Information Security Control Testing Lead

Information Security Control Testing Lead required for a global financial services firm. As part of the CCO, you will partner closely with Technology teams to assess risks, test controls, and drive consistent, high-quality control standards across the first line.

Role

As a Technology Risk & Security Control Testing Lead, you will:

• Improve oversight of non-financial risks by partnering with first-line business and technology owners
• Drive best practice and consistency in risk and control standards across the organisation
• Support a risk aware culture where employees understand their role in managing risk
• Perform risk assessments and control testing (RCSA) for Technology risk and control owners
• Contribute to testing strategy, methodology, and continuous improvement initiatives
• Deliver testing plans, report results, and track remediation progress
• Escalate material testing issues and emerging themes where appropriate
• Build strong relationships across Technology, Risk, and Controls teams

What we're looking for

• Experience in risk assessment and control/assurance testing from a 1LOD, 2LOD, or 3LOD role
• Strong understanding of Information Security & Technology Risk within Financial Services or a highly regulated environment
• Ability to identify, assess, and challenge risks associated with technology delivery
• Minimum 3+ years' experience in one or more of:
  • Information Security Risk Management
  • Internal Audit
  • Compliance
• Experience engaging with regulators is desirable

This role would suit

• Candidates from 2LOD or 3LOD looking to move into a 1LOD role
• Candidates with 1LOD control ownership, remediation, validation, or Technology experience

Qualifications (desirable, not essential)

• CISSP
• CISM