Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead the evaluation of security controls in cloud and on-premise environments.
- Company: Join a dynamic remote information security team focused on compliance and assurance.
- Benefits: Enjoy a fully remote role with competitive pay and potential contract extension.
- Why this job: Shape key assurance programmes while leading a team and making a real impact.
- Qualifications: 8+ years in IT audit or security assessments, with strong cloud experience required.
- Other info: Ideal for those with certifications like CISA, CISM, or CISSP.
The predicted salary is between 48000 - 72000 Β£ per year.
Weβre supporting our client in the search for a Lead Security Control Assessor to join their remote information security team on a long-term contract. In this role, you will lead the evaluation and assurance of security controls across cloud and on-premise environments, ensuring compliance with internal policies and industry standards. This is a hands-on leadership role, offering the chance to shape the quality and impact of a key assurance programme.
Key Responsibilities
- Lead the design and delivery of scalable, repeatable methodologies for control testing, including automation in cloud environments.
- Plan and manage the execution of control testing β including risk identification, sampling, fieldwork, and reporting.
- Guide a team of assessors through testing activities and documentation reviews.
- Identify control gaps, assess associated risks, and produce high-quality reports with actionable insights.
- Act as the primary stakeholder interface for control testing engagements, ensuring progress updates and clear communication.
- Contribute to ongoing improvements in the assurance programme by standardising materials and defining measurable KPIs.
Skills & Experience Required
- 8+ years of experience in IT audit or information security control assessments, with 3+ years in a lead or managerial role.
- Demonstrated experience assessing security controls in cloud environments (AWS and Azure).
- Strong understanding of key frameworks and standards, including NIST 800-53, ISO 27001, CIS Controls, and COBIT.
- Professional certifications such as CISA, CISM, CISSP, or ISO 27001 Lead Auditor.
- Strong communication skills with the ability to translate technical findings into business language.
- Proficient in both automated and manual testing techniques for security controls.
Desirable Experience
- Experience with tools such as SailPoint, Rapid7, Wiz.io, Microsoft Defender, RSA Archer, and ServiceNow.
- Familiarity with automation and data analytics tools (Excel, Tableau, Alteryx, PowerBI).
- Agile methodology experience, ideally with Jira and Kanban boards.
- Background in a Big 4 consultancy or similar high-compliance environment.
Lead Security Control Assessor employer: developrec
Contact Detail:
developrec Recruiting Team
StudySmarter Expert Advice π€«
We think this is how you could land Lead Security Control Assessor
β¨Tip Number 1
Network with professionals in the information security field, especially those who have experience with cloud environments. Join relevant online forums or LinkedIn groups where you can engage in discussions and ask for insights about the role.
β¨Tip Number 2
Familiarise yourself with the specific frameworks and standards mentioned in the job description, such as NIST 800-53 and ISO 27001. Consider attending webinars or workshops that focus on these areas to enhance your understanding and demonstrate your commitment.
β¨Tip Number 3
Prepare to discuss your leadership style and experiences in managing teams during interviews. Think of specific examples where you guided assessors through testing activities and how you ensured effective communication throughout the process.
β¨Tip Number 4
Showcase your proficiency with tools like SailPoint and Rapid7 by discussing any hands-on experience you have with them. If you haven't used these tools directly, consider exploring their functionalities through demos or tutorials to speak knowledgeably about them.
We think you need these skills to ace Lead Security Control Assessor
Some tips for your application π«‘
Tailor Your CV: Make sure your CV highlights your relevant experience in IT audit and information security control assessments. Emphasise your leadership roles and any specific projects related to cloud environments, especially AWS and Azure.
Craft a Compelling Cover Letter: In your cover letter, explain why you are the perfect fit for the Lead Security Control Assessor role. Mention your experience with key frameworks like NIST 800-53 and ISO 27001, and how your skills can contribute to the assurance programme.
Showcase Your Certifications: List your professional certifications prominently in your application. Highlight certifications such as CISA, CISM, CISSP, or ISO 27001 Lead Auditor, as these are crucial for this role.
Demonstrate Communication Skills: Since strong communication skills are essential, provide examples in your application of how you've successfully translated technical findings into business language in previous roles. This will show your ability to engage with stakeholders effectively.
How to prepare for a job interview at developrec
β¨Showcase Your Leadership Skills
As a Lead Security Control Assessor, you'll be guiding a team. Be prepared to discuss your leadership style and provide examples of how you've successfully managed teams in the past, especially in high-pressure environments.
β¨Demonstrate Technical Expertise
Make sure you can confidently discuss your experience with security controls in cloud environments like AWS and Azure. Be ready to explain key frameworks such as NIST 800-53 and ISO 27001, and how you've applied them in previous roles.
β¨Prepare for Scenario-Based Questions
Expect questions that assess your problem-solving skills. Prepare to walk through specific scenarios where you've identified control gaps or risks, detailing your thought process and the actions you took to address them.
β¨Communicate Clearly and Effectively
Strong communication skills are essential for this role. Practice translating complex technical findings into business language, ensuring that you can convey your insights clearly to stakeholders who may not have a technical background.