Security Advisory Consultant - PCI-DSS QSA




Are you passionate about cyber security? Do you enjoy helping organizations enhance their cyber resilience?
If so, WithSecure Consulting might have the perfect job for you!
We are looking for a Security Advisory Consultant (PCI-DSS QSA) to join our Consulting Team. In this role, you'll perform risk assessments, conduct PCI-DSS evaluations, and build tailored security programs. You'll define risk mitigation strategies, establish governance frameworks, and advise on security objectives, strategy, and budget. Building strong, long-term client relationships across various departments is key.
Our PCI DSS strategy is technically oriented, emphasizing robust security development. We value your experience and technical expertise in risk mitigation planning, system architecture assessment, and IT administration.
What we're expecting from you:
- QSA Certification
- 3+ years of professional experience in PCI-DSS evaluations and implementations
- Conducting risk assessments to identify and evaluate potential threats and vulnerabilities
- Developing threat models to understand and mitigate risks
- Establishing and maintaining GRC programs to ensure that security practices align with business objectives and regulatory requirements
- Proficiency in Finnish and English
- Being an awesome colleague!
Bonus points:
- Recognized certifications in risk, security, and privacy management, IT management, and project management, such as CISSP, CISM, ISO27001, and CISA
- Experience with agile process models and various software development lifecycles
- Technical architecture skills, including cloud architecture
- Ability to collaborate effectively with roles in software development, such as technical architects, software developers, and product managers, on their terms
Why you'll love us:
- Continuous learning: We invest in your education and support your development through relevant training, conferences, and certifications. You'll also have opportunities to learn on the job and from your colleagues. We arrange monthly knowledge-sharing sessions for the whole team to ensure you benefit from our in-house expertise (and can spread your wisdom, too).
- Research time: If you're passionate about security research, you'll have dedicated time to pursue it and collaborate with brilliant minds. We'll support you in writing blog posts and presenting at conferences. Our team has presented at notable events like Defcon and Disobey, among others.
- Top-notch team: We are a team of true cyber security experts. Join us to work with and learn from the best in the industry. Iron sharpens iron, after all.
Ready to join the cyber security elite? Apply now and let's make the digital world a safer place!