Security Consultant (QSA)

About The Role

All Senior Security Consultants

• Deliver a range of Cyber Practice function service offerings in line with employee’s capabilities
• Lead complex customer projects across the range of Cyber Practice function service offerings in line with employee’s capabilities
• Perform QA (Quality Assurance) reviews of customer reports as necessary
• Assist with pre/post sales activities as required
• Provide technical mentoring to other colleagues delivering the same services
• Maintain excellent communication with customers
• Maintain excellent communication and collaboration with internal teams to support Claranet in meeting its vision
• Keep up with industry trends, emerging threats, and technological advancements to effectively address new challenges and technologies
• Service delivery on customer sites as required
• Assist with the development and growth of the Cyber Security function’s services offerings
• Assist with the development of cutting-edge training material for internal and external delivery
• Deliver training, webinars, and seminars
• Contribute to the writing and publishing of whitepapers and advisories
• Fulfilling any re-certification requirements

QSA Specific (Where Applicable)

• Perform a range of PCI DSS consultancy covering the Cyber Practice function’s range of PCI QSA service offerings consisting of, but not limited to:
• cardholder data environment mapping exercises
• gap analysis
• assisted SAQ submissions
• Report on Compliance (ROC) assessments
• general PCI QSA consultancy
• de-scoping recommendations/advice
• architecture reviews
• internal Report on Compliance (ROC) assessments

ISO 27001 Specific (Where Applicable)

• Perform a range of ISO 27001 consultancy covering the Cyber Practice function’s range of ISO 27001 service offerings consisting of, but not limited to:
• understanding the organisations
• ISMS risk management introduction
• asset identification
• risk assessment
• ISMS management
• risk treatment
• internal audit

Teams to collaborate with

• Customer Experience and Managed Services – ensure we are consistently providing the best service to our customers, proactively monitoring their needs, and integrating their feedback into our future portfolio and propositions.
• Customer Success and Growth – ensure that the portfolio is up to date, meets customer needs, enables cross and up selling, and provide pre-sales support when required.
• Portfolio, Alliances & Technology Practices – support efforts to embed Cyber Practice function services into customer solutions.
• Finance & Corporate Development – submission of any work-related expenses.

About You

Behavioural competencies – organisational and behavioural fit

• Customer facing, able to represent Claranet confidently and professionally
• Willing to travel to deliver onsite work as required
• Ability to identify and work with colleagues to deploy improvements to delivery processes
• Self-motivated and able to work in an independent manner as well as part of a dynamic team
• Excellent written and oral communications skills
• Excellent attention to detail
• Good numeracy and organisational skills
• Positive, collaborative, and enthusiastic

Critical competencies – technical fit

• One or more industry recognised qualifications; i.e. CISSP, CISM, CISA, ISO 27001 Lead Auditor, PCI QSA, etc.
• Extensive experience leading own security consultancy projects/assessments/audits
• Aptitude for understanding, interpreting, and applying objective standards to specific responses
• Working under pressure of deadlines and structuring workload accordingly
• Problem-solving, helping others to understand complex ideas
• Providing advice and guidance in customer-facing situations
• Ability to work to tight deadlines, prioritise and manage workload
• Deep knowledge and understanding of security technologies
• Deep knowledge and understanding of networking
• Ability to quickly learn and understand new skills and technologies specific to the Cyber Security industry
• Take own initiate to expand information security knowledge
• Ability to write concise, accurate and timely reports
• Extensive experience completing PCI DSS consultancy projects and assessments
• Extensive experience completing complex ROCs

Desirable competencies

• Experience leading audits/assessments against security framework (i.e. ISO 27001, PCI DSS, Cyber Essentials)
• GDPR Experience
• SOC 2 Experience
• NIST Experience
• Full UK driving license (for UK recruitment)
• Experience managing client projects
• Information security consulting experience