Security consultant(payments compliance) - germany

Title: Security Consultant (Payments Compliance) Location: Remote, Hybrid (Hamburg, Ludwigsburg - Germany) Job type: Full-Time Permanent Salary: Negotiable / DOE About Us Integrity360 is a leading independent cybersecurity and PCI specialist operating across Europe, Africa, the Caribbean, and North America. The company has office locations in Ireland, the UK, Bulgaria, Italy, Sweden, Spain, Lithuania, Ukraine, Africa, the Caribbean, and Canada, supported by six Security Operations Centres (SOCs) located in Dublin, Sofia, Madrid, Stockholm, Rome, and Cape Town. With over 780 employees, including more than 585 dedicated cybersecurity professionals, Integrity360 delivers a full suite of professional, support, and managed security services. These span the complete cyber risk lifecycle, from identification and prevention to detection, response, and recovery. Integrity360 supports over 3000 mid-market and enterprise organisations across sectors including financial services, insurance, government, healthcare, retail, telecommunications, and utilities. At Integrity360, people come first. We invest heavily in learning, development and progression, fostering a dynamic culture where innovation, collaboration and continuous growth are at the heart of what we do. If you're ready to take your cyber security career to the next level, we’d love to hear from you. Job Role The goal for the Security Consultant is to become a Payment Card Industry Data Security Standard Qualified Security Assessor (PCI DSS QSA). The Security Consultant participates and will lead security consultancy and assessment engagements with clients within the financial services and payment card industries. Focusing on delivery of Payment Compliance services, which include but are not limited to: PCI Data Security Standard assessments Support in PCI Specialized assessments (PCI PIN, PCI P2PE, etc.) SWIFT Gap analysis Policy and procedure review Advisory for audit preparation and remediation Primary Duties/Responsibilities include: Pre-Sales Starting with the information received from the sales team, independently carry out the estimate of the effort required to deliver a security service, reporting the result to the regional lead for approval. Lead customer engagements and provide senior cyber security advice and services to a broad range of clients and industries. Provide detailed analytical reporting, internal reporting metrics and program management. Provide leadership and mentorship to Junior consultants. Delivery Prepare, organize and support delivery by team members of engagements onsite and offsite including but not limited to gap analysis, security assessment, risk and/or compliance assessment using one or more industry or regulatory standard or framework. Processes and Documentation Assess compliance related documentation including policies, procedures, standards and legislative directives. Provide remediation support and guidance on the security aspects of the administration and maintenance of processes and documentation, infrastructure components, applications, services and security systems. Deliver detailed reports following Integrity360’s reporting best practice and templates. Ensure QA process for Payments Compliance standards is initiated and applied for relevant projects, in cooperation with QA and Backoffice team. Establish new standards and reviews of existing documentation to ensure the correct application of the processes. In cooperation with Practice Lead(s) and other consultants, estimate, plan and monitor team budget. Provide regular status update to internal stakeholders (Practice Lead(s), PMO). Participate in continuous improvement of internal processes (reporting tools, assessment automation etc.) Communication Participate in external conferences and promote Integrity360 by identifying important industry events. Support marketing activities related to existing Professional Service portfolio and customer acquisition working in collaboration with marketing team. Act as a communication point between regional team, other professional services teams, Customer Success and other departments. Supports sales team in development and effort estimations for new opportunities (e.g. new and evolving industry standards). Stay up to date on developments in the Payments Compliance realm, understanding new standards and regulations and their impact on Integrity360. Required skills: Relevant Experience in Fintech industry and security standards and directives consultancy services (e.g. PCI DSS, PSD2, ISO 27001, SWIFT, etc.) Cryptographic techniques including algorithms, key management, and key lifecycle. Physical security techniques for high-security areas Authentication methods and techniques Security integrity controls Computer Networking (routing, switching, firewall network filtering) Operating Systems hardening and administration (Linux/Unix, Windows). Public key infrastructure (PKI) and the role and operations of a Certification Authority (CA) and Registration Authority (RA) Hardware security modules (HSMs) operations, policies, and procedures POI key-injection systems and techniques including key-loading devices (KLDs) and key management methods, such as Master/Session or DUKPT Core Competencies Problem solving (analysis, helicopter view, problem setting, decision making) Planning and organization (time management, scheduling and control) Communication (clearness, listening, persuasion, negotiation, public speaking) Networking (reinforce relationships, use emotional intelligence and personal proximity) Results orientation (delivering solutions, work under pressures) Leading and empowering people (self-confidence, establishing focus, providing motivational support and feedback, fostering teamwork and integration) Economic sensitivity (economic variables evaluation, profit and loss dynamics) Certifications/Qualifications Must haves: Willingness to travel 30 – 40% Excellent written and oral communication skills in German and English. Must be able to conduct engagements in both languages. One or more of the following information security certifications: (ISC)2 Certified Information System Security Professional (CISSP) ISACA Certified Information Security Manager (CISM) Certified ISO 27001 Lead Implementer One or more of the following audit certifications: ISACA Certified Information Systems Auditor (CISA) GIAC Systems and Network Auditor (GSNA) Certified ISO 27001, Lead Auditor, Internal Auditor IRCA ISMS Auditor or higher—e.g., Auditor/Lead Auditor, Principal Auditor IAA Certified Internal Auditor (CIA) Nice to haves: Information security audit experience Offensive security experience and certifications LI-VP1