Senior Security Assessor (QSA) - UK Region

Senior Security Assessor – UK Region

ControlCase is seeking a Senior Security Assessor (QSA) based in the UK with strong, up-to-date experience in IT security assessment and auditing. In this role, you will work directly with client organizations and their teams to assess their IT environments against a wide range of industry standards and regulations, including PCI DSS, ISO 27001/2, GDPR, NIS2, DORA, and other relevant EU frameworks or regulations. Your primary responsibilities will include collaborating closely with stakeholders, supporting the consulting engagements, conducting comprehensive security assessments, and ensuring compliance with current industry and regulatory requirements. Fluency in German and/or Spanish preferred.

What does ControlCase offer?

ControlCase is a global service provider and innovator in the use of Compliance as a Service (CaaS) so that businesses can meet regulatory compliance mandates with efficiency and cost effectiveness.

Working at ControlCase means becoming part of a team that makes a real difference. You'll have the chance to work on projects that have a significant impact on our clients and in an organization that believes in investing in our employees' growth and development through continuous learning. You'll have access to training programs, mentorship opportunities, and other resources to help you expand your skills and expertise.

At ControlCase, we prioritize the empowerment of our employees by furnishing them with the tools needed for success. Experience the autonomy of a fully remote work environment, complete with a company-provided computer, monitor, and peripherals. We offer mileage and travel reimbursement for business obligations. Additional benefits include phone/internet reimbursement, paid vacation (PTO) per year, as per local regulations/practices, in addition to country-specific official holidays. At ControlCase, we continuously strive to help you elevate your career and lifestyle with a perks package designed to facilitate your professional journey.

Competitive Salary

Paid time-off.

Quarterly Performance Bonus

Monthly reimbursement for telephone & internet

Diverse International Team of IT Professionals.

Professional Development and Career Coaching

Company-paid training and certifications (as per HR policy and a manager's approval).

Competitive Salary – 110,000 to 118,000 GBP depending on qualifications. Additional quarterly bonus 10,000 GBP/year paid quarterly, dependent upon meeting defined scorecard objectives.

Location—This job is 100% remote, with the requirement to travel to client locations in the EU region to support the audit work as needed.

Qualifications and Desired Skills:

• Must be a PCI DSS certified QSA
• Must have recent and extensive IT Security auditing or consulting experience
• Prefer a bachelor’s degree with a specialization in information assurance
• At least 5 years’ overall experience in information security
• Ability to analyze network architectures and review the network device (Firewalls/ Switches/ Routers/ IDS/IPS/ Load Balancers etc.) and Servers/ Virtualization Devices configurations
• Good understanding and audit experience in cloud computing environments (e.g., Amazon Web Services, Microsoft Azure, Google Cloud Platform)
• In-depth knowledge of IT Security Policies and Procedures that govern client’s Information Security and Privacy programs
• In-depth knowledge and experience in IT Security, including access controls, network security, logging/monitoring, vulnerability assessments, system hardening, secure software development, application security, encryption, and key management best practices etc.
• In-depth knowledge and work experience with IT Security standards/frameworks, including PCI DSS, ISO 27001/2, GDPR, NIS2, DORA, and other relevant EU frameworks or regulations.
• At least one certification from each group is preferred:
• Group 1- CISA, ISO27001 Lead Auditor
• Group 2- CISSP, ISO27001 Lead Implementer, CISM
• Demonstrated ability to structure and lead projects successfully

Responsibilities:

• Lead client audits/assessments and interface with clients to review and analyze complex systems (Applications, Operating systems, Databases, and Networking devices) and identify risks and vulnerabilities within the client environments as per the requirements defined in the security standards and regulations

• Work with the client to understand their business processes, analyze sensitive data flows (business and application data flows), network architecture, and define the proper audit/assessment scope

• Wherever possible, provide audit/assessment scope reduction guidance to the client

• Work independently with the client to perform audit interviews, collect, consolidate, and analyze evidence for the compliance assessment, and meet the internal quality assurance requirements throughout the assessment

• Provide consulting guidance and recommendations to clients to help them meet compliance requirements and improve security in accordance with applicable security controls

• Establish and maintain positive collaborative relationships with clients and stakeholders

• Produce final reports on compliance to detail the controls observed during security assessments in accordance with various security standards and regulations

• Escalates client and project issues to management in a timely manner to inform and engage the necessary resources to address the issue

• Collaborate with project managers, internal quality assurance group, sales, and other delivery team members to drive customer satisfaction and meet project deliverables

• Work on continuous professional development in maintaining industry-specific certifications and a strong depth of knowledge in the practice area

Job Types: Full-time, Permanent

Experience:

• Information Security: 5 years (required)

License/Certification:

• PCI QSA
• At least one certification from each group is preferred:
• Group 1- CISA, ISO27001 Lead Auditor
• Group 2- CISSP, ISO27001 Lead Implementer, CISM

Work Location: UK (Remote with client onsite travel as necessary)

Expected start date: ASAP