Securing business data
Call us today on 020 7592 8800

Careers at CNS Group


Lead Information Assurance Consultant - QSA

Headline Description

CNS Group provides skilled experts to help its client build cyber security and information assurance capability through pragmatic consultancy. This role will be a client facing role helping them to implement compliance regimes or controls in order to secure their organisations. CNS Group focuses on assisting UK companies from a variety of verticals (Government, Critical National Infrastructure, Finance, Legal, Retail etc.) therefore a vast majority or work takes place in the UK though there is some international travel required in certain instances.

CNS Group has a team of 6 Governance, Risk and Compliance consultants who cover a multitude of compliance regimes and control sets such as PCI DSS, ISO 27001, HMG (PSN Code of Connection), CPNI Top20 and our own Cyber Security Maturity Model.

CNS Group requires a Lead Consultant to lead the team to ensure that, as CNS Group continues to grow, our services remain of the highest quality and we continue to provide an invaluable service.

The role of Lead Consultant aligns with CCP/ SFIA Level 5.:

Primary Responsibilities:

To lead the CNS Group Governance, Risk & Compliance Team (GRC) (part of the Advisory Team) and meet delivery targets:

  1. Meet a personal chargeable target of 180 days per year (min) delivering GRC services across CNS’s client base as needed.
  2. Meet the chargeable days target for the GRC team as agreed with the GMT on a monthly and quarterly basis, taking into account the effects of overrun and overtime.
  3. Ensure that all CNS Group GRC Consultancy Services are delivered to a quality and standard commensurate with the professional quality of consultancy that is expected by our clients. This will include ensuring that accreditation, regulation and legislatively based consultancy is accurate and meets the relevant standards or regulation, but more broadly to ensure that consultants are knowledgeable, diligent and professional in their delivery. Also ensure that our QA processes are in line with our own and our clients’ professional expectations, and the stated requirements of our accreditation partners.
  4. Ensure that the GRC team maintains all appropriate accreditations, including timely submission of reports, QA, customer feedback, and re-accreditation documentation to the relevant accreditation bodies.
  5. Ensure that CNS Group GRC consultants are adequately trained and sufficiently skilled to execute the consultancy work that they are required to complete and that consultants maintain the appropriate formal accreditations over time.
  6. Ensure that CNS Group GRC consultants maintain the requisite knowledge based, accreditations and CE hours to undertake the role required of them.
  7. Ensure timely delivery of consultancy deliverables to clients.
  8. Interact with clients to ensure the correct scheduling and overall quality of consultancy delivery.
  9. Ensure that CNS consultants keep records and evidence of work as appropriate and in line with accreditation and regulation as needed.
  10. Ensure that CNS consultants follow correct provisions in ensuring the security of customer data, results and reports, including the dissemination of reports.
  11. Undertake appraisals for direct reports and ensure that team appraisals are completed across the consultancy team.
  12. Direct line management of the team members as appropriate.
  13. Work with the Project Management and Resourcing to ensure appropriate allocation of projects to the team, timely delivery and reporting of time
  14. Own and develop Advisory service definitions and operational definitions in partnership with the CTO and Head of Sales.
  15. Ensure that appropriate pre-sales support is provided to the sales team at all times in terms of CNS Group GRC services.
  16. Ensure ethics and professional standards of the consultancy team, including time keeping, appearance and conduct onsite
  17. Maintain an awareness of the information assurance and cyber security market in order to ensure that the CNS Group offerings remain current
  18. Maintain a personal industry profile and promote CNS Group in the industry.
  19. Act in the best interests of CNS Group and its clients at all times.
  20. Actively participate in regular Group management meetings and provide feedback to other group disciplines.

Specific Responsibilities:

  • Attend weekly back order review meetings with Project Management to ensure efficient project delivery.
  • Allocate projects to the GRC team as deemed appropriate to ensure timely delivery.
  • Understand and articulate performance targets for the GRC team.
  • Monitor sales pipeline to understand upcoming resource requirements.
  • Day to day management of team members.
  • Overall responsibility for booking of consultant time and calendar management, using Project Management resource as appropriate.
  • Stay current with latest developments in marketplace and competitor activities.
  • Development of new services and maintenance of existing services in partnership with the CTO in line with marketplace requirements and emerging & evolving accreditation
  • Communicate up-to-date information about new services and enhancements to Head of Sales and CTO.
  • Work with Head of Sales and specific sales staff as needed to develop sales proposals, quotations, and pricings.
  • To develop the sales pipeline for GRC consultancy across all disciplines.
  • Undertake chargeable work for effective customer delivery and to meet target.
  • Over-seeing annual appraisals of all consultants.

Success Criteria/ Objectives:


  • Continual improvement of GRC services
  • Delivery of prompt and high quality consultancy services.
  • Quarter on quarter achievement of GRC consultancy targets.
  • Growing the GRC team and increasing targets accordingly.
  • Working within budget constraints to deliver performance targets
  • Success and well-being of all Team Members

Desirable Characteristics

  1. “Can-do” attitude.
  2. A proven enthusiast, expert and leader
  3. An active member in the Cyber Security/ Information Assurance community.
  4. Professional, driven and independent by nature.
  5. Must have gravitas and be exceptional in front of customers

Desired Technical Skills

  1. Understanding of networking and the OSI 7 Layer Model
  2. The ability to technically audit technology such as FWs, Switches, Servers, Applications and Development Environments.
  3. Basic understanding of security testing techniques

Mandatory Non-Technical Skills

  1. Detailed understanding of IT Security Governance in SME, mid-corporate and enterprise environments.
  2. Ability to manage multiple complex customers
  3. Ability to work with other technical providers and organisations.
  4. Ability to present highly technical work in a simple, straight forward, compressed and non-technical manner.
  5. Deep understanding of risk and risk management.

Mandatory Qualifications

  • PCI DSS Qualified Security Assessor (3+ years experience, and experience of drafting 10 or more RoCs)

    Desirable Qualifications

  • ISO27001 Lead Auditor
  • CCP Principle/ Senior Practitioner (previously CLAS)
  • Exposure or experience in the following is considered highly desirable:
    • HMG IA policy and accreditation process
    • Protective Monitoring (GPG-13)
    • PCI DSS
    • Delivery of security managed services

Please contact for more information.

For further job opportunities follow us on LinkedIn.

Follow CNS on Linkedin and join our LinkedIn groups


Winner - Best Managed Security Service


Financial Service Technology Awards

Best use of IT in Retail Banking
For implementation of IPT at Duncan Lawrie Bank.

Consulting Practice of the Year

CNS Hut3 have been shortlisted as finalists in the Cyber Security Awards, which seek to recognise talent and achievement within the cyber security industry.
Banking Tech Awards 2012 Logo shortlist

BankingTech Security Initiative of the Year

CNS were shortlisted for their AntiPhishing Security Initiative with Metrobank.