Senior Security Assessor - QSA

ControlCase is seeking a Senior Security Assessor (QSA) based in the UK with strong, up-to‑date experience in IT security assessment and auditing. In this role you will work directly with client organizations and their teams to assess their IT environments against a wide range of industry standards and regulations, including PCI DSS, ISO 27001 / 2, GDPR, NIS2, DORA, and other relevant EU frameworks or regulations. Your primary responsibilities will include collaborating closely with stakeholders, supporting consulting engagements, conducting comprehensive security assessments, and ensuring compliance with current industry and regulatory requirements. Fluency in German and / or Spanish preferred.

ControlCase is a global service provider and innovator in the use of Compliance as a Service (CaaS) so that businesses can meet regulatory compliance mandates with efficiency and cost effectiveness.

Working at ControlCase means becoming part of a team that makes a real difference. You’ll have the chance to work on projects that have a significant impact on our clients and in an organization that believes in investing in our employees’ growth and development through continuous learning. You’ll have access to training programs, mentorship opportunities, and other resources to help you expand your skills and expertise.

At ControlCase, we prioritize the empowerment of our employees by furnishing them with the tools needed for success. Experience the autonomy of a fully remote work environment, complete with a company‑provided computer, monitor, and peripherals. We offer mileage and travel reimbursement for business obligations. Additional benefits include phone / internet reimbursement, paid vacation (PTO) per year, as per local regulations / practices, in addition to country‑specific official holidays. We continuously strive to help you elevate your career and lifestyle with a perks package designed to facilitate your professional journey.

• Competitive Salary – 110,000 to 118,000 GBP depending on qualifications.
• Additional quarterly bonus 10,000 GBP / year paid quarterly, dependent upon meeting defined scorecard objectives.
• Paid time‑off.
• Quarterly Performance Bonus.
• Monthly reimbursement for telephone & internet.
• Diverse International Team of IT Professionals.
• Professional Development and Career Coaching.
• Company‑paid training and certifications (as per HR policy and a manager’s approval).
• Competitive Salary – 110,000 to 118,000 GBP depending on qualifications. Additional quarterly bonus 10,000 GBP / year paid quarterly, dependent upon meeting defined scorecard objectives.

Location —This job is 100% remote, with the requirement to travel to client locations in the EU region as needed.

• Must be a PCI DSS certified QSA.
• Must have recent and extensive IT Security auditing or consulting experience.
• Prefer a bachelor’s degree with a specialization in information assurance.
• At least 5 years’ overall experience in information security.
• Ability to analyze network architectures and review the network device (Firewalls / Switches / Routers / IDS / IPS / Load Balancers etc.) and Servers / Virtualization Devices configurations.
• Good understanding and audit experience in cloud computing environments (e.g., Amazon Web Services, Microsoft Azure, Google Cloud Platform).
• In-depth knowledge of IT Security Policies and Procedures that govern client’s Information Security and Privacy programs.
• In-depth knowledge and experience in IT Security, including access controls, network security, logging / monitoring, vulnerability assessments, system hardening, secure software development, application security, encryption, and key management best practices.
• In-depth knowledge and work experience with IT Security standards / frameworks, including PCI DSS, ISO 27001 / 2, GDPR, NIS2, DORA, and other relevant EU frameworks or regulations.
• At least one certification from each group is preferred.
• Group 1 – CISA, ISO27001 Lead Auditor.
• Group 2 – CISSP, ISO27001 Lead Implementer, CISM.
• Demonstrated ability to structure and lead projects successfully.

• Lead client audits / assessments and interface with clients to review and analyze complex systems (Applications, Operating systems, Databases, and Networking devices) and identify risks and vulnerabilities within the client environments as per the requirements defined in the security standards and regulations.
• Work with the client to understand their business processes, analyze sensitive data flows (business and application data flows), network architecture, and define the proper audit / assessment scope.
• Wherever possible, provide audit / assessment scope reduction guidance to the client.
• Work independently with the client to perform audit interviews, collect, consolidate, and analyze evidence for the compliance assessment, and meet the internal quality assurance requirements throughout the assessment.
• Provide consulting guidance and recommendations to clients to help them meet compliance requirements and improve security in accordance with applicable security controls.
• Establish and maintain positive collaborative relationships with clients and stakeholders.
• Produce final reports on compliance to detail the controls observed during security assessments in accordance with various security standards and regulations.
• Escalate client and project issues to management in a timely manner to inform and engage the necessary resources to address the issue.
• Collaborate with project managers, internal quality assurance group, sales, and other delivery team members to drive customer satisfaction and meet project deliverables.
• Work on continuous professional development in maintaining industry‑specific certifications and a strong depth of knowledge in the practice area.

Job Types: Full‑time, Permanent

• Information Security – 5 years (required)

• PCI QSA
• At least one certification from each group is preferred.
• Group 1 – CISA, ISO27001 Lead Auditor.
• Group 2 – CISSP, ISO27001 Lead Implementer, CISM.

Work Location: UK (Remote with client onsite travel as necessary)

Expected start date: ASAP