1st Line Security Controls Testing Manager in Harrogate

The newly created Vocalink Control Office function is seeking a Manager within the 1st Line Control Testing team to support the delivery of control testing activities across security control domains within Vocalink Limited (VLL). VLL is a Bank of England regulated, Critical National Infrastructure (CNI) company that enables the payments of 90% of salaries, 70% of utility bills, most ATM transactions and every cheque cleared in the UK.

Main Purpose Of Role

Support the delivery of control testing activities and embed a strong control environment by executing control testing, identifying control gaps and supporting continuous improvement in risk management practices.

Key Responsibilities

• Conduct periodic testing of key and non-key controls in line with the Control Testing Methodology.
• Evaluate compliance with internal policies, standards, regulatory requirements, and customer obligations.
• Prepare and review control testing documentation, including test procedures, results, and identified gaps.
• Ensure timely escalation of control deficiencies and support remediation tracking.
• Supervise and mentor junior team members (Senior Analysts), providing guidance on testing execution and quality assurance.
• Support the Director of Control Testing in delivering the annual testing plan and contributing to team development.
• Engage with 1st Line teams while coordinating closely with 2nd Line Security partners and maintaining effective liaison with Internal Audit.
• Contribute to reporting for governance forums, including dashboards, thematic reviews, and trend analysis.
• Partner with control owners, providing guidance on control effectiveness and remediation.
• Support the development and refinement of control testing standards, tools, and methodologies.
• Contribute to the maturity of the 3 Lines of Defence model and promote a culture of proactive risk management.
• Stay informed on emerging risks, regulatory changes, and industry best practices with a focus on cybersecurity risks.

Experience & Qualifications

• Experience in control testing, or assurance, and risk management within security in a regulated environment.
• Strong investigative and analytical experience (e.g., enquiry, scanning, analysis, interviewing, testing), problem-solving, and decision-making skills.
• Strong understanding of control frameworks and standards (e.g., NIST, CRI, ISO and PCI-DSS).
• Ability to assess control design and operating effectiveness in complex environments and to identify control gaps and improvement opportunities.
• Excellent communication and stakeholder engagement skills.
• Professional certifications such as CISA, CISM, CISSP, CRISC, ISO 27001 or equivalent is desirable.

Preferred Skills & Attributes

• Bachelor’s degree in Computer Science, Cyber Security, Information Technology, or related field.
• Good knowledge of security controls and IT general controls across platforms such as UNIX, HP Nonstop, and Windows.
• Understanding of software development lifecycle (SDLC), DevOps, and cloud technologies.
• Proficiency in data analytics tools such as ACL or similar control testing tools.
• Proficiency in Microsoft Office Suite (MS Word, MS Excel, MS Access and MS PowerPoint).
• Strong organisational skills with the ability to prioritise and manage multiple tasks.
• Self-starter with a continuous improvement mindset and a collaborative approach.

Corporate Security Responsibility

• Abide by Mastercard’s security policies and practices;
• Ensure the confidentiality and integrity of the information being accessed;
• Report any suspected information security violation or breach, and
• Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.