TASC

Principal Analyst, Control Testing, Certification and Assurance

TASC

full-time

Posted on:

Location Type: Office

Location: LondonUnited Kingdom

Visit company website

Explore more

AI Apply
Apply

Job Level

Lead

Tech Stack

Cyber Security

About the role

  • Lead and manage external audits for technical standards.
  • Support the Vice President and Director of Certification and Assurance.
  • Maintain certification related documentation.
  • Prepare and lead the organisation for annual certification audits.
  • Lead the assessment and validation of controls and processes.
  • Conduct periodic testing of key and non-key controls.
  • Evaluate compliance with internal policies, standards, and regulatory requirements.
  • Supervise and mentor junior team members.
  • Contribute to reporting for governance forums.

Requirements

  • Strong understanding and experience of working with control frameworks and standards (e.g. ISO27001, NIST, CRI, or PCI DSS).
  • Strong understanding and experience of conducting security related audits/reviews.
  • Experience of resolving varied and complex certification and assurance issues.
  • Proven experience in control testing or assurance within security in a regulated environment.
  • Excellent communication and stakeholder engagement skills.
  • Experience of managing and coaching junior team members.
  • Bachelor’s degree in Computer Science, Cyber Security, Information Technology, or a related field is desirable.
  • Certifications such as ISO27001, CISA, CISM, CISSP, PCI SSC ISA, CRISC, or equivalent is desirable.
Benefits
  • Lead and manage external audits for technical standards, e.g. PCI DSS and PCI PIN.
  • Support the Vice President and Director of Certification and Assurance.
  • Provide strategic input into the evolution and continuous improvement of Certification and Assurance team processes and procedures.
  • Maintain certification related documentation.
  • Prepare and lead the organisation for annual certification audits.
  • Lead the assessment and validation of controls and processes against various security standards.
  • Lead the team on the management of certifications and assurance activities.
  • Conduct periodic testing of key and non-key controls in line with the Control Testing Methodology.
  • Evaluate compliance with internal policies, standards, regulatory requirements, and customer obligations.
  • Prepare and review control testing documentation, including test procedures, results, and identified gaps.
  • Ensure timely escalation of control deficiencies and support remediation tracking.
  • Create and quality assure reports and team outputs.
  • Supervise and mentor junior team members, providing guidance on certification requirements, assurance requirements, testing execution and quality assurance.
  • Support the development and refinement of certification management.
  • Contribute to the maturity of the 3 Lines of Defence model and promote a culture of proactive risk management.
  • Stay informed on emerging risks, regulatory changes, certification changes and industry best practices with a focus on cybersecurity risks.

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
control frameworksISO27001NISTCRIPCI DSSsecurity auditscontrol testingassuranceregulatory compliance
Soft skills
communicationstakeholder engagementmentoringteam management
Certifications
ISO27001CISACISMCISSPPCI SSC ISACRISC