What you’ll be doing
as a Control Tester
1. Assist in the execution of cybersecurity control testing activities in accordance with defined procedures, templates, and standards.
2. Support the development and localisation of test scripts tailored to specific control environments.
3. Gather and document evidence to assess the design and operational effectiveness of cybersecurity controls.
4. Collaborate with control owners and service owners to clarify control objectives and facilitate smooth testing execution.
5. Maintain accurate documentation for each control assessment, including test plans, results, and supporting evidence.
6. Produce clear and consistent reports detailing testing outcomes and observations.
7. Escalate issues, control deficiencies, or delays to the Control Testing & Assurance Manager.
8. Contribute to the continuous improvement of the control testing framework, methodologies, and documentation.
9. Work with key business stakeholders to support the organisation’s cybersecurity and compliance objectives.
10. Support the wider cybersecurity assurance programme through structured testing and evidence-based analysis.
Base location – Hybrid – Clearwater Court, Reading.
Working pattern – 36 hours Monday to Friday.
What you should bring to the role
11. Experience in IT audit, IT risk, or cybersecurity control testing within an enterprise environment.
12. Understanding of cybersecurity control frameworks and assurance methodologies.
13. Strong analytical and problem-solving skills with the ability to assess control effectiveness.
14. Experience working collaboratively with technical teams and business stakeholders.
15. Ability to manage tasks independently while contributing to team objectives.
16. Strong written and verbal communication skills, including clear documentation and reporting.
17. Good planning and organisational skills with attention to detail.
Technical experience and skills
18. Understanding of cybersecurity domains, including Threat Intelligence, Vulnerability Management, Security Testing, Security Architecture, Infrastructure Protection, Application Security, Identity and Access Management, Incident Investigation & Response, and Cryptography.
19. Familiarity with information security control frameworks such as COBIT or COSO.
20. Ability to gather, analyse, and document evidence related to the design and operational effectiveness of security controls.
21. Experience in maintaining structured documentation, including test plans, assessment results, and reports.
Desirable qualifications and experience
22. Experience working in a regulated environment.
23. Experience within the water utility industry or other large, complex critical national infrastructure organisations.
Desirable technical skills and qualifications
24. Professional certifications such as CISA, CISSP, CRISC, or ISO 27001 Lead Auditor.
What’s in it for you?
25. Competitive salary between £40,000 and £55,000 per annum, depending on experience.
26. Annual Leave - 26 days holiday per year, increasing to 30 with the length of service. (plus bank holidays)
27. Generous Pension Scheme through AON.
28. Performance-related pay plan directly linked to company performance measures and targets.
29. Access to lots of benefits to help you take care of you and your family’s health and wellbeing, and your finances – from annual health MOTs and access to physiotherapy and counselling, to Cycle to Work schemes, shopping vouchers and life assurance.