Be at the heart of actionFly remote-controlled drones into enemy territory to gather vital information.

Apply Now

Control Testing Lead - Cyber Security

Reading
3 weeks ago
Create job alert

As a Control Testing Lead, you will play a key role within the Information Security team, supporting the Control Test and Assurance Manager in the delivery a robust and forward-looking Cybersecurity Control Testing & Assurance Programme.

This role requires strong cybersecurity expertise combined with hands-on experience in control testing, particularly in evaluating the effectiveness of security controls and ensuring alignment with internal policies, standards, and industry frameworks.

This role will report directly to the Control Testing & Assurance Manager, with whom you will work to deliver the goals of the company to have a stable and fit-for-purpose control testing environment that supports the organisation’s security and compliance objectives.

What you’ll be doing as a Control Testing Lead

Support the implementation and continuous improvement of the Cybersecurity Control Testing Framework.
Execute control testing in line with defined procedures, templates, and standards.
Assist in the development and localisation of standard test scripts, ensuring they are tailored to specific control environments and aligned with the organisation’s Enterprise Risk Management Framework.
Conduct control testing activities to evaluate the design and operational effectiveness of cybersecurity controls, documenting results clearly and raising issues where appropriate.
Ensure timely delivery of assigned control assessments in accordance with the agreed testing schedule and escalation protocols.
Maintain accurate and consistent documentation for each control assessment, including test plans, test results, and final reports.
Escalate issues, delays, or risks to the Control Testing & Assurance Manager, contributing to the resolution of challenges and continuous improvement of the testing process.
Collaborate with control owners and stakeholders to gather evidence, clarify control objectives, and support the smooth execution of testing activities.
Stay informed on relevant cybersecurity frameworks (e.g., NIST CSF, CIS Controls) and industry best practices to support the evolution of the control testing programme.Base location – Hybrid – Clear Water Court Reading

What you should bring to the role
To thrive in this role, the essential criteria you’ll need is

Proven experience in performing cybersecurity control assessments, including evaluating design and operational effectiveness
Strong understanding of information security principles, cyber risk management, and control frameworks
Experience in IT, OT and Cloud environments, with a focus on cybersecurity controls
Clear and professional verbal and written communication, including the ability to explain cybersecurity issues to non-technical audiences
Ability to work independently with minimal supervision, taking ownership of assigned tasks and driving them to completion while maintaining high standards of quality and accuracy
Strong understanding of Cybersecurity Domains including Threat Intelligence, Vulnerability Management, Security Testing, Security Architecture, Infrastructure Protection, Application Security, Identity and Access Management, Incident Investigation & Response and CryptographyAdditional skills and experiences would be great to have/bring:

Experience working in a regulated environment.
Experience within the water utility industry or large, complex critical national infrastructure.
Experience in internal audit, external audit, or assurance functions related to IT or cybersecurity.
Professional certifications such as CISA, CISSP, CRISC, or ISO 27001 Lead Auditor are advantageous.What’s in it for you?

Competitive salary of up to £78,000 per annum depending on experience.
Annual Leave - 26 days holiday per year increasing to 30 with the length of service (plus bank holidays).
Performance-related pay plan directly linked to company performance measures and targets.
Generous Pension Scheme through AON.
Access to lots of benefits to help you take care of you and your family’s health and wellbeing, and your finances – from annual health MOTs and access to physiotherapy and counselling, to Cycle to Work schemes, shopping vouchers and life assurance.Find out more about our benefits and perks

Who are we?
We’re the UK’s largest water and wastewater company, with more than 16 million customers relying on us every day to supply water for their taps and toilets. We want to build a better future for all, helping our customers, communities, people, and the planet to thrive. It’s a big job and we’ve got a long way to go, so we need help from passionate and skilled people, committed to making a difference and getting us to where we want to be in the years and decades to come.
Learn more about our purpose and values

Working at Thames Water
Thames Water is a unique, rewarding, and diverse place to work, where every day you can make a difference, yet no day is the same. As part of our family, you’ll enjoy meaningful career opportunities, flexible working arrangements and excellent benefits.

If you’re looking for a sustainable and successful career where you can make a daily difference to millions of people’s lives while helping to protect the world of water for future generations, we’ll be here to support you every step of the way. Together, we can build a better future for our customers, our region, and our planet.
Real purpose, real support, real opportunities. Come and join the Thames Water family. Why choose us? Learn more.

We’re committed to being a great, diverse, and inclusive place to work. We welcome applications from everyone and want to ensure you feel supported throughout the recruitment process. If you need any adjustments, whether that’s extra time, accessible formats, or anything else just let us know, we’re here to help and support.

When a crisis happens, we all rally around to support our customers. As part of Team Thames, you’ll have the opportunity to sign up to support our customers on the frontline as an ambassador. Full training will be given for what is undoubtedly an incredibly rewarding experience. It’s also a great opportunity to learn more about our business and meet colleagues.

Disclaimer: due to the high volume of applications we receive, we may close the advert earlier than the advertised date, so we encourage you to apply as soon as possible to avoid disappointment

Related Jobs

View all jobs

Control Testing Lead - Cyber Security

OT Cyber Security Engineer

Automation Service Engineer South

Automation Service Engineer Midlands

OT Cyber Security Engineer

Cybersecurity Project Manager

Subscribe to Future Tech Insights for the latest jobs & insights, direct to your inbox.

By subscribing, you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Cyber Security Recruitment Trends 2025 (UK): What Job Seekers Must Know About Today’s Hiring Process

Summary: UK cyber security hiring has shifted from title‑led CV screens to capability‑driven assessments that emphasise incident readiness, cloud & identity security, detection engineering, governance/risk/compliance (GRC), measurable MTTR/coverage gains & secure‑by‑default engineering. This guide explains what’s changed, what to expect in interviews, & how to prepare—especially for SOC analysts, detection engineers, blue/purple teamers, penetration testers, cloud security engineers, DFIR, AppSec, GRC & security architecture. Who this is for: SOC & detection engineers, security operations leads, DFIR analysts, penetration testers/red teamers, purple teamers, AppSec/DevSecOps engineers, security architects, cloud security engineers, identity/IAM engineers, vulnerability managers, GRC/compliance specialists, product security & security programme managers targeting roles in the UK.

Why Cyber Security Careers in the UK Are Becoming More Multidisciplinary

Cyber security used to be viewed primarily as a technical discipline: firewalls, encryption, intrusion detection, penetration testing. In the UK today, it’s far broader. Organisations now face complex legal frameworks, ethical dilemmas, human-behaviour risks, communication challenges & usability hurdles. This shift means cyber security careers are becoming more multidisciplinary. From protecting NHS patient records to defending financial services, securing supply chains & safeguarding national infrastructure, cyber security now touches every sector. Employers increasingly want professionals who understand law, ethics, psychology, linguistics & design alongside traditional technical skills. In this article, we’ll explore why UK cyber security careers are expanding in this way, how these five disciplines shape the profession, and what job-seekers & employers need to know to thrive in this new landscape.

Cyber Security Team Structures Explained: Who Does What in a Modern Cyber Security Department

Cyber security has become a top priority for UK organisations of all sizes. From small businesses to financial institutions, healthcare providers, and government bodies, the risk of cyber attack is now a constant concern. Threats are more sophisticated, regulations more demanding, and customers more aware of data privacy than ever before. But defending against cyber threats isn’t simply about having the right tools — it’s about having the right team. A modern cyber security department relies on clearly defined roles and responsibilities to ensure that defences are proactive, incidents are managed swiftly, and compliance is maintained. This article explains the structure of a modern cyber security team, the roles you’ll typically find within it, how they collaborate, and what skills, qualifications, and salaries are expected in the UK job market.