IT Control Tester

This project has been archived and is not accepting more applications.
Browse open projects on our job board.


Testing Regulatory Compliance Computer Security Risk Management Auditing Internal Controls Communication ISO/IEC 27001 PCI Data Security Standards Quality Management Risk Analysis Carry Out Assessments Metrics IT General Controls (ITGC) National Institute of Standards and Technology (NIST) Analytical Thinking Application Security Automation Business Intelligence Business Processes Certified Information Systems Security Professional Certified Information Security Manager Cloud Computing Finance Governance Governance Risk Management and Compliance Problem Solving Memos Negotiation Operational Risk Management Persuasive Control Framework Risk-Based Testing Stakeholder Management Standards-Compliant Report Writing Test Method Certified Information Systems Auditor Attention To Detail Information Technology External Audits GDPR Safety Principles Network Server Kpi Reporting


Job Purpose:

The information security compliance team is responsible for providing independent and objective oversight of the management of risks arising from the organisation's business processes, people, systems, or external events. The Internal IT Controls Tester will determine compliance with the organisation's Common Control Framework including all internal & external controls applicable to the business and its security standards through testing or other assessment methods.

Key Responsibilities:

  • Support the Information Security Compliance Lead in defining, implementing, and continuously improving the IT Control testing programme for independent control activities which meets the organisation's internal control standards
  • Support the Information Security Compliance Lead in:
    • developing standards to independently monitor and evaluate controls, including transaction testing
    • creating and managing control evaluation (including transaction testing) coverage plans and metrics, including testing approach and scoping/sampling, and determining the testing procedures, reporting templates and scripts to be used
    • providing holistic review and challenge of control assessments
    • performing risk-based testing activities that independently evaluate the design and effectiveness of controls
  • Exhibit high attention to details in identifying, aggregating, and communicating issues and control gaps to appropriate stakeholders
  • Display interpersonal and negotiation qualities to articulate results/conclusions/memos of control testing activities and communicate to key stakeholders across the firm
  • Lead the management of necessary remediation by effectively working cross-functionally with various business units/functions and capabilities.
  • Assist in providing reporting on remediation progress and next steps, including regular review of compliance remediation activities.
  • Contribute to the development of compliance reporting, including regular updates to senior management on the control testing environment
  • Continuously develop domain subject matter expertise in control evaluation activities.
  • Contribute to ad-hoc assignments/special projects.
  • Evaluate the effectiveness of risk management, control and governance processes and suggest improvements.
  • Review data for a variety of processes to identify trends, anomalies and transactions which require additional review
  • Provide input to the annual internal audit and compliance programme as directed.
  • Provide support for internal and external audits; ISO27001, PCI-DSS, Cyber Essentials and Cyber Essentials+, SOC2 and other security compliance programmes.
  • Analyse data to provide insights on the governance, risk and compliance maturity and effectiveness.
  • Provide capability line reporting on key risk and controls including key performance indicators and metrics.
  • Provide reporting on remediation progress and next steps. including regular review of compliance remediation activities.

Knowledge, Experience & Skills:

  • A minimum of 5 to 7 years of experience in an information security role, with at least 5 years of experience in risk management, internal audit, or compliance role.
  • Strong business knowledge of financial services and IT controls testing.
  • Understanding of Risk Management/Operational Risk Management and Internal Controls testing methodology and related regulatory and compliance standards.
  • Good knowledge and practical experience utilising global frameworks including ISO 27001, ISO 27702, CIS, SOC 2 Type 1/2 Report, PCI-DSS, NIST Cybersecurity Framework, NIST 800-53, and ISF.
  • Good understanding of privacy requirements (including GDPR etc.).
  • Good working knowledge of the IT security aspects of IT infrastructure (network and Servers) and services, including Cloud computing and application security.
  • Excellent written and verbal communication skills, including report writing.
  • Strong analytical, problem-solving, and influencing skills.
  • Proven track record building strong relationships across multiple business functions
  • Security certifications preferred (CISSP, CISA, CISM or equivalent).
  • Experience of working with automated continuous controls monitoring tools.
  • Ability to deal effectively with conflict
Start date
12 months
McCabe & Barton
Published at
Project ID:
To apply to this project you must log in.