InfoSec, Risk and Compliance Consultant - ISO 27001, PCI DSS

Information Security, Risk & Compliance Consultant - Global eCommerce Company - ISO 27001, PCI DSS

Do you want to be part of a growing fast-paced and ambitious team, enjoy strong career progression opportunities, a buzzing work environment, and great salary and bonus?

Are you an Information Security, Risk & Compliance Consultant who knows in the ins and outs of ISO 27001 and PCI DSS (Payment Card Industry Data Security Standard)?

Then do continue reading…

As an Information Security, Risk & Compliance Consultant, you will be reporting directly into the IS, Risk & Compliance Lead.


  • Assist and support Cybersecurity Team workstreams and activities as required
  • Produce, review and contribute to information/cyber security policies and standards
  • Liaise with other teams/functions to ensure that data and systems are adequately protected and appropriately monitored
  • Liaise with 3rd parties that may store sensitive data on behalf of the company, ensuring that the data is stored and monitored appropriately
  • Conduct regular and ongoing monitoring of and reporting on enterprise-wide compliance with information security standards and policies
  • Assist and/or manage internal and external audits (e.g. of suppliers) as required
  • Manage, track and monitor corrective action plans for security audit findings, standards exceptions and control deficiencies

Key KPIs:

  • Achievement of agreed security standards as agreed by the IS, Risk & Compliance Lead
  • Appropriate security governance processes are implemented and adhered to
  • Appropriate security policies and practices are implemented and adhered to
  • Appropriate security technologies as defined in the strategy are implemented successfully
  • Mitigate known security risks; avoid the avoidable incidents / breaches


  • At least one industry-recognized Information Security certifications e.g. CISSP, CISA, CISM or ISO 27001 Lead Implementer/Auditor
  • Previous experience in a governance, risk and compliance (GRC) role
  • Previous experience of using GRC tools
  • Strong technical skills relevant to Information Security, such as data encryption, secure data transmission, secure data consumption and risk analysis
  • Familiarity with Information Security industry standards/best practices and relevant regulations (e.g. PCI DSS, ISO 27001, NIST, COBIT)
  • General knowledge of applicable data privacy practices and laws
  • Strong understanding of security technologies and best practices

Base salary on offer is up to £60K (potentially more if you tick all the boxes), plus a £5.5K flexible benefits package (cash), pension (7% from you and 7.5% from the company), 10% bonus, 26 days' holidays (1 day for your birthday). Also: great development programmes, amazing offices and great culture, subsidised gym and canteen, huge staff discount, life insurance, medical care, cycle to work scheme, etc.

Information Security, Risk & Compliance Consultant - Global eCommerce Company - ISO 27001, PCI DSS

Similar searches: Permanent, Retail, Wholesale & FMCG