Senior Security Consultant PCI QSA

Job Summary

This role will be responsible for supporting the organization's security initiatives, ensuring compliance with industry standards, and maintaining a secure, risk-aware environment. The role will work closely with clients, understand their security and compliance requirements, plan engagements, and ensure high-quality delivery of services. The role will work closely with cross-functional teams to ensure successful delivery of client projects. The role demands technical expertise, deep regulatory knowledge, client management capabilities. Focus will be on delivering value through risk framework development, vendor risk assessments, compliance training, and tailored client advisory.

Key Responsibilities, Deliverables / Outcomes

1.

• Conduct PCI DSS assessments for clients in line with PCI Security Standards Council guidelines.
• Provide consulting to implement and manage Information Security Management Systems (ISMS).
• Provide consulting to implement and maintenance of ISO 27001:2022 and/or NIST CSF standards within the organization.
• Perform Gap Assessment and threat modeling. Conduct risk assessment and create the Risk Treatment Plans (RTPs).
• Conduct in-depth analysis of complex security issues, identifying root causes and developing practical, data-driven solutions.
• Define and assess the Client's risk appetite and tolerance levels and develop and monitor Key Risk Indicators (KRIs) for Clients.
• Provide expert guidance to clients on remediation plans and achieving/maintaining compliance.
• Develop and document information security policies, processes, standards, and procedures in collaboration with other stakeholders.
• Identify and interpret legal, regulatory, and statutory information security compliance requirements relevant to Client operations.
• Conduct internal audits, assess security controls, and manage remediation plans.
• Deliver tailored, value-driven solutions while managing expectations, timelines, and budgets effectively.
• Conduct final PCI QSA audits and Develop Reports on Compliance (ROC) and Attestation of Compliance (AOC).
• Act as the liaison for external compliance assessments and audits, ensuring thorough preparation, evidence gathering, and successful audit outcomes.

Client Engagement

• Ensure a Client-centric approach by actively managing expectations, delivering value, and exceeding stakeholder requirements.
• Communicate risk assessments and mitigation plans to senior management within Client organizations.
• Deliver presentations and briefings to senior management and stakeholders, communicating complex security concepts in an understandable manner.
• Ensure effective communication of these policies and procedures across the Client's organization and ensure these policies are integrated into business operations.
• Engage in Client Meetings & Interactions to identity new prospects, relationship building & gathering market intelligence and feedback on services provided.

Learning & Initiatives

• Independently manage information security projects, ensuring adherence to deadlines and delivery goals.
• Take ownership of tasks and consistently meet deadlines, demonstrating accountability in managing security initiatives.
• Efficiently allocate and manage project resources and ensure timely and concise Project status updates to all stakeholders.
• Work as part of a collaborative team, fostering a culture of cooperation, open communication, and shared success.
• Stay up-to-date with PCI SSC updates, security threats, and regulatory changes.
• Deliver training and awareness sessions on compliance and security best practices.
• Maintain all QSA certification requirements as per PCI SSC guidelines.
• Identify and implement means to reduce and streamline efforts using technology.

Operations Management

• Track performance using Balanced Scorecard that tracks key metrics like client satisfaction (e.g., NPS), delivery timelines, and learning & growth.

Timely adherence to PMS initiatives like Timesheet, Bi-Weekly reviews etc

Key Skills

• PCI QSA
• In-depth knowledge of ISO 27001 standard
• Extensive knowledge on application of data classification framework/concepts, Identity and Access Management Concepts, Secure Software Development Lifecycle concepts, network defense.
• Working knowledge about cloud security concepts and cloud platforms
• Working Understanding of OSI communication layers and network communication protocols

Key Competencies

• Analysis Skills
• Customer Focus
• Communications- Oral & written
• Adaptability to Change
• Problem Solving Skills