Job Description
In this highly visible role, you will:
- Perform design and operating effectiveness testing of information security controls
- Execute periodic control testing across infrastructure, applications and cloud
- Develop and maintain control testing plans, test scripts, and evidence requirements
- Identify control gaps, assess risk impact, and recommend remediation actions
- Track remediation plans and closure of control deficiencies
- Prepare clear testing reports, executive summaries, and dashboards
- Communicate findings to senior management and risk committees
Work Experience
The ideal candidate for this position should have:
· Strong experience in security control assessment and testing
· Ability to assess both technical and process controls
· Strong documentation, reporting, and communication skills
· Strong understanding of information security controls and assurance models
· Hands-on experience with ISO 27001, NIST, SOC and PCI DSS
· Proven ability to work in cross-functional teams and manage complex projects
· Preferred security certification e.g. CISSP, CISM, CISA and PCI DSS (ISA / PCIP - preferred)
· Excellent written and verbal communication skills to interact with stakeholders
NICE Framework References
National Initiative for Cybersecurity Education (NICE) competency proficiency levels of advanced to expert in the following areas (recommended no more than 6):
· Risk Management & Control Assessment
· Security Control Validation and Assurance
· Cybersecurity Governance & Compliance
· Frameworks & Standards Management
· Technical Security Assessment
· Cyber Risk Reporting & Communication