Job Specifications
Senior Control Assurance Assessor - Finance - Hybrid
Day rate: PS400 - PS500 (Inside IR35)
Duration: 6 - 12 months
Start: ASAP
As a Senior Control Assurance Assessor, you will be part of a team responsible for evaluating and testing the effectiveness of security controls both on-premise and in the cloud, to ensure they are robustly designed and effectively implemented to safeguard the assets. You will conduct assurance activities to assess control design, performance, and compliance with industry standards and regulatory requirements. Your role will involve identifying control gaps, documenting findings, and providing recommendations for improvements to mitigate risks. You will be required to leverage data-driven testing techniques and follow a defined testing methodology, collaborating with stakeholders to ensure that controls are fit for purpose, in response to emerging risks and regulatory changes.
Requirements:
A bachelor's degree in computer science, management information systems, relevant field, or equivalent demonstrable experience
3+ years' experience performing IT Audit or security control testing.
8+ years' of experience in Information Security and/or Information Technology.
Professional certification such as CISA, CISM, CISSP, ISO 27001 Lead Auditor, or equivalent.
Familiarity with industry standards and frameworks e.g., NIST 800-53, ISO 27001/27002, CIS Controls, COBIT.
Experience with control testing methodologies, risk assessments, and auditing tools. Familiarity with IT systems, and cybersecurity practices and domains.
Strong analytical, problem solving and critical thinking skills with meticulous attention to detail.
Excellent verbal and written communication skills.
Ability to work both independently and collaboratively within a team environment. Summary of Primary Responsibilities
Conduct security control assessments, utilizing documented control activities (where they exist) and regulatory requirements as directed.
Develop and execute test plans, test cases, and procedures, leveraging data from security tools to capture evidence
Utilize queries and dashboards to identify potential control failures as part of the control testing process.
Ensure the accuracy and timely completion of control testing, providing peer review where necessary.
Document findings, including root cause analysis and actionable recommendations for remediation.
Function as the primary liaison with business stakeholders, delivering clear progress updates and results.
Contribute lessons learned by integrating stakeholder feedback to continuously improve the control testing program.
Technical skills
Knowledge of security controls provided by tools such as Sailpoint, Rapid7, Wiz.io, MS Defender a plus.
Familiarity with cloud security concepts and controls.
Experience leveraging automation, data driven testing techniques and generative AI to gain efficiency in control assurance.
Experience creating queries and reports using RSA Archer and ServiceNow.
Familiarity with Kanban boards and Jira.
Desired Competencies:
Big 4 accounting experience preferred.
Proficiency in both automated and manual testing of information security controls.
Strong critical thinking and problem-solving abilities
Ability to facilitate small group meetings and communicate complex ideas.
Ability to collect, validate, analyse, and translate control test data into evaluative conclusions.
Sound judgment in ambiguous or undefined control scenarios.
Ability to research and apply knowledge about emerging technologies as needed in control testing scenarios.
Agile working methodology experience.
About the Company
We're a leading global recruitment agency, specializing in digital talent and our mission is to create futures to make your life easier. Recruitment is the process of seeking out the best person for a job and the best job for a person. At Salt, not only do we strive for the best today, but to create the best future for all in an ever-changing digital world.
We see digital recruitment as working with businesses and candidates through digital disruption, innovation, transformation, and business change.
Our consultants are ...
Know more