Senior Control Assurance Assessor

Senior Control Assurance Assessor

Location: Remote, UK

Length: Asap – 31/03/2026

Rate: £450 per day (Inside IR35)

Hours: 37.5 per week

As a Senior Control Assurance Assessor, you will be part of a team responsible for evaluating and testing the effectiveness of security controls both on-premises and in the cloud, to ensure they are robustly designed and effectively implemented to safeguard Experian’s assets. You will conduct assurance activities to assess control design, performance, and compliance with industry standards and regulatory requirements. Your role will involve identifying control gaps, documenting findings, and providing recommendations for improvements to mitigate risks. You will leverage data-driven testing techniques and follow a defined testing methodology, collaborating with stakeholders to ensure controls are fit for purpose in response to emerging risks and regulatory changes.

• Conduct security control assessments, utilizing documented control activities (where they exist) and regulatory requirements as directed.
• Develop and execute test plans, test cases, and procedures, leveraging data from security tools to capture evidence.
• Utilize queries and dashboards to identify potential control failures as part of the control testing process.
• Ensure the accuracy and timely completion of control testing, providing peer review where necessary.
• Document findings, including root cause analysis and actionable recommendations for remediation.
• Function as the primary liaison with business stakeholders, delivering clear progress updates and results.
• Contribute lessons learned by integrating stakeholder feedback to continuously improve the control testing program.

• A bachelor’s degree in computer science, management information systems, relevant field, or equivalent demonstrable experience.
• 3+ years’ experience performing IT Audit or security control testing.
• 8+ years’ of experience in Information Security and/or Information Technology.
• Professional certification such as CISA, CISM, CISSP, ISO 27001 Lead Auditor, or equivalent.
• Familiarity with industry standards and frameworks e.g., NIST 800-53, ISO 27001/27002, CIS Controls, COBIT.
• Experience with control testing methodologies, risk assessments, and auditing tools. Familiarity with IT systems and cybersecurity practices and domains.
• Strong analytical, problem solving and critical thinking skills with meticulous attention to detail.
• Excellent verbal and written communication skills.
• Ability to work both independently and collaboratively within a team environment.

• Knowledge of security controls provided by tools such as SailPoint, Rapid7, Wiz.io, MS Defender is a plus.
• Familiarity with cloud security concepts and controls.
• Experience leveraging automation, data-driven testing techniques and generative AI to gain efficiency in control assurance.
• Experience creating queries and reports using RSA Archer and ServiceNow.
• Familiarity with Kanban boards and Jira.

• Big 4 accounting experience preferred.
• Proficiency in both automated processes and strong critical thinking and problem-solving abilities.
• Ability to facilitate small group meetings and communicate complex ideas.
• Ability to collect, validate, analyse, and translate control test data into evaluative conclusions.
• Sound judgment in ambiguous or undefined controls scenarios.
• Ability to research and apply knowledge about emerging technologies as needed in control testing scenarios.