Senior Control Assurance Assessor - Finance - Nottingham/Hybrid
Day rate: £400 - £500 (Inside IR35)
Duration: 6 - 12 months
Start: ASAP
My client is looking for a Senior Control Assurance Assessor. The selected candidate will be part of a team responsible for evaluating and testing the effectiveness of security controls both on-premise and in the cloud, to ensure they are robustly designed and effectively implemented to safeguard the assets. You will conduct assurance activities to assess control design, performance, and compliance with industry standards and regulatory requirements. Your role will involve identifying control gaps, documenting findings, and providing recommendations for improvements to mitigate risks. You will be required to leverage data-driven testing techniques and follow a defined testing methodology, collaborating with stakeholders to ensure that controls are fit for purpose, in response to emerging risks and regulatory changes.
Requirements:
* A bachelor's degree in computer science, management information systems, relevant field, or equivalent demonstrable experience
* 3+ years' experience performing IT Audit or security control testing.
* 8+ years' of experience in Information Security and/or Information Technology.
* Professional certification such as CISA, CISM, CISSP, ISO 27001 Lead Auditor, or equivalent.
* Familiarity with industry standards and frameworks e.g., NIST 800-53, ISO 27001/27002, CIS Controls, COBIT.
* Experience with control testing methodologies, risk assessments, and auditing tools. Familiarity with IT systems, and cybersecurity practices and domains.
* Strong analytical, problem solving and critical thinking skills with meticulous attention to detail.
* Excellent verbal and written communication skills.
* Ability to work both independently and collaboratively within a team environment. Summary of Primary Responsibilities
* Conduct security control assessments, utilising documented control activities (where they exist) and regulatory requirements as directed.
* Develop and execute test plans, test cases, and procedures, leveraging data from security tools to capture evidence
* Utilise queries and dashboards to identify potential control failures as part of the control testing process.
* Ensure the accuracy and timely completion of control testing, providing peer review where necessary.
* Document findings, including root cause analysis and actionable recommendations for remediation.
* Function as the primary liaison with business stakeholders, delivering clear progress updates and results.
* Contribute lessons learned by integrating stakeholder feedback to continuously improve the control testing program.
Technical skills
* Knowledge of security controls provided by tools such as Sailpoint, Rapid7, Wiz.io, MS Defender a plus.
* Familiarity with cloud security concepts and controls.
* Experience leveraging automation, data driven testing techniques and generative AI to gain efficiency in control assurance.
* Experience creating queries and reports using RSA Archer and ServiceNow.
* Familiarity with Kanban boards and Jira.
Desired Competencies:
* Big 4 accounting experience preferred.
* Proficiency in both automated and manual testing of information security controls.
* Strong critical thinking and problem-solving abilities
* Ability to facilitate small group meetings and communicate complex ideas.
* Ability to collect, validate, analyse, and translate control test data into evaluative conclusions.
* Sound judgment in ambiguous or undefined control scenarios.
* Ability to research and apply knowledge about emerging technologies as needed in control testing scenarios.
* Agile working methodology experience.
*Rates depend on experience and client requirements
JBRP1_UKTJ