TASC

Manager, 1st Line Controls Testing, Certification and Assurance

TASC

full-time

Posted on:

Location Type: Office

Location: LondonUnited Kingdom

Visit company website

Explore more

AI Apply
Apply

Tech Stack

Cyber Security

About the role

  • Maintain certification and assurance related documentation.
  • Prepare the organisation for annual certification audits.
  • Support the assessment and validation of controls and processes against a variety of security standards and obligations.
  • Support the team in the management of VLL certifications, e.g. ISO27001 and PCI DSS.
  • Support the team in the management of other assurance activities, e.g. ISAE3000.
  • Conduct periodic testing of key and non-key controls in line with the Control Testing Methodology.
  • Evaluate compliance with internal policies, standards, regulatory requirements, and customer obligations.
  • Prepare and review control testing documentation, including test procedures, results, and identified gaps.
  • Ensure timely escalation of control deficiencies and support remediation tracking.
  • Create and quality assure reports and team outputs.
  • Supervise and mentor junior team members (e.g. Senior Analysts), providing guidance on certification requirements, assurance requirements, testing execution and quality assurance.
  • Support the Vice President and Director of Certification and Assurance in the development and maintenance of the annual Control Testing, Certification and Assurance plan.
  • Build and maintain strong partnerships with Control and Process Owners and Operators to ensure efficient and effective execution of certification maintenance and assurance activities.
  • Contribute to reporting for governance forums, including dashboards, thematic reviews, and trend analysis.
  • Support the development and refinement of certification management, assurance/control testing processes, standards, tools, and methodologies.
  • Contribute to the maturity of the 3 Lines of Defence model and promote a culture of proactive risk management.
  • Stay informed on emerging risks, regulatory changes, certification changes and industry best practices with a focus on cybersecurity risks.

Requirements

  • Experience of working with security related control frameworks and standards (e.g. ISO27001, NIST, CRI, or PCI-DSS).
  • Experience of conducting security related audits/reviews and managing/coordinating external audits including certification audits.
  • Ability to assess control design and operating effectiveness in complex environments and to identify control gaps and improvement opportunities.
  • Experience of resolving certification and assurance issues.
  • Knowledge and experience of all areas of security.
  • Strong investigative and analytical experience (e.g. enquiry, scanning, analysis, interviewing, testing), problem-solving, and decision-making skills.
  • Experience collaborating cross-functionally to identify and implement good practice security audit management and assurance processes.
  • Excellent communication and stakeholder engagement skills.
  • Certifications such as ISO27001 Lead Auditor, CISA, CISM, CISSP, PCI SSC ISA, CRISC, or equivalent is desirable.
  • Bachelor’s degree in Computer Science, Cyber Security, Information Technology, or a related field.
  • Good Knowledge of security controls and IT general controls across a variety of technologies and environments.
  • Proficiency in Microsoft Office Suite (MS Word, MS Excel, MS Access and MS PowerPoint).
  • Strong organisational skills with the ability to prioritise and manage multiple tasks.
  • Self-starter with a continuous improvement mindset and a collaborative approach.
  • Experience creating presentations for business discussions and reporting.
  • Experience of Risk Management / GRC related technologies and toolsets.
  • Experience working in cross-functional large projects with dispersed teams.
Benefits
  • Health insurance
  • Professional development opportunities

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
ISO27001PCI DSSISAE3000NISTCRIsecurity auditscontrol testingrisk managementsecurity controlsIT general controls
Soft skills
analytical skillsproblem-solvingdecision-makingcommunication skillsstakeholder engagementorganisational skillscollaborative approachself-startermentoringreporting
Certifications
ISO27001 Lead AuditorCISACISMCISSPPCI SSC ISACRISC