Control Testing Lead - Cyber Security

As a Control Testing Lead, you will play a key role within the Information Security team, supporting the Control Test and Assurance Manager in the delivery a robust and forward-looking Cybersecurity Control Testing & Assurance Programme.

This role requires strong cybersecurity expertise combined with hands-on experience in control testing, particularly in evaluating the effectiveness of security controls and ensuring alignment with internal policies, standards, and industry frameworks.

This role will report directly to the Control Testing & Assurance Manager, with whom you will work to deliver the goals of the company to have a stable and fit-for-purpose control testing environment that supports the organisation’s security and compliance objectives.

What you’ll be doing as a Control Testing Lead

Support the implementation and continuous improvement of the Cybersecurity Control Testing Framework.
Execute control testing in line with defined procedures, templates, and standards.
Assist in the development and localisation of standard test scripts, ensuring they are tailored to specific control environments and aligned with the organisation’s Enterprise Risk Management Framework.
Conduct control testing activities to evaluate the design and operational effectiveness of cybersecurity controls, documenting results clearly and raising issues where appropriate.
Ensure timely delivery of assigned control assessments in accordance with the agreed testing schedule and escalation protocols.
Maintain accurate and consistent documentation for each control assessment, including test plans, test results, and final reports.
Escalate issues, delays, or risks to the Control Testing & Assurance Manager, contributing to the resolution of challenges and continuous improvement of the testing process.
Collaborate with control owners and stakeholders to gather evidence, clarify control objectives, and support the smooth execution of testing activities.
Stay informed on relevant cybersecurity frameworks (e.g., NIST CSF, CIS Controls) and industry best practices to support the evolution of the control testing programme.Base location – Hybrid – Clear Water Court Reading

What you should bring to the role
To thrive in this role, the essential criteria you’ll need is

Proven experience in performing cybersecurity control assessments, including evaluating design and operational effectiveness
Strong understanding of information security principles, cyber risk management, and control frameworks
Experience in IT, OT and Cloud environments, with a focus on cybersecurity controls
Clear and professional verbal and written communication, including the ability to explain cybersecurity issues to non-technical audiences
Ability to work independently with minimal supervision, taking ownership of assigned tasks and driving them to completion while maintaining high standards of quality and accuracy
Strong understanding of Cybersecurity Domains including Threat Intelligence, Vulnerability Management, Security Testing, Security Architecture, Infrastructure Protection, Application Security, Identity and Access Management, Incident Investigation & Response and CryptographyAdditional skills and experiences would be great to have/bring:

Experience working in a regulated environment.
Experience within the water utility industry or large, complex critical national infrastructure.
Experience in internal audit, external audit, or assurance functions related to IT or cybersecurity.
Professional certifications such as CISA, CISSP, CRISC, or ISO 27001 Lead Auditor are advantageous.What’s in it for you?

Competitive salary of up to £78,000 per annum depending on experience.
Annual Leave - 26 days holiday per year increasing to 30 with the length of service (plus bank holidays).
Performance-related pay plan directly linked to company performance measures and targets.
Generous Pension Scheme through AON.
Access to lots of benefits to help you take care of you and your family’s health and wellbeing, and your finances – from annual health MOTs and access to physiotherapy and counselling, to Cycle to Work schemes, shopping vouchers and life assurance.Find out more about our benefits and perks

Who are we?
We’re the UK’s largest water and wastewater company, with more than 16 million customers relying on us every day to supply water for their taps and toilets. We want to build a better future for all, helping our customers, communities, people, and the planet to thrive. It’s a big job and we’ve got a long way to go, so we need help from passionate and skilled people, committed to making a difference and getting us to where we want to be in the years and decades to come.
Learn more about our purpose and values

Working at Thames Water
Thames Water is a unique, rewarding, and diverse place to work, where every day you can make a difference, yet no day is the same. As part of our family, you’ll enjoy meaningful career opportunities, flexible working arrangements and excellent benefits.

If you’re looking for a sustainable and successful career where you can make a daily difference to millions of people’s lives while helping to protect the world of water for future generations, we’ll be here to support you every step of the way. Together, we can build a better future for our customers, our region, and our planet.
Real purpose, real support, real opportunities. Come and join the Thames Water family. Why choose us? Learn more.

We’re committed to being a great, diverse, and inclusive place to work. We welcome applications from everyone and want to ensure you feel supported throughout the recruitment process. If you need any adjustments, whether that’s extra time, accessible formats, or anything else just let us know, we’re here to help and support.

When a crisis happens, we all rally around to support our customers. As part of Team Thames, you’ll have the opportunity to sign up to support our customers on the frontline as an ambassador. Full training will be given for what is undoubtedly an incredibly rewarding experience. It’s also a great opportunity to learn more about our business and meet colleagues.

Disclaimer: due to the high volume of applications we receive, we may close the advert earlier than the advertised date, so we encourage you to apply as soon as possible to avoid disappointment