Share this Job

QSA - Information Security Consultant

Apply now »

Date: 14-Jan-2022

Location: Leamington Spa, GB, CV31 3RZ

Company: Lloyds Register

About Nettitude 


Founded in 2003, Nettitude is an award-winning global provider of cybersecurity services, bringing innovative thought leadership to the ever-evolving cybersecurity marketplace. Through our research and innovation centres, we provide threat led services that span technical assurance, consulting and managed detection and response offerings.

To learn more, please visit https://www.nettitude.com/



The role


We are looking for an established QSA to join our Information Security Consulting team. Your primary role will be to deliver PCI DSS consultancy and assessment activities to our clients, as part of an established and experienced team of QSAs based in the UK and US. This is a home-based role, with an expectation of travel to client sites as and when required.





This is a home-based role, with an expectation to travel to UK client sites as and when required. Candidates must be eligible to work full time in the UK.  



What you will be doing in your role


In your role you will deliver a mixture of on-site and remote consultancy services to our clients covering the following areas:


  • PCI DSS gap analyses and workshops; 
  • Assistance implementing PCI DSS requirements such as policy writing; 
  • Complete on-site assessments and author reports on compliance; 
  • Security reviews of client environments; 
  • Gap analyses against NCSC Ten Steps, NIST CSF, CIS 20; 
  • Complete risk assessments; 
  • Conduct third-party risk reviews; 
  • Support ISO 27001 implementation projects – management workshops, ISMS reviews, risk management workshops, controls reviews, internal audits, third-party risk reviews; 
  • Support pre-sales where required by assisting in the pre-sales process, understanding client requirements and contributing to proposals and scoping of engagements. 

Our team is currently delivering the vast majority of client engagements remotely, and there is an expectation that you will be delivering client engagements 60-70% of the time, which is split between on-site in the UK (or remote during COVID restrictions) and remote days for reporting.  



Key skills


The following are strong recommendations and in most cases prerequisites of the role: 

  • Experience of PCI DSS – an active QSA who has completed full assessments for merchants and service providers with large and/or complex environments is essential. An ability to provide strategic advice to guide clients from the inception of their PCI DSS project through to a compliant report on compliance 
  • A solid technical background, with hands-on experience with technologies such as Windows/Linux, networking, databases, development, firewalls, security technologies such as antivirus, IDS/IPS, DLP 
  • Experience in a consultancy role, and an ability to communicate clearly, with impact, to both technical and exec/board level staff. As a consultant you will have experience of using your time effectively, and be motivated to drive client engagements and be pro-active in your approach 
  • Strong written skills 
  • Strong communication skills and an ability to build rapport with key stakeholders 
  • Willingness to “roll up your sleeves” and get involved, and take responsibility for ensuring we always exceed client expectation 



As an active QSA you must hold a certification from both list A and list B as per the PCI SSC requirements. Whilst a collection of certifications is less important than experience, many of the areas in which our team works have pre-requisite certifications that our consultants either hold, or are working towards achieving.  


Any of the following certifications would be beneficial: 

  • ISO 27001 lead auditor or lead implementer; 
  • CISSP - (ISC)2 Certified Information System Security Professional; 
  • CISM  - ISACA Certified Information Security Manager; 
  • CISA - ISACA Certified Information Systems Auditor; 
  • CRISC - ISACA Certified in Risk and Information Systems Control; 
  • Eligibility for Security Clearance. 


Desirable skills:- 

  • An understanding of the GDPR and data protection act 
  • Knowledge of cloud technologies such as AWS and Azure 
  • Experience delivering security awareness training or public speaking  
  • Hands on experience in implementing ISO27001



What we offer


We are a people-focused, high-performing, high-trust professional services team. You’ll be part of a diverse and growing international group of consultants, and we go out of our way to make sure our consultants feel part of our team. We use technology to ensure we’re always communicating with each other, and schedule in time every week to talk as a team. We also have regular face-to-face “clinic days”, where the whole team gets together for two days in a workshop style for learning, sharing, and collaborating. 


The successful candidate will have opportunities to: 

  • Make a difference – as clichéd as it sounds, this really is true. We encourage all consultants to challenge norms, and empower them to get involved. This might be getting involved with other teams, or developing a new service offering – but if you want to do something, we always try to make it happen 
  • Get involved – enjoy blogging or public speaking? Our team is committed to getting involved in industry discussions. We make time to attend conferences, and get involved in the infosec community 
  • Develop their skills – we love learning, and make sure that we find time for professional development. This isn’t just about collecting certifications and attending training courses – gaining and sharing knowledge in new areas is vital. These don’t always have to be directly related to your “day job”, in fact we actively encourage developing knowledge in new and exciting domains 





Are you interested in this job? Apply now via the ‘apply’ button and upload your C.V. and cover letter

Job Segment: Information Security, Consulting, Information Systems, Linux, Technology, Research