

• Experience with NIS directive, NCSC CAF, CAA ASSURE
• Experience presenting to C-Level and articulating security risks to business stakeholders
• Leadership qualities, mentoring, and team development experience
• Experience delivering security awareness training
• Hands-on technical experience, even if not recent

Active QSA must hold certifications from list A and list B as per PCI SSC requirements. Additional certifications like ISO lead auditor, CISSP, CISM, CISA, or CRISC are beneficial.

We are a people-focused, high-performing team that values diversity and professional growth. We foster communication and community through technology and regular team interactions.

Opportunities include:

• Making a difference by challenging norms and developing new services
• Getting involved in industry discussions, blogging, or speaking at conferences
• Developing skills through continuous learning and sharing knowledge in various domains