National AI Awards 2025Discover AI's trailblazers! Join us to celebrate innovation and nominate industry leaders.

Nominate & Attend

Lead Security Control Assessor

Nottingham
1 month ago
Applications closed

Related Jobs

View all jobs

Information Security Data Engineer

Information Security Data Engineer

Finance Assurance Manager

D365 Architect

Lead Data Engineer - KPMG Curve

Lead Data Engineering

As a Lead Security Control Assessor, you will be responsible for leading the assessment and evaluation of security controls across systems and processes both on-premise and in the cloud, to ensure they effectively mitigate risks and comply with regulatory and industry standards. You will oversee and conduct security control testing, to verify the design, implementation, and operational effectiveness of controls. In this role, you will work in an agile environment, ensuring the quality of security assessments through thorough testing, automation, and collaboration with cross-functional teams and various stakeholders.

Summary of Primary Responsibilities

Design and deliver repeatable testing methodologies to support control assurance testing, including automated testing steps for cloud environments.
Ensure control tests are well-planned, including risk identification, sampling, selection of controls, testing methods, and reporting criteria.
Lead control testing teams to perform design and operating effectiveness testing of information security controls, including fieldwork, testing, and reporting activities.
Provide quality assurance for control testing documentation produced during testing, ensuring accurate and timely completion of all required control testing documentation.
Identify and document control deficiencies, including root causes, risk descriptions, consistent issue ratings, and recommendations for improvement.
Create and present reports of control testing findings to stakeholders, socialising any findings effectively.
Serve as the primary contact with business stakeholders for the controls tests you lead, ensuring the quality of control testing engagements and stakeholder communications, including regular status updates.
Contribute to the efficiency of the control testing program by ensuring KPIs are measurable, that testing materials are standardised.

Requirements:

A bachelor's degree in computer science, management information systems, relevant field, or equivalent demonstrable experience.
3+ year's experience leading a team of control assessors.
8+ years of experience performing IT Audit or Information Security control assessments, with specific experience in testing cloud security controls.
Professional certification such as CISA, CISM, CISSP, ISO 27001 Lead Auditor, or equivalent.
Knowledge of industry standards and frameworks such as NIST 800-53, ISO 27001/27002, CIS Controls, COBIT.
Experience with current automated and manual industry methods for evaluating security controls on Perm and in cloud environments.
Capable of communicating complex information in an organised manner, both verbally and in writing.
Skilled in utilising stakeholder feedback to improve existing processes and future engagements.
Strong relationship management skills, demonstrating commitment to delivering quality results.

Technical Skills

Knowledge of security controls provided by tools such as Sailpoint, Rapid7, Wiz.io, MS Defender a plus.
Experience with cloud security controls within environments such as AWS and Azure.
Experience leveraging automation, data driven testing techniques and generative AI to gain efficiency in control assurance.
Experience creating queries and reports using RSA Archer and Service-Now.
Familiarity with Kanban boards and Jira.

Desired Competencies:

Big 4 accounting experience preferred.
Strong knowledge of cybersecurity principles and organisational requirements relevant to confidentiality, integrity, availability, authentication, and non-repudiation.
Ability to apply security governance, risk, and control principles.
Proficiency in automation and data analytics tools (e.g., Excel, Tableau, Alteryx, and Power-BI).
Ability to apply critical reading/thinking skills to identify systemic issues from analysing testing data.
Ability to facilitate small to medium sized group meetings and communicate complex ideas.
Agile working methodology experience.GCS is acting as an Employment Business in relation to this vacancy

National AI Awards 2025

Subscribe to Future Tech Insights for the latest jobs & insights, direct to your inbox.

By subscribing, you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Data Science Jobs Skills Radar 2026: Emerging Tools, Languages & Platforms to Learn Now

The UK’s data science job market is evolving fast—from forecasting models and AI assistants to real-time decision systems. In 2026, data scientists aren’t just expected to build models—they’re responsible for shaping insights that fuel everything from patient care to predictive banking. Welcome to the Data Science Jobs Skills Radar 2026—your essential annual guide to the languages, tools, and platforms driving demand across the UK. Whether you’re entering the job market or reskilling mid-career, this roadmap helps you prioritise the skills that matter most right now.

How to Find Hidden Data Science Jobs in the UK Using Professional Bodies like the RSS, BCS & More

The data science job market in the UK is thriving—but also increasingly competitive. As organisations in finance, healthcare, retail, government, and tech accelerate digital transformation, the demand for data talent has soared. Yet many of the best data science jobs are never posted publicly. They’re shared behind closed doors—within professional networks, at invite-only events, or through member-only mailing lists and specialist interest groups. These “hidden” roles are often filled through referrals, collaborations, or direct outreach to trusted experts. In this guide, we’ll show you how to unlock these hidden opportunities by engaging with key UK professional bodies such as the Royal Statistical Society (RSS), BCS (The Chartered Institute for IT), and Turing Society, plus communities like PyData and AI UK. You’ll learn how to use directories, CPD events, and networks to move beyond job boards—and into roles where you’re approached, not just applying.

How to Get a Better Data Science Job After a Lay-Off or Redundancy

Redundancy can be tough to face, especially in a competitive field like data science. But it’s important to know: your experience, analytical thinking, and modelling skills are still in demand. Across sectors like healthcare, finance, e-commerce, government and AI startups, UK employers continue to seek data scientists who can deliver value through insight, prediction, and automation. This guide will walk you through how to bounce back from redundancy with purpose and clarity—whether you're a data analyst looking to step up, a mid-level data scientist, or a machine learning specialist seeking a better-aligned opportunity.