Senior Consultant – Cyber Security & PCI Qualified Security Assessor
Bloom Equity Partners, Atlanta, GA, United States
Job Title: Senior Consultant – Cyber Security & PCI Qualified Security Assessor
Practice: GRC Advisory
Reports to: Practice Manager / Divisional Director - GRC Advisory
Location: US (with national and international travel)
Purpose of the Role
The Senior Consultant – Cyber Security & PCI Qualified Security Assessor (QSA) plays a key leadership role in delivering high‑quality cyber security and compliance advisory services, with a primary focus on PCI DSS assessments and advisory engagements, supplemented by broader cyber risk, governance, and assurance services.
The role is accountable for leading client engagements end‑to‑end, acting as the senior delivery resource, trusted advisor, and subject matter expert. This includes planning, execution, quality assurance, stakeholder management, and successful close‑out of projects. The Senior Consultant may work independently or lead small project teams and contributes actively to the growth and reputation of the Digital Risk Advisory practice.
Key Responsibilities & Accountabilities
Client Delivery & Engagement Leadership
Lead cyber security and PCI DSS client engagements from initiation through delivery and closure.
Act as the primary point of contact for clients during assigned engagements, ensuring clear communication, scope control, and expectation management.
Deliver high‑quality, concise, and actionable reports suitable for technical teams, senior management, and executive stakeholders.
Apply judgement and experience to complex risk and compliance issues, ensuring pragmatic and proportionate recommendations.
PCI DSS & QSA Responsibilities
Perform PCI DSS assessments in line with PCI SSC requirements, including:
Scoping and gap assessments
On‑site and remote assessments
Completion of SAQs, Reports on Compliance (ROC), and Attestations of Compliance (AOC)
Provide expert advice on PCI DSS control implementation, compensating controls, and remediation planning.
Support clients in achieving and maintaining PCI DSS compliance across complex environments.
Stay current with PCI DSS standard updates, guidance, and assessor program requirements.
Cyber Security & Risk Advisory
Deliver broader cyber security advisory services including:
Information security risk assessments and business impact analysis
Governance, risk, and compliance (GRC) assessments
Framework‑based assessments (e.g. ISO/IEC 27001, ISO/IEC 42001, NIST CSF, NIST 800-53, SOC 2, HIPPA, SABSA, COBIT)
Cyber supply chain security and third‑party risk assessments
Advise clients on the design and improvement of cyber security strategies, policies, and control environments.
Investigate significant security incidents or control failures and recommend control improvements.
Quality, Assurance & Professional Practice
Take responsibility for quality assurance of own work and contributions from junior team members.
Ensure delivery is compliant with internal methodologies, standards, and contractual requirements.
Participate in peer reviews, knowledge sharing, and continuous improvement of consulting practices and assets.
Commercial & Practice Contribution
Identify and nurture commercial opportunities during engagements and contribute to account growth.
Support pre‑sales activities including proposal writing, tender responses, and client presentations.
Act as a mentor to consultants and junior team members, supporting their professional and technical development.
Contribute to internal training, capability development, and thought leadership activities.
Key Performance Indicators
Successful delivery of cyber security and PCI DSS engagements to time, quality, and budget
Client satisfaction and trusted‑advisor status
Identification and support of new commercial opportunities
Effective stakeholder engagement and team leadership
Contribution to practice capability, knowledge sharing, and mentoring
Travel & Language Requirements
Willingness to travel nationally and internationally
Business‑level English (fluent)
Additional languages desirable
Person Specification
Knowledge & Experience (Essential)
Minimum 2+ years’ experience as a PCI DSS Qualified Security Assessor (QSA) delivering PCI DSS engagements.
Proven experience leading or independently delivering consulting engagements in cyber security or information risk.
Strong experience completing PCI DSS deliverables including SAQs, ROCs, and AOCs.
Experience advising clients on scoping, remediation, and ongoing compliance strategies.
Demonstrable experience working with at least two major security frameworks (e.g. PCI DSS, ISO/IEC 27001, ISO/IEC 42001, NIST CSF, NIST 800-53, SABSA, COBIT).
Experience communicating complex cyber security concepts to both technical and non‑technical stakeholders, including senior management and boards.
Skills & Abilities
Information Security & Assurance
Conducts cyber security risk assessments, vulnerability analysis, and business impact assessments.
Interprets and applies security and assurance policies, standards, and regulatory requirements.
Investigates significant security control failures or incidents and recommends improvements.
Stakeholder & Relationship Management
Builds and maintains strong, long‑term client relationships.
Leads stakeholder engagement strategies and manages complex client environments.
Acts confidently as a trusted advisor.
Project Management
Leads medium‑scale consulting projects with direct business impact.
Manages scope, resources, risks, and quality to achieve successful outcomes.
Uses appropriate delivery approaches (predictive or agile).
Commercial Awareness
Identifies sales opportunities and contributes to pipeline development.
Supports pre‑sales and proposal activities.
Understands client business drivers and market context.
Qualifications & Certifications
Essential
PCI DSS Qualified Security Assessor (QSA) – current and in good standing
ISO/IEC 27001 Lead Auditor / Implementer
NIST CSF, NIST 800-53 certifications
CISSP
CISM
CISA
Desirable
ISO/IEC 42001 Lead Implementer
SOC2
HIPPA
CRISC
Security+, Network +
Bachelor’s Degree, or equivalent professional experience
Personal Qualities & Behaviours
Client‑centric and committed to excellence in service delivery
Confident, professional, and credible under pressure
Strong integrity, impartiality, and ethical standards
Results‑focused with strong problem‑solving skills
Adaptable, collaborative, and open to change
Proactive self‑manager and mentor to others
Strategic thinker who can link long‑term objectives with day‑to‑day delivery
#J-18808-Ljbffr
Practice: GRC Advisory
Reports to: Practice Manager / Divisional Director - GRC Advisory
Location: US (with national and international travel)
Purpose of the Role
The Senior Consultant – Cyber Security & PCI Qualified Security Assessor (QSA) plays a key leadership role in delivering high‑quality cyber security and compliance advisory services, with a primary focus on PCI DSS assessments and advisory engagements, supplemented by broader cyber risk, governance, and assurance services.
The role is accountable for leading client engagements end‑to‑end, acting as the senior delivery resource, trusted advisor, and subject matter expert. This includes planning, execution, quality assurance, stakeholder management, and successful close‑out of projects. The Senior Consultant may work independently or lead small project teams and contributes actively to the growth and reputation of the Digital Risk Advisory practice.
Key Responsibilities & Accountabilities
Client Delivery & Engagement Leadership
Lead cyber security and PCI DSS client engagements from initiation through delivery and closure.
Act as the primary point of contact for clients during assigned engagements, ensuring clear communication, scope control, and expectation management.
Deliver high‑quality, concise, and actionable reports suitable for technical teams, senior management, and executive stakeholders.
Apply judgement and experience to complex risk and compliance issues, ensuring pragmatic and proportionate recommendations.
PCI DSS & QSA Responsibilities
Perform PCI DSS assessments in line with PCI SSC requirements, including:
Scoping and gap assessments
On‑site and remote assessments
Completion of SAQs, Reports on Compliance (ROC), and Attestations of Compliance (AOC)
Provide expert advice on PCI DSS control implementation, compensating controls, and remediation planning.
Support clients in achieving and maintaining PCI DSS compliance across complex environments.
Stay current with PCI DSS standard updates, guidance, and assessor program requirements.
Cyber Security & Risk Advisory
Deliver broader cyber security advisory services including:
Information security risk assessments and business impact analysis
Governance, risk, and compliance (GRC) assessments
Framework‑based assessments (e.g. ISO/IEC 27001, ISO/IEC 42001, NIST CSF, NIST 800-53, SOC 2, HIPPA, SABSA, COBIT)
Cyber supply chain security and third‑party risk assessments
Advise clients on the design and improvement of cyber security strategies, policies, and control environments.
Investigate significant security incidents or control failures and recommend control improvements.
Quality, Assurance & Professional Practice
Take responsibility for quality assurance of own work and contributions from junior team members.
Ensure delivery is compliant with internal methodologies, standards, and contractual requirements.
Participate in peer reviews, knowledge sharing, and continuous improvement of consulting practices and assets.
Commercial & Practice Contribution
Identify and nurture commercial opportunities during engagements and contribute to account growth.
Support pre‑sales activities including proposal writing, tender responses, and client presentations.
Act as a mentor to consultants and junior team members, supporting their professional and technical development.
Contribute to internal training, capability development, and thought leadership activities.
Key Performance Indicators
Successful delivery of cyber security and PCI DSS engagements to time, quality, and budget
Client satisfaction and trusted‑advisor status
Identification and support of new commercial opportunities
Effective stakeholder engagement and team leadership
Contribution to practice capability, knowledge sharing, and mentoring
Travel & Language Requirements
Willingness to travel nationally and internationally
Business‑level English (fluent)
Additional languages desirable
Person Specification
Knowledge & Experience (Essential)
Minimum 2+ years’ experience as a PCI DSS Qualified Security Assessor (QSA) delivering PCI DSS engagements.
Proven experience leading or independently delivering consulting engagements in cyber security or information risk.
Strong experience completing PCI DSS deliverables including SAQs, ROCs, and AOCs.
Experience advising clients on scoping, remediation, and ongoing compliance strategies.
Demonstrable experience working with at least two major security frameworks (e.g. PCI DSS, ISO/IEC 27001, ISO/IEC 42001, NIST CSF, NIST 800-53, SABSA, COBIT).
Experience communicating complex cyber security concepts to both technical and non‑technical stakeholders, including senior management and boards.
Skills & Abilities
Information Security & Assurance
Conducts cyber security risk assessments, vulnerability analysis, and business impact assessments.
Interprets and applies security and assurance policies, standards, and regulatory requirements.
Investigates significant security control failures or incidents and recommends improvements.
Stakeholder & Relationship Management
Builds and maintains strong, long‑term client relationships.
Leads stakeholder engagement strategies and manages complex client environments.
Acts confidently as a trusted advisor.
Project Management
Leads medium‑scale consulting projects with direct business impact.
Manages scope, resources, risks, and quality to achieve successful outcomes.
Uses appropriate delivery approaches (predictive or agile).
Commercial Awareness
Identifies sales opportunities and contributes to pipeline development.
Supports pre‑sales and proposal activities.
Understands client business drivers and market context.
Qualifications & Certifications
Essential
PCI DSS Qualified Security Assessor (QSA) – current and in good standing
ISO/IEC 27001 Lead Auditor / Implementer
NIST CSF, NIST 800-53 certifications
CISSP
CISM
CISA
Desirable
ISO/IEC 42001 Lead Implementer
SOC2
HIPPA
CRISC
Security+, Network +
Bachelor’s Degree, or equivalent professional experience
Personal Qualities & Behaviours
Client‑centric and committed to excellence in service delivery
Confident, professional, and credible under pressure
Strong integrity, impartiality, and ethical standards
Results‑focused with strong problem‑solving skills
Adaptable, collaborative, and open to change
Proactive self‑manager and mentor to others
Strategic thinker who can link long‑term objectives with day‑to‑day delivery
#J-18808-Ljbffr