Principal Consultant - QSA

About Integrity360

Integrity360 is one of Europe’s leading cyber security specialists operating from office locations spread out across Europe, providing a comprehensive range of professional, support and managed cyber security services for our 300+ clients. With four top-class Security Operation Centers, we offer a complete end-to-end security services covering our clients’ security from every angle. Our services include Managed Security, Cyber Security Testing, Incident Response, Security Integration, PCI Compliance and Cyber Risk & Assurance services. 

What sets Integrity360 apart is our excellent team of people that drive the business forward. The company was founded with a focus on technical expertise and that philosophy remains today. The skills and experience in our company are some of the greatest in the industry and clients remain with Integrity360 because they can rely on and trust us to go above and beyond to ensure their needs are met. Listed multiple times on Gartner Market Guides for Managed Security Services. 

Role Mission

To lead Security Consultancy engagements and pre-sales processes with clients within financial services and payment card industries. Focusing on delivery of Payment Compliance services, which include but are not limited to:

• PCI specialized assessment (PIN, P2PE, SSF, 3DS, etc.)

• PCI DSS, Swift, PSD2 assessments,

• GAP Analysis,

• Policy and Procedure review.

Key Responsibilities

Pre-Sales 

• Starting from the information received from the sales team, independently carry out the estimate of the effort required to deliver a security services, reporting the result to the regional lead for approval.

• Lead customer engagements and provide senior cyber security advice and services to a broad range of clients and industries. Provide detailed analytical reporting, internal reporting metrics and program management. Provide leadership and mentorship to Junior consultants.

Delivery

• Prepares, organizes and supports delivery by team members of engagements offsite or at customer premises including but not limited to gap analysis, security assessment, risk and/or compliance assessment using one or more industry or regulatory standard or framework.

Processes and Documentation

• Assesses compliance related documentation including policies, procedures, standards and legislative directives.
• Provides remediation support and guidance on the security aspects of the administration and maintenance of processes & documentation, infrastructure components, applications, services and security systems.
• Delivers detailed reports following Integrity360’s reporting best practice and templates.
• Ensure QA process for Payments Compliance standards is initiated and applied for relevant projects, in cooperation with QA and Backoffice team.
• Establishes new standards and reviews existing documentation to ensure the correct application of the processes.
• In cooperation with Practice Lead(s), estimating, planning & monitoring team budget.
• Provide regular status update to internal stakeholders (Practice Lead(s), PMO).
• Participate in continuous improvement of internal processes (reporting tools, assessment automation etc.)

Communication 

• Participates to external conferences and promotes Integrity360 by identifying important Industry events.

• Support marketing activities related to existing Professional Service portfolio and customer acquisition working in collaboration with marketing team.

• Act as a communication point between regional team, other professional services teams, Customer Success and other departments.

• Supports sales team in development and effort estimations for new opportunities (e.g. new and evolving industry standards).

• Stay up-to-date on developments in the Payments Compliance realm, understanding new standards and regulations and their impact on Integrity360.

Key Skills

• Relevant Experience in Fintech industry and security standards & directives consultancy services (PCI DSS, PSD2, ISO 27001, SWIFT, etc.)

• Cryptography techniques including algorithms, key management, and key lifecycle.

• Public key infrastructure (PKI) and the role and operations of a Certification Authority (CA) and Registration Authority (RA)

• Hardware security modules (HSMs) operations, policies, and procedures

• POI key-injection systems and techniques including key-loading devices (KLDs) and key management methods, such as Master/Session or DUKPT

• Physical security techniques for high-security areas

• Authentication methods and techniques

• Security Integrity controls

• Computer Networking (routing, switching, firewall network filtering)

• Operating Systems hardening and administration (Linux/Unix, Windows).

Core Competencies

• Problem Solving (analysis, helicopter view, problem setting, decision making)
• Planning and Organization (time management, scheduling and control)
• Communication (clearness, listening, persuasion, negotiation, public speaking)
• Networking (reinforce relationships, use emotional intelligence and personal proximity)
• Results Orientation (delivering solutions, work under pressures)
• Leading and Empowering People (self-confidence, establishing focus, providing motivational support and feedback, fostering teamwork and integration)
• Economic Sensitivity (Economic variables evaluation, Profit & Loss dynamics)