Cyber Security Controls Testing Lead

As a Control Testing Lead, you will play a key role within the Information Security team, supporting the Control Test and Assurance Manager in the delivery of a robust and forward-looking Cybersecurity Control Testing & Assurance Programme.

This role requires strong cybersecurity expertise combined with hands-on experience in control testing, particularly in evaluating the effectiveness of security controls and ensuring alignment with internal policies, standards, and industry frameworks.

This role will report directly to the Control Testing & Assurance Manager, with whom you will work to deliver the goals of the company to have a stable and fit-for-purpose control testing environment that supports the organisation's security and compliance objectives.

What you'll be doing as a Control Testing Lead - Cyber Security

• Support the implementation and continuous improvement of the Cybersecurity Control Testing Framework.
• Execute control testing in line with defined procedures, templates, and standards.
• Assist in the development and localisation of standard test scripts, ensuring they are tailored to specific control environments and aligned with the organisation's Enterprise Risk Management Framework.
• Conduct control testing activities to evaluate the design and operational effectiveness of cybersecurity controls, documenting results clearly and raising issues where appropriate.
• Ensure timely delivery of assigned control assessments in accordance with the agreed testing schedule and escalation protocols.
• Maintain accurate and consistent documentation for each control assessment, including test plans, test results, and final reports.
• Escalate issues, delays, or risks to the Control Testing & Assurance Manager, contributing to the resolution of challenges and continuous improvement of the testing process.
• Collaborate with control owners and stakeholders to gather evidence, clarify control objectives, and support the smooth execution of testing activities.
• Stay informed on relevant cybersecurity frameworks (e.g., NIST CSF, CIS Controls) and industry best practices to support the evolution of the control testing programme.

To thrive in this role, the essential criteria you'll need are

• Proven experience in performing cybersecurity control assessments, including evaluating design and operational effectiveness.
• Strong understanding of information security principles, cyber risk management, and control frameworks.
• Experience in IT, OT and Cloud environments, with a focus on cybersecurity controls.
• Clear and professional verbal and written communication, including the ability to explain cybersecurity issues to non-technical audiences.
• Ability to work independently with minimal supervision, taking ownership of assigned tasks and driving them to completion while maintaining high standards of quality and accuracy.
• Strong understanding of Cybersecurity Domains, including Threat Intelligence, Vulnerability Management, Security Testing, Security Architecture, Infrastructure Protection, Application Security, Identity and Access Management, Incident Investigation & Response and Cryptography.

Additional skills and experiences would be great to have/bring:

• Experience working in a regulated environment.
• Experience within the water utility industry or large, complex critical national infrastructure.
• Experience in internal audit, external audit, or assurance functions related to IT or cybersecurity.
• Professional certifications such as CISA, CISSP, CRISC, or ISO 27001 Lead Auditor are advantageous.

GCS is acting as an Employment Agency in relation to this vacancy.