Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead the evaluation of security controls in cloud and on-premise environments.
- Company: Join a dynamic remote information security team focused on compliance and assurance.
- Benefits: Enjoy a fully remote role with competitive pay and potential contract extension.
- Why this job: Shape key assurance programmes while leading a team and making a real impact.
- Qualifications: 8+ years in IT audit or security assessments, with strong cloud experience required.
- Other info: Ideal for those with professional certifications and a background in high-compliance environments.
The predicted salary is between 36000 - 60000 Β£ per year.
Weβre supporting our client in the search for a Lead Security Control Assessor to join their remote information security team on a long-term contract. In this role, you will lead the evaluation and assurance of security controls across cloud and on-premise environments, ensuring compliance with internal policies and industry standards. This is a hands-on leadership role, offering the chance to shape the quality and impact of a key assurance programme.
Key Responsibilities
- Lead the design and delivery of scalable, repeatable methodologies for control testing, including automation in cloud environments.
- Plan and manage the execution of control testing β including risk identification, sampling, fieldwork, and reporting.
- Guide a team of assessors through testing activities and documentation reviews.
- Identify control gaps, assess associated risks, and produce high-quality reports with actionable insights.
- Act as the primary stakeholder interface for control testing engagements, ensuring progress updates and clear communication.
- Contribute to ongoing improvements in the assurance programme by standardising materials and defining measurable KPIs.
Skills & Experience Required
- 8+ years of experience in IT audit or information security control assessments, with 3+ years in a lead or managerial role.
- Demonstrated experience assessing security controls in cloud environments (AWS and Azure).
- Strong understanding of key frameworks and standards, including NIST 800-53, ISO 27001, CIS Controls, and COBIT.
- Professional certifications such as CISA, CISM, CISSP, or ISO 27001 Lead Auditor.
- Strong communication skills with the ability to translate technical findings into business language.
- Proficient in both automated and manual testing techniques for security controls.
Desirable Experience
- Experience with tools such as SailPoint, Rapid7, Wiz.io, Microsoft Defender, RSA Archer, and ServiceNow.
- Familiarity with automation and data analytics tools (Excel, Tableau, Alteryx, PowerBI).
- Agile methodology experience, ideally with Jira and Kanban boards.
- Background in a Big 4 consultancy or similar high-compliance environment.
Lead Security Control Assessor employer: developrec
Contact Detail:
developrec Recruiting Team
StudySmarter Expert Advice π€«
We think this is how you could land Lead Security Control Assessor
β¨Tip Number 1
Make sure to highlight your experience with cloud environments, particularly AWS and Azure, during any discussions. This role requires a strong understanding of security controls in these platforms, so be prepared to discuss specific projects or challenges you've faced.
β¨Tip Number 2
Familiarise yourself with the key frameworks and standards mentioned in the job description, such as NIST 800-53 and ISO 27001. Being able to speak confidently about how you've applied these standards in your previous roles will set you apart from other candidates.
β¨Tip Number 3
Demonstrate your leadership skills by preparing examples of how you've guided teams through testing activities. Discussing your approach to mentoring assessors and managing control testing will show that you're ready for this hands-on leadership role.
β¨Tip Number 4
If you have experience with automation and data analytics tools, make sure to mention it. Tools like Excel, Tableau, and PowerBI are valuable in this role, so being able to discuss how you've used them to improve processes will be beneficial.
We think you need these skills to ace Lead Security Control Assessor
Some tips for your application π«‘
Tailor Your CV: Make sure your CV highlights relevant experience in IT audit and information security control assessments. Emphasise your leadership roles and any specific projects related to cloud environments, especially AWS and Azure.
Craft a Compelling Cover Letter: In your cover letter, explain why you are the perfect fit for the Lead Security Control Assessor role. Mention your experience with key frameworks like NIST 800-53 and ISO 27001, and how your skills can contribute to the assurance programme.
Showcase Relevant Certifications: List your professional certifications such as CISA, CISM, CISSP, or ISO 27001 Lead Auditor prominently in your application. These credentials are crucial for this role and demonstrate your expertise in the field.
Highlight Communication Skills: Since strong communication skills are essential for this position, provide examples in your application of how you've successfully translated technical findings into business language in previous roles.
How to prepare for a job interview at developrec
β¨Showcase Your Leadership Skills
As a Lead Security Control Assessor, you'll be guiding a team. Be prepared to discuss your leadership style and provide examples of how you've successfully led teams in the past, especially in high-pressure environments.
β¨Demonstrate Technical Expertise
Make sure to highlight your experience with security controls in cloud environments like AWS and Azure. Be ready to discuss specific frameworks such as NIST 800-53 and ISO 27001, and how you've applied them in your previous roles.
β¨Prepare for Scenario-Based Questions
Expect questions that assess your problem-solving skills. Prepare to discuss how you would handle specific situations, such as identifying control gaps or managing risk during control testing.
β¨Communicate Clearly and Effectively
Strong communication skills are crucial for this role. Practice translating complex technical findings into business language, as you'll need to convey insights to stakeholders who may not have a technical background.