My Shortlist

Your shortlisted jobs will appear here. To view your shortlist: Login Or Register

Date Added: Sat 08/06/2024

Senior Lead Consultant - PCI And Frameworks

London, UK
Apply Now


Job Type: Permanent

Salary: Negotiable

Senior Lead Consultant - PCI and Frameworks

Who are we looking for?

Are you a passionate, experienced cyber security expert with a track record of delivery excellence, and driving customer value?

Do you thrive on managing a wide range of cyber security projects, across a variety of frameworks including PCI DSS, NIST and ISO 27001; in a rapidly scaling company with an opportunity to shape services and be at the forefront of driving company growth?

Bridewell has seen extensive growth over the past few years and continues to grow across all service lines. We are currently looking for cyber security professionals who have extensive experience in leading and delivering PCI DSS engagements, whilst also having experience across wider security topics. You'll therefore have a broad knowledge set and can lead and deliver interesting projects, whilst developing and maintaining client relationships at a senior level.

You will be able to articulate, sell and deliver different Bridewell propositions to our target market, confident leading engagements solely or as a leader as part of a wider team.

What you'll be doing

While the primary focus of this role is scoping and delivering PCI DSS consultancy and assessment engagements, the ideal candidate will also have exposure to other standards such as NIST and ISO 27001. At a Senior Lead level, you will be taking a lead role with a variety of clients to manage and deliver a range of interesting projects. You'll also either be directly managing or working towards managing a team of Senior Consultants and Consultants, creating a leading a high performing team within Bridewell.

  • Assist clients in meeting compliance obligations by evaluating business, technology, and operations against security standards.
  • Produce detailed, high-quality reports for clients and industry third parties (e.g., payment card brands and the PCI Security Standards Council).
  • Take ownership of project work, such as a PCI DSS assessment, from start to finish, including deliverables and work products.
  • Delivery of wider client engagements to a high-quality, work could cover ISMS development, assisting companies gain ISO27001 certification, NIS D compliance and assisting with other areas of governance, risk and compliance as required.
  • Staying on top of the latest developments within cyber security by attending training and conferences.
  • Working with the leadership and sales team to respond to tenders and provide pre-sales support.
  • Quality Assure other consultants work as required.
  • Input into the development of Bridewell security methodologies.

What we're looking for

You'll have experience of:

  • Leading PCI DSS engagements across both merchant and service provider environments including assessment and non-assessment delivery.
  • Conducting PCI DSS v4 assessments and documenting associated RoC and AoC materials.
  • Designing and supporting clients to implement PCI DSS compliant solutions including documenting CCWs and Customised Approach templates.
  • Working within highly regulated environments e.g. financial services or gaming.
  • Working with complex technical architectures including public and private cloud, containerisation and integrated third party service providers.
  • Implementing other security standards such as ISO27001, NIST, NIS-D/NIS 2/NCSC CAF.
  • Conducting cyber security risk assessments and managing risk management activities.
  • Working with both technical teams and board members.
  • Conducting cyber security assessments and gap analysis against various frameworks.
  • Working with regulators or industry bodies.
  • Developing solutions to address client security requirements.
  • Supporting business development opportunities, proposal development and presentations.


You'll need to have:

  • In depth understanding of PCI DSS, ISO 27001 and other similar standards.
  • Expertise in the execution and delivery of information security assessments.
  • Excellent spoken and written communication to explain your methods to a technical and non-technical audience.
  • Attention to detail, to be able to plan and execute tests while considering client requirements.
  • Good time management and organizational skills to meet client deadlines.
  • Ability to perform root cause analysis and deliver strategic recommendations during client reviews.
  • Teamwork skills, to support colleagues and share techniques.
  • Commitment to continuously update your technical knowledge base.


To be eligible for this job you must either:

  • Be an existing active QSA in good standing with the PCI SSC, or
  • Have more than 5 years' current experience in delivering PCI DSS engagements and hold at least one qualification from both List A and List B:
  • Certified Information Systems Security Professionals (CISSP) (List A)
  • Certified Information Security Manager (CISM) (List A)
  • ISO27001 Lead Implementer (List A)
  • Certified Information Systems Auditor (CISA) (List B)
  • ISO27001 Lead Auditor (List B)

What's in it for you?

Our vision is to create a safe, inclusive digital world where people and organisations can thrive. Our values of Do the Right Thing, One Team and Above and Beyond emphasises the importance of the part we play in society, and our commitment to our people and clients. Our story to-date has been phenomenal, but success doesn't end here and as we continue to grow and scale, we want to keep the same culture, passion and commitment to high quality that has enabled us to get this far. Bridewell will provide a great career opportunity with continual development as well as the following:

  • Competitive Salary
  • 25 Days Holiday - Plus buy and sell options
  • Flexible Working (around core office hours)
  • Profit Share Scheme
  • Company Pension
  • Employee Shareholder Scheme
  • Dedicated Training Budget
  • Home Office Equipment (for remote working employees)
  • Life Assurance
  • Cycle to Work Scheme
  • Electric Vehicle Scheme
  • Private Healthcare (incl. Gym discounts)
  • Vision Care
  • Birthday off (After 1 year)

About Bridewell

One of the most exciting prospects in the UK Cyber Security sector today, Bridewell is one of the fastest growing Cyber Security services businesses with a strong track record for delivering complex security projects and providing excellent customer service. Bridewell has an exciting and varied portfolio of clients across Financial Services, Manufacturing, Oil & Gas, Government, Critical National Infrastructure and more. Bridewell holds the Gold level Investors in People award which we feel solidifies and reflects on the outstanding calibre that makes us truly One Team.

Along with our focus on our people, we also have a big focus on sustainability and recognise the role we play in the fight against climate change. Today, Bridewell is proud to be a carbon negative business.

Location: Bridewell operates a hybrid and flexible working policy, however you will be required to travel to different sites both within the UK and overseas which will require you to hold a valid passport.

Note: To be eligible for this job you must either hold SC or be eligible and willing to go through security clearance.

Bridewell values diversity in the workplace and is a fair and equal opportunity employer. We are committed to creating an equal and inclusive working environment, with the aim that our employees will be truly representative of all sections of society and each person feels respected and able to give their best.

Apply Now