Job Title

Security Consultant (QSA)Location: India, RemoteShift Time: UK shift hoursNo of positions: 2 positionsThis PositionAs a Qualified Security Assessor (Sr. QSA) you will provide assessments and consulting to our clients. The Senior Security Consultant will focus their efforts on client-facing delivery of various security regulatory and best practice consulting engagements, including PCI DSS, Secure Software (SSF), PIN, 3DS, P2PE, and Card Production Assessments. You will manage your own book of work and be the master of your own work schedule to the degree that it coincides with your clients’ requirements (that have been assigned to you) and delivery times required. You will conduct remote assessment activities and travel to client locations which usually last anywhere from 3-5 days for on-site activities over a 3–5-month timeframe for a single engagement. You will be working on an average of 3-4 active projects at any given time.What you’ll do As a Qualified Security Assessor (QSA) you will provide assessments and consulting to our clients. The Senior Security Consultant will focus their efforts on client-facing delivery of various security regulatory and best practice consulting engagements, including PCI DSS, Secure Software (SSF), PIN, 3DS, P2PE, and Card Production Assessments. You will manage your own book of work and be the master of your own work schedule to the degree that it coincides with your clients’ requirements (that have been assigned to you) and delivery times required. You will conduct remote assessment activities and travel to client locations which usually last anywhere from 3-5 days for on-site activities over a 3–5-month timeframe for a single engagement. You will be working on an average of 3-4 active projects at any given time. Responsibilities Perform both consulting, advisory and assessment services.Must maintain relevant certification required by industry and complete relevant ongoing continuing education required by certifications.Provide competent and relevant cybersecurity, governance, compliance, risk, and auditing in the technical space in accordance with various regulations and standards. Provide engagement management and high-level project management for delivery of services to multiple client which have been assigned to you by management.Evaluate client compliance with regulations such as Payment Card Industry Data Security Standard (PCI DSS), ISO 27K series, NIST, or other compliance standards and frameworks. Conduct audits and risk assessment based on National Institute of Science (NIST) standards like NIST Risk Management Framework, NIST Cyber Security Framework, NIST Privacy Framework, and International Standards organization (ISO) frameworks for risk and cybersecurity. Consultative support with clients in using risk assessment and audit based on National Institute of Science (NIST) or ISO27002. Sharing your expertise with clients and colleagues to aid in making decisions on topics like strategy and scope as well as deep and highly technical projects like web application architecture and security. Providing clear, organized findings and recommendations to clients and tracking progress towards resolution and compliance. Producing detailed, high-quality reports for clients and industry third parties like payment card brands and the PCI Security Standards Council. Learning from our close-knit group of consultants as well as contributing your thoughts, tools, industry news or lessons learned. Working with clients to implement practices to produce secure applications and identify and eliminate security vulnerabilities.Working independently, undertaking information security engagements including working co-ordination and project management (client interaction, deliverables, work plans, escalation’s, etc.). Growing the business by identifying up-sells with existing and potential clients.Providing regular status reports on all projects assigned.Being a team player and having the capability to expand having the capability to expand/adapt your skills in a fast-paced ever-changing industry. Qualifications/ Experience Bachelor’s degree or similar, and/or at least seven (5) + years of experience in a consulting or audit role, alternatively have experience in Information Security or IT security.Have at least one industry-recognized professional certification from each list below:List A: (ISC)2[object HTMLLIElement]Certified Information System Security Professional (CISSP) ISACA Certified Information Security Manager (CISM) Certified ISO 27001 Lead Implementer List B: ISACA Certified Information Systems Auditor (CISA) Certified ISO 27001, Lead Auditor, Internal Auditor 1 IRCA ISMS Auditor or higher (e.g., Auditor/Lead Auditor, Principal Auditor) IIA Certified Internal Auditor (CIA)PCI DSS QSA certification beneficial (although not required, we will get you certified).Experience working in sectors such as retail, banking, fintech, software development (or any other industry where card payments are accepted).Strong understanding of IT infrastructure including applications, servers, databases, network devices and security solutions.Strong understanding of IT and security processes including change control, patch management, vulnerability management, configuration management, incident response etc.Experience with software development methodologies and practices.Virtualization experience beneficial.Cloud security (AWS, Oracle) experience beneficial.Understanding of regulatory requirements and compliance issues affecting clients related to privacy and data protection. VikingCloud is an equal opportunities employer.