Job description:

About the role:

As a Senior Control Assurance Assessor, you will be part of a team responsible for evaluating and testing the effectiveness of security controls both on-premise and in the cloud, to ensure they are robustly designed and effectively implemented to safeguard our assets. You will conduct assurance activities to assess control design, performance, and compliance with industry standards and regulatory requirements. Your role will involve identifying control gaps, documenting findings, and providing recommendations for improvements to mitigate risks. You will be required to leverage data-driven testing techniques and follow a defined testing methodology, collaborating with stakeholders to ensure that controls are fit for purpose, in response to emerging risks and regulatory changes.

A day in this role:

• Conduct security control assessments, utilizing documented control activities (where they exist) and regulatory requirements as directed. 
• Develop and execute test plans, test cases, and procedures, leveraging data from security tools to capture evidence.
• Utilize queries and dashboards to identify potential control failures as part of the control testing process.
• Ensure the accuracy and timely completion of control testing, providing peer review where necessary.
• Document findings, including root cause analysis and actionable recommendations for remediation.
• Function as the primary liaison with business stakeholders, delivering clear progress updates and results.
• Contribute lessons learned by integrating stakeholder feedback to continuously improve the control testing program.

The expertise requested:

• A bachelor’s degree in computer science, management information systems, relevant field, or equivalent demonstrable experience.
• 3+ years’ experience performing IT Audit or security control testing.
• 5+ years’ of experience in Information Security and/or Information Technology.
• Professional certification such as CISA, CISM, CISSP, ISO 27001 Lead Auditor, or equivalent.
• Familiarity with industry standards and frameworks e.g., NIST 800-53, ISO 27001/27002, CIS Controls, COBIT.
• Experience with control testing methodologies, risk assessments, and auditing tools. Familiarity with IT systems, and cybersecurity practices and domains.
• Strong analytical, problem solving and critical thinking skills with meticulous attention to detail.
• Excellent verbal and written communication skills.
• Knowledge of security controls provided by tools such as Sailpoint, Rapid7, Wiz.io, MS Defender a plus.
• Familiarity with cloud security concepts and controls.
• Experience leveraging automation, data driven testing techniques and generative AI to gain efficiency in control assurance.
• Experience creating queries and reports using RSA Archer and ServiceNow.
• Familiarity with Kanban boards and Jira.
• Ability to work both independently and collaboratively within a team environment

Desired or nice to have expertise:

• Proficiency in both automated and manual testing of information security controls.
• Strong critical thinking and problem-solving abilities.
• Ability to facilitate small group meetings and communicate complex ideas.
• Ability to collect, validate, analyze, and translate control test data into evaluative conclusions.
• Sound judgment in ambiguous or undefined control scenarios.
• Ability to research and apply knowledge about emerging technologies as needed in control testing scenarios.
• Agile working methodology experience.

Our Core values are focus to inclusion and diversity, all qualified applicants will be considered for employment and will go thru a fair recruitment process regardless of their race, religion, gender identity, sexual orientation, national origin or disability status.

Your journey with us begin begins here!!