Controls Testing Senior Analyst (1st Line Security)

Requirements

• Experience in control testing, or assurance, and risk management within security in a regulated environment.
• Good investigative and analytical experience (e.g. enquiry, scanning, analysis, interviewing, testing), problem-solving, and decision-making skills.
• Good understanding of control frameworks and standards (e.g., NIST, CRI, ISO and PCI-DSS).
• Ability to assess control design and operating effectiveness in complex environments and to identify control gaps and improvement opportunities.
• Good communication and stakeholder engagement skills.
• Professional certifications such as CISA, CRISC, ISO 27001 or equivalent is desirable.
• (Desirable) Bachelor’s degree in Information Technology, Computer Science, Cyber Security, or related field.
• (Desirable) Good knowledge of security controls and IT general controls across platforms such as UNIX, HP Nonstop, and Windows.
• (Desirable) Proficiency in Microsoft Office Suite (MS Word, MS Excel, MS Access and MS PowerPoint).
• (Desirable) Strong organisational skills with the ability to prioritise and manage multiple tasks.
• (Desirable) Self-starter with a continuous improvement mindset and a collaborative approach.

What the job involves

• The newly created Vocalink Control Office function is seeking a Senior Analyst within the 1st Line Control Testing team to support the delivery of control testing activities across Security control domains, within Vocalink Limited (VLL).
• VLL is a Bank of England regulated, Critical National Infrastructure (CNI) company that enables the payments of 90% of salaries, 70% of utility bills, most ATM transactions and every cheque cleared in the UK.
• This role plays a key part in embedding a strong control environment by executing control testing, identifying control gaps, and supporting continuous improvement in risk management practices.
• Support periodic testing of key and non-key controls in accordance with the Control Testing Methodology.
• Assess control design and operating effectiveness against internal policies, standards, regulatory requirements, and customer obligations.
• Timely collection of control testing evidence from relevant Control Owners to support scheduled testing activities.
• Prepare clear and accurate test documentation, including test procedures, execution results, and supporting evidence.
• Identify and document control deficiencies, ensuring timely escalation to the Manager and supporting remediation follow-up activities.
• Monitoring the control testing mailbox to ensure timely review and response to incoming queries and submissions.
• Work closely with 1st Line teams to obtain evidence, clarify control processes, and support accurate testing outcomes.
• Liaise with 2nd Line Security partners and Internal Audit as directed, ensuring transparency and alignment with control testing activities.
• Contribute to the preparation of management information, dashboards, and thematic analysis for governance forums.
• Support control owners by providing observations on control effectiveness and contributing to discussions on remediation approaches.
• Adhere to established control testing standards, procedures, and documentation requirements.
• Provide input on opportunities to streamline testing activities, improve efficiency, and enhance the consistency of outcomes.
• Maintain awareness of relevant regulatory requirements, emerging risks, and industry practices, particularly within the security domains.
• Contribute to strengthening the 3 Lines of Defence model by embedding robust and transparent testing practices.
• Abide by Mastercard’s security policies and practices.
• Ensure the confidentiality and integrity of the information being accessed.
• Report any suspected information security violation or breach.
• Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.