- PCI DSS consultancy and assessments
- Security reviews against standards or guidelines such as the NCSC Steps to Cyber Security and NIST CSF
- ISO gap analyses
- Helping our clients to implement Information Security Management Systems and achieve and maintain ISO certification
- Conducting risk assessments
- Creating or supporting third-party risk management and audit programmes
- Be a current QSA who has completed multiple on-site PCI DSS assessments, and be able to demonstrate a mature understanding of complex PCI DSS environments, and an ability to consult as well as assess
- Have experience with ISO , including implementing an ISMS and achieving certification
- Have experience working with the NIST CSF
- A good understanding of core concepts and technologies. For example, networking, Windows and Linux operating systems, and security technologies such as antimalware, IDS/IPS, etc. You do not need hands-on experience with these technologies or to have worked in an operational role
- Be experienced working as a consultant in a client-facing role, leading delivery. You'll be friendly and approachable and able to work well with our clients
- Ability to work in a structured and methodical manner, with support to manage your own time with a focus on quality work
- This role is home-based, with an expectation of travel to client sites, primarily in the UK, but with some opportunities for European and international travel; therefore, all candidates must be willing to travel
- PCI DSS assessment activities require on-site work, but most other work is delivered at least partly from home
- We can support working from across the UK
- All applicants will require residence in the UK
- Conduct security reviews against standards or guidelines such as the NCSC Steps to Cyber Security, NIST CSF, Cyber Essentials
- Perform ISO gap analyses
- Help our clients to implement Information Security Management Systems and achieve and maintain ISO certification
- PCI DSS consultancy and gap analyses
- Assistance in implementing PCI DSS requirements such as policy writing
- Complete on-site assessments and reports on compliance
- Complete risk assessments
- Conduct third-party risk reviews
- Support pre-sales where required by assisting in the pre-sales process, understanding client requirements and contributing to proposals and scoping of engagements
- Be a current QSA who has completed multiple on-site PCI DSS assessments, and be able to demonstrate a mature understanding of complex PCI DSS environments, and an ability to consult as well as assess
- Have experience of ISO , including implementing an ISMS and achieving certification
- A good understanding of core concepts and technologies. For example, networking, Windows and Linux operating systems, and security technologies such as antimalware, IDS/IPS, etc. You do not need hands-on experience with these technologies or to have worked in an operational role
- Be experienced working as a consultant in a client-facing role, leading delivery. You'll be friendly and approachable and able to work well with our clients
- Ability to work in a structured and methodical manner, with support to manage your own time with a focus on quality work
- Experience working with the NIS directive, NCSC CAF or CAA ASSURE
- Be experienced at C-Level, including presenting to top-level management, decision makers and risk owners. You will have the ability to articulate information security risks in a way that demonstrates an understanding of the broader business impact
- Demonstrate leadership as a senior team member. You will be expected to have input into developing the wider team, take ownership of service areas, and be able to support and mentor other team members
- Experience in delivering security awareness training to end-users
- Hand-on technical experience, even if not recent
- ISO lead auditor or lead implementer
- CISSP - (ISC) Certified Information System Security Professional
- CISM - ISACA Certified Information Security Manager
- CISA - ISACA Certified Information Systems Auditor
- CRISC - ISACA Certified in Risk and Information Systems Control
- Make a difference – as clichéd as it sounds, this really is true. We encourage all consultants to challenge norms and empower them to get involved. This might be getting involved with other teams or developing a new service offering – but if you want to do something, we always try to make it happen
- Get involved – enjoy blogging or public speaking? Our team is committed to getting involved in industry discussions. We make time to attend conferences and get involved in the infosec community
- Develop their skills – we love learning and ensure we find time for professional development. This isn't just about collecting certifications and attending training courses – gaining and sharing knowledge in new areas is vital. These don't always have to be directly related to your "day job"; in fact, we actively encourage developing knowledge in new and exciting domains
-
Senior Information Security Practitioner
4 hours ago
rradar Birmingham, United KingdomThe UK's data and information security landscape is rapidly changing, and businesses are facing real uncertainty about how to ensure they remain compliant with what the law requires. As a result, we are now seeing significantly increased demand for our services and to help addres ...
-
Graduate Recruitment Consultant
4 hours ago
Enterec Ltd Solihull, United Kingdom**ARE YOU LOOKING FOR A ROLE IN RECRUITMENT?** · **Looking for an established, successful agency that's investing in its future recruitment consultants offering a complete assessment course to make sure you can really make the most of your new career?** · **What's in it for you?* ...
-
SAP Basis Consultant
5 days ago
Focus Cloud Birmingham, United Kingdom Full timePosition: SAP Basis Consultant · Employment Type: Contract, Full time · Start: ASAP · Duration: 6 Months with possible extensions · Location: Birmingham · Languages: English · Focus on SAP is specialist SAP Recruitment organisation offering both permanent and contract staffing ...
-
Mid-Level ServiceNow Consultant
5 days ago
Modis Birmingham, United Kingdom PermanentI am working with an outstanding organisation who are seeking a mid-level ServiceNow Developer or Consultant to join their team. In this role, you will be the technical expert and trusted advisor who inspires customers about how their software solutions can meet their business ne ...
-
ServiceNow Technical Lead
4 days ago
Tata Consultancy Services Warwick, United KingdomRole:ServiceNow Technical Lead · Job Type: Permanent · Location:Warwick/Wokingham, UK (3 days Onsite) · Ready to utilise your skills and knowledge in ServiceNow? · Are you looking for an exciting opportunity to leverage your experience in ITSM Modules, ITOM, HR, SecOps, ITBM? · ...
-
ServiceNow Technical Lead
5 days ago
Tata Consultancy Services Warwick, United KingdomJob Description · Role:ServiceNow Technical Lead · Job Type: Permanent · Location:Warwick/Wokingham, UK (3 days Onsite) · Ready to utilise your skills and knowledge in ServiceNow? · Are you looking for an exciting opportunity to leverage your experience in ITSM Modules, ITOM, H ...
-
ServiceNow Technical Lead
4 days ago
Tata Consultancy Services Warwick, Warwickshire, United KingdomRole: ServiceNow Technical LeadJob Type: PermanentLocation: Warwick/Wokingham, UK (3 days Onsite)Ready to utilise your skills and knowledge in ServiceNow?Are you looking for an exciting opportunity to leverage your experience in ITSM Modules, ITOM, HR, SecOps, ITBM?Join us as a S ...
-
Risk and Compliance Manager
4 days ago
National Grid Warwick, United KingdomWe are looking for a passionate Risk and Compliance Manager to join the Group Finance Risk Controls and Compliance (RCC) team who are responsible for providing risk management, controls and compliance support, advice, and assurance to the CFO function. The role will work closely ...
GRC Consultant - Birmingham, United Kingdom - LRQA
Description
We are looking for
a QSA to join our GRC team in the UK. This role is home-based, with travel to client sites .You'll be part of a team delivering security consultancy in a client-facing role, with a particular focus on:
Essential skills and experience:
Your primary role will be to deliver PCI DSS consultancy and assessment activities to our clients as part of an established and experienced team of consultants. It's not all PCI DSS, though, and you'll be involved in other areas as listed above and have opportunities to scope and deliver more bespoke engagements.
Location
What you'll be doing in your role:
In your role, you will deliver consultancy services to our clients, covering the following areas:
Key Skills:
Essential skills and experience:
Desirable skills and experience:
Certifications
As an active QSA you must hold a certification from list A and list B per the PCI SSC requirements. Whilst a collection of certifications is less important than experience, many areas in which our team works have pre-requisite certifications that our consultants either hold or are working towards achieving.
Any of the following certifications would be beneficial:
What we offer:
We are a people-focused, high-performing, high-trust professional services team. You'll be part of a diverse and growing international group of consultants, and we go out of our way to make sure our consultants feel part of our team. We use technology to ensure we're always communicating with each other and schedule time every week to talk as a team.
The successful candidate will have opportunities to:
