Control Testing Lead - Cyber Security

Reading
18 hours ago
Applications closed

Related Jobs

View all jobs

Lead Control Systems Engineer

Lead Control Systems Engineer

SOC SME

SOC Shift Leader

CERT Incident Responder

Test Manager

As a Control Testing Lead, you will play a key role within the Information Security team, supporting the Control Test and Assurance Manager in the delivery of a robust and forward-looking Cybersecurity Control Testing & Assurance Programme.

This role requires strong cybersecurity expertise combined with hands-on experience in control testing, particularly in evaluating the effectiveness of security controls and ensuring alignment with internal policies, standards, and industry frameworks.

This role will report directly to the Control Testing & Assurance Manager, with whom you will work to deliver the goals of the company to have a stable and fit-for-purpose control testing environment that supports the organisation’s security and compliance objectives.

What you’ll be doing as a Control Testing Lead - Cyber Security

Support the implementation and continuous improvement of the Cybersecurity Control Testing Framework.
Execute control testing in line with defined procedures, templates, and standards.
Assist in the development and localisation of standard test scripts, ensuring they are tailored to specific control environments and aligned with the organisation’s Enterprise Risk Management Framework.
Conduct control testing activities to evaluate the design and operational effectiveness of cybersecurity controls, documenting results clearly and raising issues where appropriate.
Ensure timely delivery of assigned control assessments in accordance with the agreed testing schedule and escalation protocols.
Maintain accurate and consistent documentation for each control assessment, including test plans, test results, and final reports.
Escalate issues, delays, or risks to the Control Testing & Assurance Manager, contributing to the resolution of challenges and continuous improvement of the testing process.
Collaborate with control owners and stakeholders to gather evidence, clarify control objectives, and support the smooth execution of testing activities.
Stay informed on relevant cybersecurity frameworks (e.g., NIST CSF, CIS Controls) and industry best practices to support the evolution of the control testing programme.Base location – Hybrid – Clear Water Court, Reading.

What you should bring to the role
To thrive in this role, the essential criteria you’ll need are

Proven experience in performing cybersecurity control assessments, including evaluating design and operational effectiveness.
Strong understanding of information security principles, cyber risk management, and control frameworks.
Clear and professional verbal and written communication, including the ability to explain cybersecurity issues to non-technical audiences.
Ability to work independently with minimal supervision, taking ownership of assigned tasks and driving them to completion while maintaining high standards of quality and accuracy.
Strong understanding of Cybersecurity Domains, including Threat Intelligence, Vulnerability Management, Security Testing, Security Architecture, Infrastructure Protection, Application Security, Identity and Access Management, Incident Investigation & Response and Cryptography.Additional skills and experiences would be great to have/bring:

Experience working in a regulated environment.
Experience within the water utility industry or large, complex critical national infrastructure.
Experience in internal audit, external audit, or assurance functions related to IT or cybersecurity.
Professional certifications such as CISA, CISSP, CRISC, or ISO 27001 Lead Auditor are advantageous.What’s in it for you?

Competitive salary of up to £78,000 per annum, depending on experience.
Annual Leave - 26 days holiday per year, increasing to 30 with the length of service (plus bank holidays).
Performance-related pay plan directly linked to company performance measures and targets.
Generous Pension Scheme through AON.
Access to lots of benefits to help you take care of you and your family’s health and wellbeing, and your finances – from annual health MOTs and access to physiotherapy and counselling, to Cycle to Work schemes, shopping vouchers and life assurance.Find out more about our benefits and perks

Who are we?
We’re the UK’s largest water and wastewater company, with more than 16 million customers relying on us every day to supply water for their taps and toilets. We want to build a better future for all, helping our customers, communities, people, and the planet to thrive. It’s a big job and we’ve got a long way to go, so we need help from passionate and skilled people, committed to making a difference and getting us to where we want to be in the years and decades to come.

Learn more about our purpose and values

Working at Thames Water
Thames Water is a unique, rewarding, and diverse place to work, where every day you can make a difference, yet no day is the same. As part of our family, you’ll enjoy meaningful career opportunities, flexible working arrangements and excellent benefits.

If you’re looking for a sustainable and successful career where you can make a daily difference to millions of people’s lives while helping to protect the world of water for future generations, we’ll be here to support you every step of the way. Together, we can build a better future for our customers, our region, and our planet.

Real purpose, real support, real opportunities. Come and join the Thames Water family. Why choose us? Learn more.

We’re committed to being a great, diverse, and inclusive place to work. We welcome applications from everyone and want to ensure you feel supported throughout the recruitment process. If you need any adjustments, whether that’s extra time, accessible formats, or anything else, just let us know. We’re here to help and support.

When a crisis happens, we all rally around to support our customers. As part of Team Thames, you’ll have the opportunity to sign up to support our customers on the frontline as an ambassador. Full training will be given for what is undoubtedly an incredibly rewarding experience. It’s also a great opportunity to learn more about our business and meet colleagues.

Disclaimer: Due to the high volume of applications we receive, we may close the advert earlier than the advertised date, so we encourage you to apply as soon as possible to avoid disappointment

Subscribe to Future Tech Insights for the latest jobs & insights, direct to your inbox.

By subscribing, you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Jobs

What Hiring Managers Look for First in Cyber Security Job Applications (UK Guide)

If you want to stand out in the highly competitive world of cyber security job applications, you need to understand what hiring managers look for before they even finish reading a CV. Cyber security hiring managers scan applications quickly and with specific priorities in mind. They assess not just your technical ability, but your judgement, professionalism, clarity, risk awareness and evidence of impact. This guide explains what hiring managers look for first in cyber security applications across roles like Security Analyst, Security Engineer, Penetration Tester, Incident Responder, Security Architect, Governance Risk and Compliance specialists and Cloud Security positions. Use this as a practical, step-by-step checklist to sharpen your CV, LinkedIn profile, cover letter and portfolio before you apply on www.cybersecurityjobs.tech .

Education

The Skills Gap in Cyber Security Jobs: What Universities Aren’t Teaching

Cyber security has become one of the most critical disciplines in the modern economy. From protecting financial systems and healthcare data to securing national infrastructure, cloud platforms and supply chains, cyber security professionals now sit at the frontline of digital trust. Demand for cyber security talent in the UK has surged. Job vacancies remain high, salaries continue to rise, and organisations across every sector report difficulty hiring skilled professionals. Yet despite this demand, many graduates struggle to break into cyber security roles and employers consistently report that candidates are not job-ready. The problem is not intelligence, ambition or academic effort. It is a persistent and widening skills gap between university education and real-world cyber security work. This article explores that gap in depth: what universities teach well, what they routinely miss, why the gap exists, what employers actually want, and how jobseekers can bridge the divide to build sustainable careers in cyber security.

Jobs Careers

Cyber Security Jobs for Career Switchers in Their 30s, 40s & 50s (UK Reality Check)

If you’re thinking about switching into cyber security in your 30s, 40s or 50s, you’re in good company. Across the UK, organisations of all sizes are hiring people from diverse backgrounds to protect systems, data & customers. But with hype around “hackers” & quick-win courses, it’s hard to separate reality from fiction. This guide gives you a UK reality check: which roles genuinely exist, what employers actually want, how training really works, what to expect on salary & progression & whether age matters. Whether you come from finance, project management, operations, law, HR or customer service, there is a credible route into cyber security if you approach it strategically.

🍪 We use cookies to enhance your browsing experience on our website. By continuing to use this site, you consent to the use of cookies as described in our Cookie Policy. You can review our Cookie Policy for more information.