What you’ll be doing
as a Control Testing Lead
1. Support the implementation and continuous improvement of the Cybersecurity Control Testing Framework.
2. Execute control testing in line with defined procedures, templates, and standards.
3. Assist in the development and localisation of standard test scripts, ensuring they are tailored to specific control environments and aligned with the organisation’s Enterprise Risk Management Framework.
4. Conduct control testing activities to evaluate the design and operational effectiveness of cybersecurity controls, documenting results clearly and raising issues where appropriate.
5. Ensure timely delivery of assigned control assessments in accordance with the agreed testing schedule and escalation protocols.
6. Maintain accurate and consistent documentation for each control assessment, including test plans, test results, and final reports.
7. Escalate issues, delays, or risks to the Control Testing & Assurance Manager, contributing to the resolution of challenges and continuous improvement of the testing process.
8. Collaborate with control owners and stakeholders to gather evidence, clarify control objectives, and support the smooth execution of testing activities.
9. Stay informed on relevant cybersecurity frameworks (e.g., NIST CSF, CIS Controls) and industry best practices to support the evolution of the control testing programme.
Base location – Hybrid – Clear Water Court Reading
What you should bring to the role
To thrive in this role, the essential criteria you’ll need is
10. Proven experience in performing cybersecurity control assessments, including evaluating design and operational effectiveness
11. Strong understanding of information security principles, cyber risk management, and control frameworks
12. Experience in IT, OT and Cloud environments, with a focus on cybersecurity controls
13. Clear and professional verbal and written communication, including the ability to explain cybersecurity issues to non-technical audiences
14. Ability to work independently with minimal supervision, taking ownership of assigned tasks and driving them to completion while maintaining high standards of quality and accuracy
15. Strong understanding of Cybersecurity Domains including Threat Intelligence, Vulnerability Management, Security Testing, Security Architecture, Infrastructure Protection, Application Security, Identity and Access Management, Incident Investigation & Response and Cryptography
Additional skills and experiences would be great to have/bring:
16. Experience working in a regulated environment.
17. Experience within the water utility industry or large, complex critical national infrastructure.
18. Experience in internal audit, external audit, or assurance functions related to IT or cybersecurity.
19. Professional certifications such as CISA, CISSP, CRISC, or ISO 27001 Lead Auditor are advantageous.
What’s in it for you?
20. Competitive salary of up to £78,000 per annum depending on experience.
21. Annual Leave - 26 days holiday per year increasing to 30 with the length of service (plus bank holidays).
22. Performance-related pay plan directly linked to company performance measures and targets.
23. Generous Pension Scheme through AON.
24. Access to lots of benefits to help you take care of you and your family’s health and wellbeing, and your finances – from annual health MOTs and access to physiotherapy and counselling, to Cycle to Work schemes, shopping vouchers and life assurance.