Role: Control Tester – Tech Controls
Overview: Execute operational effectiveness testing for technology controls across a broad suite of NIST domains; produce high-quality workpapers and findings across multiple technical domains.
Experience:
• 5–8+ years in IT audit/controls testing/cyber risk
• Demonstrated experience running tests end-to-end (walkthrough $B"*(J sampling $B"*(J conclusion)
Responsibilities:
• Perform walkthroughs, document control execution and maintain detailed notes of stakeholder interactions and information gathering.
• Create/execute test procedures aligned to communicated methodology (examine/interview/test).
• Select samples, evaluate evidence sufficiency, and draft exceptions/findings.
• Support remediation validation and retesting; and track follow on actions with stakeholders.
Required Skills / Knowledge:
• Strong evidence evaluation, sampling judgment, and workpaper discipline/
• Technical depth in 3–5 domains (IAM, change, config, vuln/patch, logging, IR, backup/DR, cloud).
• Clear writing (criteria/condition/cause/impact) and stakeholder management.
Preferably we would like the team to have a level of technical depth and coverage across the following set of Technology & Cybersecurity topics:
• Asset Management
• Business Continuity & Disaster Recovery (BC/DR)
• Configuration & Change Management
• Governance, Risk & Compliance
• Cryptography & Key Management
• Endpoint Security
• Personnel Security & HR Controls
• Identity, Authentication & Access Management (IAAM)
• Incident Response
• Security Monitoring, Logging & Analysis
• Network & Perimeter Security
• Physical & Environmental Security
• Resource & Capacity Management
• Security Awareness & Training
• Secure Engineering & SDLC
• Supply Chain & Third-Party Risk
• Threat & Vulnerability Management
