Be at the heart of actionFly remote-controlled drones into enemy territory to gather vital information.

Apply Now

Control Testing Lead - Cyber Security

Reading
1 day ago
Create job alert

As a Control Testing Lead, you will play a key role within the Information Security team, supporting the Control Test and Assurance Manager in the delivery a robust and forward-looking Cybersecurity Control Testing & Assurance Programme.

This role requires strong cybersecurity expertise combined with hands-on experience in control testing, particularly in evaluating the effectiveness of security controls and ensuring alignment with internal policies, standards, and industry frameworks.

This role will report directly to the Control Testing & Assurance Manager, with whom you will work to deliver the goals of the company to have a stable and fit-for-purpose control testing environment that supports the organisation’s security and compliance objectives.

What you’ll be doing as a Control Testing Lead

Support the implementation and continuous improvement of the Cybersecurity Control Testing Framework.
Execute control testing in line with defined procedures, templates, and standards.
Assist in the development and localisation of standard test scripts, ensuring they are tailored to specific control environments and aligned with the organisation’s Enterprise Risk Management Framework.
Conduct control testing activities to evaluate the design and operational effectiveness of cybersecurity controls, documenting results clearly and raising issues where appropriate.
Ensure timely delivery of assigned control assessments in accordance with the agreed testing schedule and escalation protocols.
Maintain accurate and consistent documentation for each control assessment, including test plans, test results, and final reports.
Escalate issues, delays, or risks to the Control Testing & Assurance Manager, contributing to the resolution of challenges and continuous improvement of the testing process.
Collaborate with control owners and stakeholders to gather evidence, clarify control objectives, and support the smooth execution of testing activities.
Stay informed on relevant cybersecurity frameworks (e.g., NIST CSF, CIS Controls) and industry best practices to support the evolution of the control testing programme.Base location – Hybrid – Clear Water Court Reading

What you should bring to the role
To thrive in this role, the essential criteria you’ll need is

Proven experience in performing cybersecurity control assessments, including evaluating design and operational effectiveness
Strong understanding of information security principles, cyber risk management, and control frameworks
Experience in IT, OT and Cloud environments, with a focus on cybersecurity controls
Clear and professional verbal and written communication, including the ability to explain cybersecurity issues to non-technical audiences
Ability to work independently with minimal supervision, taking ownership of assigned tasks and driving them to completion while maintaining high standards of quality and accuracy
Strong understanding of Cybersecurity Domains including Threat Intelligence, Vulnerability Management, Security Testing, Security Architecture, Infrastructure Protection, Application Security, Identity and Access Management, Incident Investigation & Response and CryptographyAdditional skills and experiences would be great to have/bring:

Experience working in a regulated environment.
Experience within the water utility industry or large, complex critical national infrastructure.
Experience in internal audit, external audit, or assurance functions related to IT or cybersecurity.
Professional certifications such as CISA, CISSP, CRISC, or ISO 27001 Lead Auditor are advantageous.What’s in it for you?

Competitive salary of up to £78,000 per annum depending on experience.
Annual Leave - 26 days holiday per year increasing to 30 with the length of service (plus bank holidays).
Performance-related pay plan directly linked to company performance measures and targets.
Generous Pension Scheme through AON.
Access to lots of benefits to help you take care of you and your family’s health and wellbeing, and your finances – from annual health MOTs and access to physiotherapy and counselling, to Cycle to Work schemes, shopping vouchers and life assurance.Find out more about our benefits and perks

Who are we?
We’re the UK’s largest water and wastewater company, with more than 16 million customers relying on us every day to supply water for their taps and toilets. We want to build a better future for all, helping our customers, communities, people, and the planet to thrive. It’s a big job and we’ve got a long way to go, so we need help from passionate and skilled people, committed to making a difference and getting us to where we want to be in the years and decades to come.
Learn more about our purpose and values

Working at Thames Water
Thames Water is a unique, rewarding, and diverse place to work, where every day you can make a difference, yet no day is the same. As part of our family, you’ll enjoy meaningful career opportunities, flexible working arrangements and excellent benefits.

If you’re looking for a sustainable and successful career where you can make a daily difference to millions of people’s lives while helping to protect the world of water for future generations, we’ll be here to support you every step of the way. Together, we can build a better future for our customers, our region, and our planet.
Real purpose, real support, real opportunities. Come and join the Thames Water family. Why choose us? Learn more.

We’re committed to being a great, diverse, and inclusive place to work. We welcome applications from everyone and want to ensure you feel supported throughout the recruitment process. If you need any adjustments, whether that’s extra time, accessible formats, or anything else just let us know, we’re here to help and support.

When a crisis happens, we all rally around to support our customers. As part of Team Thames, you’ll have the opportunity to sign up to support our customers on the frontline as an ambassador. Full training will be given for what is undoubtedly an incredibly rewarding experience. It’s also a great opportunity to learn more about our business and meet colleagues.

Disclaimer: due to the high volume of applications we receive, we may close the advert earlier than the advertised date, so we encourage you to apply as soon as possible to avoid disappointment

Related Jobs

View all jobs

IT Risk & Control Analyst

RTU Development Engineer

Lead Protection & Control Systems Engineer

Lead Protection & Control Systems Engineer

EC&I Engineer

Adoption Software Engineer XDP

Subscribe to Future Tech Insights for the latest jobs & insights, direct to your inbox.

By subscribing, you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Why Cyber Security Careers in the UK Are Becoming More Multidisciplinary

Cyber security used to be viewed primarily as a technical discipline: firewalls, encryption, intrusion detection, penetration testing. In the UK today, it’s far broader. Organisations now face complex legal frameworks, ethical dilemmas, human-behaviour risks, communication challenges & usability hurdles. This shift means cyber security careers are becoming more multidisciplinary. From protecting NHS patient records to defending financial services, securing supply chains & safeguarding national infrastructure, cyber security now touches every sector. Employers increasingly want professionals who understand law, ethics, psychology, linguistics & design alongside traditional technical skills. In this article, we’ll explore why UK cyber security careers are expanding in this way, how these five disciplines shape the profession, and what job-seekers & employers need to know to thrive in this new landscape.

Cyber Security Team Structures Explained: Who Does What in a Modern Cyber Security Department

Cyber security has become a top priority for UK organisations of all sizes. From small businesses to financial institutions, healthcare providers, and government bodies, the risk of cyber attack is now a constant concern. Threats are more sophisticated, regulations more demanding, and customers more aware of data privacy than ever before. But defending against cyber threats isn’t simply about having the right tools — it’s about having the right team. A modern cyber security department relies on clearly defined roles and responsibilities to ensure that defences are proactive, incidents are managed swiftly, and compliance is maintained. This article explains the structure of a modern cyber security team, the roles you’ll typically find within it, how they collaborate, and what skills, qualifications, and salaries are expected in the UK job market.

Why the UK Could Be the World’s Next Cyber Security Jobs Hub

Cyber security has become one of the defining challenges of the digital age. From protecting personal data and financial transactions to defending national infrastructure and corporate systems, the demand for strong cyber defences has never been higher. As businesses, governments, and individuals depend more heavily on digital services, the scale and sophistication of cyber threats have risen dramatically. Ransomware attacks, data breaches, state-sponsored cyber operations, and insider threats are now everyday risks. In response, organisations worldwide are investing heavily in cyber security talent. The United Kingdom is uniquely positioned to become a global cyber security jobs hub. With its strong tech sector, world-class universities, advanced defence capabilities, and established financial markets, the UK already has the foundations. The question is whether it can scale up, attract, and retain the right talent to meet global demand. This article explores why the UK is poised to become the world’s next cyber security jobs hub, the opportunities available, the challenges ahead, and what needs to happen for this vision to be realised.