Logo of Huzzle

Senior Lead Consultant – PCI and Frameworks



11d ago

  • Job
    Senior Level
  • Consulting


  • You’ll have experience of: Leading PCI DSS engagements across both merchant and service provider environments including assessment and non-assessment delivery.
  • Conducting PCI DSS v4 assessments and documenting associated RoC and AoC materials.
  • Designing and supporting clients to implement PCI DSS compliant solutions including documenting CCWs and Customised Approach templates.
  • Working within highly regulated environments e.g. financial services or gaming.
  • Working with complex technical architectures including public and private cloud, containerisation and integrated third party service providers.
  • Implementing other security standards such as ISO27001, NIST, NIS-D/NIS 2/NCSC CAF.
  • Conducting cyber security risk assessments and managing risk management activities.
  • Working with both technical teams and board members.
  • Conducting cyber security assessments and gap analysis against various frameworks.
  • Working with regulators or industry bodies.
  • Developing solutions to address client security requirements.
  • Supporting business development opportunities, proposal development and presentations.
  • Skills:
  • You’ll need to have:
  • In depth understanding of PCI DSS, ISO 27001 and other similar standards.
  • Expertise in the execution and delivery of information security assessments.
  • Excellent spoken and written communication to explain your methods to a technical and non-technical audience.
  • Attention to detail, to be able to plan and execute tests while considering client requirements.
  • Good time management and organizational skills to meet client deadlines.
  • Ability to perform root cause analysis and deliver strategic recommendations during client reviews.
  • Teamwork skills, to support colleagues and share techniques.
  • Commitment to continuously update your technical knowledge base.
  • To be eligible for this job you must either:
  • Be an existing active QSA in good standing with the PCI SSC, or
  • Have more than 5 years’ current experience in delivering PCI DSS engagements and hold at least one qualification from both List A and List B:
  • Certified Information Systems Security Professionals (CISSP) (List A)
  • Certified Information Security Manager (CISM) (List A)
  • ISO27001 Lead Implementer (List A)
  • Certified Information Systems Auditor (CISA) (List B)
  • ISO27001 Lead Auditor (List B)


  • While the primary focus of this role is scoping and delivering PCI DSS consultancy and assessment engagements, the ideal candidate will also have exposure to other standards such as NIST and ISO 27001. At a Senior Lead level, you will be taking a lead role with a variety of clients to manage and deliver a range of interesting projects. You’ll also either be directly managing or working towards managing a team of Senior Consultants and Consultants, creating a leading a high performing team within Bridewell.
  • Assist clients in meeting compliance obligations by evaluating business, technology, and operations against security standards.
  • Produce detailed, high-quality reports for clients and industry third parties (e.g., payment card brands and the PCI Security Standards Council).
  • Take ownership of project work, such as a PCI DSS assessment, from start to finish, including deliverables and work products.
  • Delivery of wider client engagements to a high-quality, work could cover ISMS development, assisting companies gain ISO27001 certification, NIS D compliance and assisting with other areas of governance, risk and compliance as required.
  • Staying on top of the latest developments within cyber security by attending training and conferences.
  • Working with the leadership and sales team to respond to tenders and provide pre-sales support.
  • Quality Assure other consultants work as required.
  • Input into the development of Bridewell security methodologies.

Winners 'Cyber Security Company of the Year 2023' at Business Magazine Awards | NCSC, CREST, IASME, PCI DSS QSA & SOC 2

Founded Year

Mission & Purpose

Bridewell is a cybersecurity firm that offers a range of services, including cybersecurity consulting, managed security services, and security testing. Their ultimate mission is to protect businesses and organisations from cyber threats by providing innovative and effective cybersecurity solutions. Bridewell's purpose is to help their clients strengthen their security posture, mitigate risks, and achieve compliance with relevant regulations and standards. They work closely with their clients to understand their unique security challenges and develop tailored strategies to safeguard their digital assets and sensitive information

Culture & Values

  • Do the Right Thing

    Always authentic, professional and accountable.

  • One Team

    Always energetic, empathetic and an extension of our clients’ teams.

  • Above & Beyond

    Always delivering an exceptional, adaptable and expert service.


  • Paid Sick Leave

    If you are unable to work due to sickness, due to physical or mental illness, Bridewell will pay statutory sick pay (SSP). Life Insurance - Bridewell provides life assurance at 4x salary. (From 1 January 2023).

  • Health Insuarench

    Bridewell provides comprehensive healthcare insurance with access to Digital GP and additional healthcare services.

  • Cycle to Work

    Buy a bike and other cycling equipment worth up to £2,500 through our cycle-to-work scheme.

  • Electric Vehicle Scheme

    Use our salary sacrifice scheme to save money on the purchase of an electric vehicle. (From 1 January 2023).

  • Pension

    By default, Bridewell will enrol you into our pension scheme. (From 1 January 2023, this will be a 5% contribution of your full pay. Employees can opt-out of the pension scheme if they prefer).