National AI Awards 2025Discover AI's trailblazers! Join us to celebrate innovation and nominate industry leaders.

Nominate & Attend

Lead Security Control Assessor

developrec
Nottingham
3 weeks ago
Applications closed

Related Jobs

View all jobs

Lead Security Control Assessor

Senior Security Consultant

Information Security Analyst - Audit, Compliance & Cybersecurity

Senior Security Consultant

Lead Security Architect - Defence & Aviation

Security Architecture and Risk Lead

Lead Security Control Assessor – Fully Remote - Contract £500 inside IR35 – 9 months – potentially extended



The Opportunity

We’re supporting our client in the search for a Lead Security Control Assessor to join their remote information security team on a long-term contract. In this role, you'll lead the evaluation and assurance of security controls across cloud and on-premise environments, ensuring compliance with internal policies and industry standards. This is a hands-on leadership role, offering the chance to shape the quality and impact of a key assurance programme.


Key Responsibilities

  • Lead the design and delivery of scalable, repeatable methodologies for control testing, including automation in cloud environments
  • Plan and manage the execution of control testing – including risk identification, sampling, fieldwork, and reporting
  • Guide a team of assessors through testing activities and documentation reviews.
  • Identify control gaps, assess associated risks, and produce high-quality reports with actionable insights
  • Act as the primary stakeholder interface for control testing engagements, ensuring progress updates and clear communication
  • Contribute to ongoing improvements in the assurance programme by standardising materials and defining measurable KPIs


Skills & Experience Required

  • 8+ years of experience in IT audit or information security control assessments, with 3+ years in a lead or managerial role
  • Demonstrated experience assessing security controls in cloud environments (AWS and Azure)
  • Strong understanding of key frameworks and standards, including NIST 800-53, ISO 27001, CIS Controls, and COBIT
  • Professional certifications such as CISA, CISM, CISSP, or ISO 27001 Lead Auditor
  • Strong communication skills with the ability to translate technical findings into business language
  • Proficient in both automated and manual testing techniques for security controls


Desirable Experience

  • Experience with tools such as SailPoint, Rapid7, Wiz.io, Microsoft Defender, RSA Archer, and ServiceNow
  • Familiarity with automation and data analytics tools (Excel, Tableau, Alteryx, PowerBI)
  • Agile methodology experience, ideally with Jira and Kanban boards
  • Background in a Big 4 consultancy or similar high-compliance environment
National AI Awards 2025

Subscribe to Future Tech Insights for the latest jobs & insights, direct to your inbox.

By subscribing, you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

How to Get a Better Cyber Security Job After a Lay-Off or Redundancy

Redundancy is never easy—especially in a fast-moving field like cyber security, where your skills and experience are constantly evolving. But if you’ve recently been made redundant from a cyber security role, know this: the UK cyber workforce remains in high demand, and your expertise is more valuable than ever. Whether you’re a SOC analyst, penetration tester, incident responder, security architect or GRC specialist, there are still thousands of opportunities across sectors including finance, defence, government, retail, and critical infrastructure. This guide will help you turn redundancy into a career relaunch, with a clear action plan tailored to the UK cyber security job market.

Cyber Security Jobs Salary Calculator 2025: Check Your Market Value in Seconds

Why yesterday’s pay survey no longer protects you. “Could I earn more at a managed SOC?” “Is that fintech’s offer really competitive?” Every UK cyber‑security professional asks some version of those questions—usually after another colleague lands a pay rise, a recruiter sends a tempting JD, or a fresh breach makes headline news. Yet salary guides published even last year feel as out‑of‑date as a forgotten antivirus signature. Since 2024, ransomware gangs switched to double‑extortion, deepfake phishing exploded, & the EU’s NIS2/DORA regulations bled into UK contracts despite Brexit. With each shift, salary bands move. To cut through stale averages, CybersecurityJobs.tech distilled a three‑factor formula that lets you estimate a realistic 2025 salary in under a minute. Feed in your role, your UK region, & your seniority level. The output arms you with data‑driven leverage for your next appraisal, job application, or freelance rate card. This article explains the formula, reveals the forces pushing cyber pay ever higher, & outlines five practical moves to boost your market value within ninety days.

How to Present Cyber Security Solutions to Non-Technical Audiences: A Public Speaking Guide for Job Seekers

Cyber security is no longer just an IT issue—it’s a board-level priority. Whether you’re applying for a role in penetration testing, security operations, risk management, or compliance, your ability to clearly explain cyber threats and solutions to non-technical stakeholders is vital. This guide will help cyber security job seekers develop one of the most in-demand soft skills in the industry: public speaking. You’ll learn how to simplify complex concepts, structure effective presentations, use storytelling and analogies, and handle common stakeholder questions with confidence.