Information Security Controls Manager
Job Description
[Please reach out to Joe Pocock for Comp Package | Hybrid Working - 3 Days in Office | 12 Month Fixed-Term Contract]
Role Overview
We’re supporting a leading pensions and insurance provider on a multi-year cloud transformation - embedding robust security at the core of its technology function. As the business continues scaling its modern infrastructure, the Information & Technology Risk team plays a central role in shaping how security is implemented, measured, and evolved across the estate. This is a hands-on role for someone who thrives on translating frameworks into action - working cross-functionally with engineers, project leads, and senior stakeholders to operationalise control libraries, close documentation gaps, and align security standards to NIST CSF 2. It requires strong systems and networking skills, or at the very least a high level of technical understanding, to credibly engage with and guide systems engineers. It’s a high-impact position ideal for someone confident navigating both the technical and governance sides of cyber risk...
Key Responsibilities
- Drive the implementation of NIST CSF 2.0, mapping core requirements to existing standards and technical controls across the cloud-native estate
- Identify documentation or implementation gaps in security controls - spanning infrastructure, platform, SaaS, and data layers
- Partner with engineers and platform leads to understand how controls are applied in practice, and ensure they’re measurable and repeatable
- Define and maintain lightweight security standards that reflect real-world control execution and enable adoption across tech teams
- Lead the creation and management of Key Control Indicators (KCIs) via the Continuous Controls Monitoring platform - surfacing themes like IAM, malware defence, and backup integrity
- Act as the go-to SME for strategic projects - helping identify control requirements, embed them into delivery, and manage risk assessments
- Conduct targeted control reviews focused on common threat areas (e.g. SaaS authentication, ransomware resilience, privileged access) and summarise risks and mitigation strategies
- Build and maintain control-based dashboards and executive reporting to support internal governance
- Support the secure implementation and oversight of AI technologies used internally or provided by third parties
- Promote consistent, scalable control practices across the technology organisation - contributing to a more secure and accountable engineering culture
What You’ll Bring...
- 4+ years’ experience in a technology risk or information security governance role, ideally within highly regulated or cloud-native environments
- Hands-on experience implementing or aligning with NIST CSF 2.0, including policy mapping and technical control validation
- Working knowledge of cloud and infrastructure security - including IAM, encryption, authentication, backups, and API integrations
- Strong working knowledge of networking and systems engineering
- Familiarity with security frameworks such as ISO27001/2, NIST 800-53, or COBIT
- Demonstrated success in translating security standards into real-world control adoption - whether through automation, documentation, or collaboration
- Experience with Atlassian tools (e.g. Jira, Confluence) for tracking control maturity or risk reduction
- Experience using or integrating Continuous Controls Monitoring (CCM) platforms to support assurance activities
- (Preferred) Industry certifications such as CISA, CRISC, CISSP or equivalent
- (Preferred) Background in Computer Science, Information Security or a similar technical discipline
- (Preferred) Experience conducting security assurance or control reviews within financial services
...
Apply for this role
All fields marked with * are required.