Senior Security Assessor - QSA

Senior Security Assessor – UK RegionControlCase is seeking a Senior Security Assessor (QSA) based in the UK with strong, up-to-date experience in IT security assessment and auditing. In this role, you will work directly with client organizations and their teams to assess their IT environments against a wide range of industry standards and regulations, including PCI DSS, ISO 27001/2, GDPR, NIS2, DORA, and other relevant EU frameworks or regulations. Your primary responsibilities will include collaborating closely with stakeholders, supporting the consulting engagements, conducting comprehensive security assessments, and ensuring compliance with current industry and regulatory requirements. Fluency in German and/or Spanish preferred.What does ControlCase offer?ControlCase is a global service provider and innovator in the use of Compliance as a Service (CaaS) so that businesses can meet regulatory compliance mandates with efficiency and cost effectiveness.Working at ControlCase means becoming part of a team that makes a real difference. You'll have the chance to work on projects that have a significant impact on our clients and in an organization that believes in investing in our employees' growth and development through continuous learning. You'll have access to training programs, mentorship opportunities, and other resources to help you expand your skills and expertise.At ControlCase, we prioritize the empowerment of our employees by furnishing them with the tools needed for success. Experience the autonomy of a fully remote work environment, complete with a company-provided computer, monitor, and peripherals. We offer mileage and travel reimbursement for business obligations. Additional benefits include phone/internet reimbursement, paid vacation (PTO) per year, as per local regulations/practices, in addition to country-specific official holidays. At ControlCase, we continuously strive to help you elevate your career and lifestyle with a perks package designed to facilitate your professional journey.Competitive SalaryPaid time-off.Quarterly Performance BonusMonthly reimbursement for telephone & internet Diverse International Team of IT Professionals.Professional Development and Career CoachingCompany-paid training and certifications (as per HR policy and a manager's approval).Competitive Salary – 110,000 to 118,000 GBP depending on qualifications. Additional quarterly bonus 10,000 GBP/year paid quarterly, dependent upon meeting defined scorecard objectives.Location—This job is 100% remote, with the requirement to travel to client locations in the EU region to support the audit work as needed.Qualifications and Desired Skills:Must be a PCI DSS certified QSAMust have recent and extensive IT Security auditing or consulting experiencePrefer a bachelor’s degree with a specialization in information assuranceAt least 5 years’ overall experience in information securityAbility to analyze network architectures and review the network device (Firewalls/ Switches/ Routers/ IDS/IPS/ Load Balancers etc.) and Servers/ Virtualization Devices configurationsGood understanding and audit experience in cloud computing environments (e.g., Amazon Web Services, Microsoft Azure, Google Cloud Platform)In-depth knowledge of IT Security Policies and Procedures that govern client’s Information Security and Privacy programsIn-depth knowledge and experience in IT Security, including access controls, network security, logging/monitoring, vulnerability assessments, system hardening, secure software development, application security, encryption, and key management best practices etc.In-depth knowledge and work experience with IT Security standards/frameworks, including PCI DSS, ISO 27001/2, GDPR, NIS2, DORA, and other relevant EU frameworks or regulations.At least one certification from each group is preferred:Group 1- CISA, ISO27001 Lead AuditorGroup 2- CISSP, ISO27001 Lead Implementer, CISMDemonstrated ability to structure and lead projects successfullyResponsibilities:Lead client audits/assessments and interface with clients to review and analyze complex systems (Applications, Operating systems, Databases, and Networking devices) and identify risks and vulnerabilities within the client environments as per the requirements defined in the security standards and regulationsWork with the client to understand their business processes, analyze sensitive data flows (business and application data flows), network architecture, and define the proper audit/assessment scopeWherever possible, provide audit/assessment scope reduction guidance to the clientWork independently with the client to perform audit interviews, collect, consolidate, and analyze evidence for the compliance assessment, and meet the internal quality assurance requirements throughout the assessmentProvide consulting guidance and recommendations to clients to help them meet compliance requirements and improve security in accordance with applicable security controlsEstablish and maintain positive collaborative relationships with clients and stakeholdersProduce final reports on compliance to detail the controls observed during security assessments in accordance with various security standards and regulationsEscalates client and project issues to management in a timely manner to inform and engage the necessary resources to address the issueCollaborate with project managers, internal quality assurance group, sales, and other delivery team members to drive customer satisfaction and meet project deliverablesWork on continuous professional development in maintaining industry-specific certifications and a strong depth of knowledge in the practice areaJob Types: Full-time, PermanentExperience:Information Security: 5 years (required)License/Certification:PCI QSAAt least one certification from each group is preferred:Group 1- CISA, ISO27001 Lead AuditorGroup 2- CISSP, ISO27001 Lead Implementer, CISMWork Location: UK (Remote with client onsite travel as necessary)Expected start date: ASAP

Created: 2025-11-19