Lead Security Control Assessor

Social network you want to login/join with:

col-narrow-left

shrewsbury, United Kingdom

Other

-

Yes

col-narrow-right

6

26.06.2025

10.08.2025

col-wide

Lead Security Control Assessor – Fully Remote - Contract £500 inside IR35 – 9 months – potentially extended

The Opportunity

We’re supporting our client in the search for a Lead Security Control Assessor to join their remote information security team on a long-term contract. In this role, you'll lead the evaluation and assurance of security controls across cloud and on-premise environments, ensuring compliance with internal policies and industry standards. This is a hands-on leadership role, offering the chance to shape the quality and impact of a key assurance programme.

Key Responsibilities

• Lead the design and delivery of scalable, repeatable methodologies for control testing, including automation in cloud environments
• Plan and manage the execution of control testing – including risk identification, sampling, fieldwork, and reporting
• Guide a team of assessors through testing activities and documentation reviews.
• Identify control gaps, assess associated risks, and produce high-quality reports with actionable insights
• Act as the primary stakeholder interface for control testing engagements, ensuring progress updates and clear communication
• Contribute to ongoing improvements in the assurance programme by standardising materials and defining measurable KPIs

Skills & Experience Required

• 8+ years of experience in IT audit or information security control assessments, with 3+ years in a lead or managerial role
• Demonstrated experience assessing security controls in cloud environments (AWS and Azure)
• Strong understanding of key frameworks and standards, including NIST 800-53, ISO 27001, CIS Controls, and COBIT
• Professional certifications such as CISA, CISM, CISSP, or ISO 27001 Lead Auditor
• Strong communication skills with the ability to translate technical findings into business language
• Proficient in both automated and manual testing techniques for security controls
• Experience with tools such as SailPoint, Rapid7, Wiz.io, Microsoft Defender, RSA Archer, and ServiceNow
• Familiarity with automation and data analytics tools (Excel, Tableau, Alteryx, PowerBI)
• Agile methodology experience, ideally with Jira and Kanban boards
• Background in a Big 4 consultancy or similar high-compliance environment