TorchLight: Senior Information Security Consultant (QSA)

TorchLight is a growing complete security service provider that is always looking to add that next piece. Join a winning culture of accountability, candor, communication, integrity, and growth.

Senior Information Security Consultant (QSA)

Department: Security Consulting

Reports to: Manager, Security Consulting

FLSA Status: Exempt

Location: Remote with office space available in Spokane, WA

TorchLight is seeking a Senior Information Security Consultant (QSA) to join the Security Consulting team. This position will include conducting client audits for PCI, HIPAA, NIST, FFIEC, and other standards/regulations as necessary, customizing policies and procedures, and IT governance guidance. Successful candidates will have the ability to work within teams and independently, managing their own schedule and prioritization.


  • Lead and/or support PCI projects including gap analysis, reports on compliance/attestation, and self-assessment questionnaire assistance.
  • Learn and use knowledge in conjunction with IT audit methodologies such as PCI DSS, CoBIT, C2M2, NIST and/or ISO 27001/27002 to provide actionable recommendations to clients based on their risk, size, and complexity.
  • Assess risk in client processes or procedures, test controls, and provide written and oral reporting of results to senior management.
  • Perform audits, assessments and evaluations of client processes procedures and governance structures.
  • Acquire and maintain expert knowledge of compliance requirements as they relate to Information Technology/Security, including but not limited to PCI, NIST, GLBA, HIPAA, and others.
  • Advise clients on security risks and provide recommendations relevant to the situation, considering the size and complexity of the environment.
  • Ensure client satisfaction through detailed report review and follow-up.
  • Manage assigned engagements to completion in an efficient and timely manner.
  • Research, develop, and/or implement new audit/assessment methods for use in assessing client environments.
  • Research and communicate new industry-related initiatives, trends and directives to internal resources and clients.
  • Achieve and maintain appropriate security audit-related certifications.


  • A Bachelor’s Degree and/or equivalent work experience in an audit-related function (preferably IT audits).
  • PCI QSA certification.
  • Experience in performing PCI DSS audits, especially those requiring a report on compliance and attestation.
  • Excellent verbal and written communication skills.
  • The ability to communicate clearly and efficiently with executive-level clients.
  • Required travel for this position may reach up to 25% and CoviD-19 vaccination proof is required for onsite client interactions.
  • Additional certifications related to IT or IT security such as CISSP, CISA, or CISM in addition to the require PCI QSA certification.

Abilities required

Ability to lift 50 pounds, drive for work use, sit, and stand for long periods of time, ability to kneel and reach, and vision including focus adjustment. Approximately 25% travel is required, usually less. Must successfully pass a Washington State background check.


The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified. All personnel may be required to perform duties outside of their normal responsibilities from time to time, as needed.


TorchLight Cybersecurity

To apply, please submit a cover letter and resume below

**Applications will only be considered with both a cover letter and resume.**