National AI Awards 2025Discover AI's trailblazers! Join us to celebrate innovation and nominate industry leaders.

Nominate & Attend

Lead Security Control Assessor

Nottingham
3 weeks ago
Create job alert

As a Lead Security Control Assessor, you will be responsible for leading the assessment and evaluation of security controls across systems and processes both on-premise and in the cloud, to ensure they effectively mitigate risks and comply with regulatory and industry standards. You will oversee and conduct security control testing, to verify the design, implementation, and operational effectiveness of controls. In this role, you will work in an agile environment, ensuring the quality of security assessments through thorough testing, automation, and collaboration with cross-functional teams and various stakeholders.

Summary of Primary Responsibilities

Design and deliver repeatable testing methodologies to support control assurance testing, including automated testing steps for cloud environments.
Ensure control tests are well-planned, including risk identification, sampling, selection of controls, testing methods, and reporting criteria.
Lead control testing teams to perform design and operating effectiveness testing of information security controls, including fieldwork, testing, and reporting activities.
Provide quality assurance for control testing documentation produced during testing, ensuring accurate and timely completion of all required control testing documentation.
Identify and document control deficiencies, including root causes, risk descriptions, consistent issue ratings, and recommendations for improvement.
Create and present reports of control testing findings to stakeholders, socialising any findings effectively.
Serve as the primary contact with business stakeholders for the controls tests you lead, ensuring the quality of control testing engagements and stakeholder communications, including regular status updates.
Contribute to the efficiency of the control testing program by ensuring KPIs are measurable, that testing materials are standardised.

Requirements:

A bachelor's degree in computer science, management information systems, relevant field, or equivalent demonstrable experience.
3+ year's experience leading a team of control assessors.
8+ years of experience performing IT Audit or Information Security control assessments, with specific experience in testing cloud security controls.
Professional certification such as CISA, CISM, CISSP, ISO 27001 Lead Auditor, or equivalent.
Knowledge of industry standards and frameworks such as NIST 800-53, ISO 27001/27002, CIS Controls, COBIT.
Experience with current automated and manual industry methods for evaluating security controls on Perm and in cloud environments.
Capable of communicating complex information in an organised manner, both verbally and in writing.
Skilled in utilising stakeholder feedback to improve existing processes and future engagements.
Strong relationship management skills, demonstrating commitment to delivering quality results.

Technical Skills

Knowledge of security controls provided by tools such as Sailpoint, Rapid7, Wiz.io, MS Defender a plus.
Experience with cloud security controls within environments such as AWS and Azure.
Experience leveraging automation, data driven testing techniques and generative AI to gain efficiency in control assurance.
Experience creating queries and reports using RSA Archer and Service-Now.
Familiarity with Kanban boards and Jira.

Desired Competencies:

Big 4 accounting experience preferred.
Strong knowledge of cybersecurity principles and organisational requirements relevant to confidentiality, integrity, availability, authentication, and non-repudiation.
Ability to apply security governance, risk, and control principles.
Proficiency in automation and data analytics tools (e.g., Excel, Tableau, Alteryx, and Power-BI).
Ability to apply critical reading/thinking skills to identify systemic issues from analysing testing data.
Ability to facilitate small to medium sized group meetings and communicate complex ideas.
Agile working methodology experience.GCS is acting as an Employment Business in relation to this vacancy

Related Jobs

View all jobs

Senior Security Consultant

Information Security Analyst - Audit, Compliance & Cybersecurity

Senior Security Consultant

Lead Security Architect - Defence & Aviation

Security Architecture and Risk Lead

Security Control Room Manager

National AI Awards 2025

Subscribe to Future Tech Insights for the latest jobs & insights, direct to your inbox.

By subscribing, you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

How to Find Hidden Cyber Security Jobs in the UK Using Professional Bodies like BCS, CIISec & More

The demand for skilled cyber security professionals in the UK has never been higher. With threats increasing in sophistication and frequency, organisations are urgently hiring ethical hackers, threat analysts, GRC specialists, and security architects. But many of the most valuable roles—particularly in government, defence, and critical infrastructure—are never publicly advertised. Instead, these jobs are shared behind the scenes through trusted networks, private communities, and professional bodies. In this article, we explore how to uncover hidden cyber security jobs in the UK using organisations like the BCS (The Chartered Institute for IT), CIISec (The Chartered Institute of Information Security), ISACA, and ISC² UK Chapter. We’ll show you how to use membership directories, special interest groups, CPD events and informal networks to gain early access to roles most people never see.

How to Get a Better Cyber Security Job After a Lay-Off or Redundancy

Redundancy is never easy—especially in a fast-moving field like cyber security, where your skills and experience are constantly evolving. But if you’ve recently been made redundant from a cyber security role, know this: the UK cyber workforce remains in high demand, and your expertise is more valuable than ever. Whether you’re a SOC analyst, penetration tester, incident responder, security architect or GRC specialist, there are still thousands of opportunities across sectors including finance, defence, government, retail, and critical infrastructure. This guide will help you turn redundancy into a career relaunch, with a clear action plan tailored to the UK cyber security job market.

Cyber Security Jobs Salary Calculator 2025: Check Your Market Value in Seconds

Why yesterday’s pay survey no longer protects you. “Could I earn more at a managed SOC?” “Is that fintech’s offer really competitive?” Every UK cyber‑security professional asks some version of those questions—usually after another colleague lands a pay rise, a recruiter sends a tempting JD, or a fresh breach makes headline news. Yet salary guides published even last year feel as out‑of‑date as a forgotten antivirus signature. Since 2024, ransomware gangs switched to double‑extortion, deepfake phishing exploded, & the EU’s NIS2/DORA regulations bled into UK contracts despite Brexit. With each shift, salary bands move. To cut through stale averages, CybersecurityJobs.tech distilled a three‑factor formula that lets you estimate a realistic 2025 salary in under a minute. Feed in your role, your UK region, & your seniority level. The output arms you with data‑driven leverage for your next appraisal, job application, or freelance rate card. This article explains the formula, reveals the forces pushing cyber pay ever higher, & outlines five practical moves to boost your market value within ninety days.