Lead Security Control Assesor

Nottingham
Contract
Controls & Automation
Reference: Lead SCA_1750244344

As a Lead Security Control Assessor, you will be responsible for leading the assessment and evaluation of security controls across systems and processes both on-premise and in the cloud, to ensure they effectively mitigate risks and comply with regulatory and industry standards. You will oversee and conduct security control testing, to verify the design, implementation, and operational effectiveness of controls. In this role, you will work in an agile environment, ensuring the quality of security assessments through thorough testing, automation, and collaboration with cross-functional teams and various stakeholders.

Summary of Primary Responsibilities

  • Design and deliver repeatable testing methodologies to support control assurance testing, including automated testing steps for cloud environments.
  • Ensure control tests are well-planned, including risk identification, sampling, selection of controls, testing methods, and reporting criteria.
  • Lead control testing teams to perform design and operating effectiveness testing of information security controls, including fieldwork, testing, and reporting activities.
  • Provide quality assurance for control testing documentation produced during testing, ensuring accurate and timely completion of all required control testing documentation.
  • Identify and document control deficiencies, including root causes, risk descriptions, consistent issue ratings, and recommendations for improvement.
  • Create and present reports of control testing findings to stakeholders, socialising any findings effectively.
  • Serve as the primary contact with business stakeholders for the controls tests you lead, ensuring the quality of control testing engagements and stakeholder communications, including regular status updates.
  • Contribute to the efficiency of the control testing program by ensuring KPIs are measurable, that testing materials are standardised.

Requirements:

  • A bachelor's degree in computer science, management information systems, relevant field, or equivalent demonstrable experience.
  • 3+ year's experience leading a team of control assessors.
  • 8+ years of experience performing IT Audit or Information Security control assessments, with specific experience in testing cloud security controls.
  • Professional certification such as CISA, CISM, CISSP, ISO 27001 Lead Auditor, or equivalent.
  • Knowledge of industry standards and frameworks such as NIST 800-53, ISO 27001/27002, CIS Controls, COBIT.
  • Experience with current automated and manual industry methods for evaluating security controls on Perm and in cloud environments.
  • Capable of communicating complex information in an organised manner, both verbally and in writing.
  • Skilled in utilising stakeholder feedback to improve existing processes and future engagements.
  • Strong relationship management skills, demonstrating commitment to delivering quality results.

    Technical Skills

    • Knowledge of security controls provided by tools such as Sailpoint, Rapid7, Wiz.io, MS Defender a plus.
    • Experience with cloud security controls within environments such as AWS and Azure.
    • Experience leveraging automation, data driven testing techniques and generative AI to gain efficiency in control assurance.
    • Experience creating queries and reports using RSA Archer and Service-Now.
    • Familiarity with Kanban boards and Jira.

    Desired Competencies:

    • Big 4 accounting experience preferred.
    • Strong knowledge of cybersecurity principles and organisational requirements relevant to confidentiality, integrity, availability, authentication, and non-repudiation.
    • Ability to apply security governance, risk, and control principles.
    • Proficiency in automation and data analytics tools (e.g., Excel, Tableau, Alteryx, and Power-BI).
    • Ability to apply critical reading/thinking skills to identify systemic issues from analysing testing data.
    • Ability to facilitate small to medium sized group meetings and communicate complex ideas.
    • Agile working methodology experience.

GCS is acting as an Employment Business in relation to this vacancy.

£450.00 - £480.00
Per day
GBP450.00 - GBP480.00 per day

Nottingham

Contract

Added 18/06/2025
Reference: Lead SCA_1750244344

Lead Security Control Assesor

Nottingham
Contract

Other similar jobs

Security Control Assessor - REMOTE - FS - 12-month Contrac

Added 18/06/2025

About the RoleMy client is seeking an experienced Security Control Assessor for a remote engagement. You will lead the assessment and evaluation of security controls across both on-premise and cloud environments-ensuring risk is effectively mitigated and regulatory and industry standards are met.This role offers the chance to work in an agile environment at the forefront of information security and cloud governance, partnering with cross-functional teams and contributing to the evolution of my client's global security assurance programme.Key ResponsibilitiesLead design and delivery of repeatable testing methodologies for control assurance.Oversee control testing across systems and processes, including automated testing for cloud.Validate control...

Learn more

Senior Control Assurance Assessor - 12 Month Contract - Remote

Added 18/06/2025

Senior Control Assurance Assessor - 12 Month Contract - Remote - Financial ServicesWhat's on offer:12-month contract with potential for extensionFully remote working modelWork with an experienced team on critical security assurance programsExposure to advanced security technologies, automation, and AI-driven testingWe are working with a major financial services organisation to find an experienced Senior Control Assurance Assessor for an initial 12-month contract. This role is fully remote, offering the chance to work on meaningful security programs within a dynamic, high-performing environment.Role Overview: As a Senior Control Assurance Assessor, you will play a key role in ensuring that security both on-prem and...

Learn more

Cyber Security Governance and Reporting Lead

Added 10/06/2025

A large national organisation is seeking to recruit a Cyber Security Governance and Reporting Lead. This role is responsible for ensuring that cybersecurity policies, frameworks, and compliance requirements are effectively implemented and monitored across the enterprise. The successful candidate will be central to driving governance, improving performance reporting, and ensuring regulatory compliance in cybersecurity initiatives.Key Responsibilities:Enhance existing cybersecurity KPIs and reporting structures to evaluate program effectiveness.Define and monitor cybersecurity performance indicators for third-party vendors.Work collaboratively across departments and with external partners to uphold cybersecurity compliance.Create and revise cybersecurity policies as required.Conduct risk assessments to identify and address security vulnerabilities.Lead internal...

Learn more

Training & Engagement Lead - Cyber Security

Added 06/06/2025

We're hiring a dynamic professional to lead our Cyber Security Training, Awareness, and Business Engagement initiatives. This role focuses on educating employees, building a security-first culture, and strengthening collaboration across the business.You don't need to be a cybersecurity expert-strong communication, stakeholder engagement, and training experience are key. Cyber knowledge or some exposure in creating cyber training or awareness program would be great. Job Title: Training & Engagement Lead - Cyber SecurityLocation: Dublin, Ireland (Hybrid)Type: Full-time, Permanent Key Responsibilities:Design and deliver engaging security training (e-learning, workshops, phishing simulations).Create annual awareness plans aligned to risk and compliance needs.Partner with HR, IT, and...

Learn more

Cloud Security Lead

Added 14/03/2025

My client is seeking a highly skilled Cloud Security Lead to join their team. This role offers the opportunity to work with cutting-edge technologies and play a pivotal role in securing the cloud infrastructure.Key Responsibilities:Design, implement, and manage cloud security solutions across various platforms (AWS, Azure, GCP).Develop and enforce security policies, procedures, and standards to ensure compliance with industry regulations and best practices.Conduct risk assessments, vulnerability assessments, and penetration testing to identify and mitigate security risks.Collaborate with cross-functional teams to integrate security into the development lifecycle and ensure secure deployment of cloud-based applications.Monitor and respond to security incidents, providing expert...

Learn more

Cloud Expert - Tech Lead

Added 17/06/2025

Shannon, Co Clare (Hybrid) Permanent ~30 min from Limerick~60 min from Galway You'll be a senior expert in cloud tech like containers and Kubernetes, helping build and run the behind-the-scenes systems for client's software platform. This platform works across different cloud providers.Client have unique and industry leading offering of (cloud, platform, infra - as a service) collection of online software and tech tools designed to grow with businesses of any size, from small startups to big companies. It connects different tools easily through partnerships, helping businesses become more digital and efficient. Role: Guiding the technical direction and execution for a...

Learn more

Test Lead

Added 13/06/2025

We're looking for someone with:At least 5 years of experience in operations testing, with a focus on component and systems testingA strong background in security compliance, ideally within a Defence environmentHands-on experience with automation tools like Selenium, Appium, JUnit, or TestNGProficiency in scripting or programming languages such as Java, Python, or JavaScriptRelevant certifications such as ISTQB or CSTE (a plus, not a must)The ability to lead, motivate, and collaborate with testing teams across fast-paced environmentsThis is a high-impact role offering the chance to work on meaningful defence-related projects in a supportive and innovative environment.Would you be open to a quick...

Learn more

Cyber Third Party Risk Management Lead

Added 06/06/2025

Position: Cyber Security - Third Party Risk Management Lead Location: Dublin city centre (Hybrid) one day per week onsite Sector: Public Overview:A leading public sector client is seeking a Cyber Security Third Party Risk Management Lead to join their growing cyber risk team. This is a key role for someone who thrives on building robust frameworks, managing vendor risk, and ensuring third-party relationships meet the highest security and compliance standards.You'll work cross-functionally with procurement, legal, IT, and business units to assess, monitor, and mitigate third-party risks. If you're passionate about cybersecurity, risk governance, and making a real impact in a...

Learn more

Technical Delivery Lead - Postgres, AlloyDB (GCP), Python

Added 22/05/2025

Technical Delivery Lead - Postgres, OpenShift, Python and AlloyDB Migration (GCP) Contract- Fully remote My London based client are seeking a Technical Delivery Lead with a strong background in Postgres, OpenShift, Python, and AlloyDB. We have an exciting opportunity for you to lead a critical migration project from Postgres to AlloyDB on Google Cloud Platform (GCP).Key Responsibilities:Lead the migration of databases from Postgres to AlloyDB within the GCP environment.Oversee the technical delivery, ensuring smooth integration of AlloyDB, including performance tuning and optimization.Manage and mentor a team of developers and engineers in implementing the migration strategy.Collaborate with cross-functional teams to ensure...

Learn more

Head Of Integration/ Technical Delivery Lead

Added 29/04/2025

My client is looking for a Head of Integration/ Technical Delivery Lead to join their team ideally on a permanent basis. They are looking for this Tech Delivery Lead to have strong background & technical experience and expertise to get involved in the design, review, challenge and plan the delivery of all developments with a strong emphasis on integration related developments.My client needs this person to have some relevant experience around software engineering with Integration/API focus through previous roles over quite a few years on their CVs.Key Tech Stack Experience required:Cloud hosting providers mostly AWS or AzureSaaS products integrationExperience with...

Learn more

Cloud Expert - Tech Lead

Added 08/04/2025

Shannon, Co Clare (Hybrid) Permanent ~30 min from Limerick~60 min from Galway You'll be a senior expert in cloud tech like containers and Kubernetes, helping build and run the behind-the-scenes systems for client's software platform. This platform works across different cloud providers.Client have unique and industry leading offering of (cloud, platform, infra - as a service) collection of online software and tech tools designed to grow with businesses of any size, from small startups to big companies. It connects different tools easily through partnerships, helping businesses become more digital and efficient. Role: Guiding the technical direction and execution for a...

Learn more

Cyber Security Project Manager - PAM

Added 18/06/2025

Cyber Security Project Manager - PAM Transformation | Financial Services Duration: 6 months rollingRate: Up to £650/day (Inside IR35)Location: Hybrid in Sheffield A leading Financial Services organisation is seeking a skilled Cyber Security Project Manager who has experience delivering successful PAM Projects.Interview slots next week!Ideal Candidate:-Strong background in cyber security project delivery, particularly PAM-Experience in Financial Services or other regulated industries-Excellent stakeholder management To find out more, please apply now or drop an email with a copy of your CV to [email protected] is acting as an Employment Business in relation to this vacancy.

Learn more

Security Controls Assessor

Added 18/06/2025

About the RoleMy client is seeking an experienced Lead Security Control Assessor for a remote engagement. You will lead the assessment and evaluation of security controls across both on-premise and cloud environments-ensuring risk is effectively mitigated and regulatory and industry standards are met.This role offers the chance to work in an agile environment at the forefront of information security and cloud governance, partnering with cross-functional teams and contributing to the evolution of Experian's global security assurance programme.Key ResponsibilitiesLead design and delivery of repeatable testing methodologies for control assurance.Oversee control testing across systems and processes, including automated testing for cloud.Validate control...

Learn more

Senior Information Security Administrator

Added 10/06/2025

My client is hiring an Information Security Lead to help shape and implement its cybersecurity operations, governance, and risk framework. Reporting to the IT Operations & Security Manager, this role is critical in maintaining the organisation's security posture, ensuring compliance, and supporting ongoing IT service resilience.Key ResponsibilitiesOversee third-party security tools and services (e.g. firewalls, IDS/IPS, endpoint protection) and monitor vendor SLA adherence.Conduct risk assessments, maintain the security risk register, and manage remediation activities.Lead incident response processes including detection, containment, investigation, and resolution.Develop, implement, and maintain information security policies, procedures, and standards.Ensure compliance with ISO 27001, NIS2, and other regulatory requirements;...

Learn more

Senior Information Security Advisor

Added 10/06/2025

My client is looking for a Senior Information Security Advisor to deliver technical information security services to clients across Europe. This role focuses on improving client security posture through risk management, policy development, compliance assessments, and training. You will also support internal initiatives, mentor junior colleagues, and contribute to my clients security leadership.Key Responsibilities * Lead delivery of information security services to clients, including risk identification, remediation, and compliance with regulatory and data protection standards. * Develop, implement, and review security policies, frameworks, and operational procedures. * Conduct ISMS assessments, internal audits, and compliance gap analyses against recognised standards. *...

Learn more

Apply for...

Added
COMPETITIVE SALARY

Your file must be a doc, docx or pdf. No larger than 5MB.

In compliance with GDPR, you have the right to request a copy of the data entered on this form or to request its deletion at any time. The data is stored securely and can be accessed by emailing us. Please refer to our Privacy Policy for further information about how we process data. If you are happy to proceed, please confirm your consent below.

Required for two factor authentication
At least 8 characters, 1 uppercase, 1 lowercase and 1 special character or number
Your file must be a doc, docx or pdf. No larger than 5MB

Let us know you agree to cookies

We use cookies to provide you with the best possible browsing experience on our website. You can find out more here.