Morgan McKinley has partnered with a leading healthcare organisation as they look hire a security Control Assessor.
This is a pivotal role in delivering a multi-year control testing programme aligned to their Information Security Monitoring Plan and broader risk management strategy.
As the Security Control Assessor, you will be responsible for evaluating the design and operational effectiveness of security controls, engaging directly with stakeholders across the organisation, and providing critical insights to strengthen our cybersecurity posture.
Key Responsibilities
- Execute security control assessments based on the defined Monitoring Plan.
- Evaluate and improve existing master controls and associated procedures.
- Test and report on control design and operational effectiveness.
- Collaborate with control owners and senior stakeholders to review evidence and address deficiencies.
- Develop and track remediation plans for identified gaps.
- Ensure timely review cycles in line with internal governance.
- Log and manage findings using the GRC platform (preferably RSA Archer).
- Coordinate with colleagues in Risk and Compliance on GRC configuration changes.
- Contribute to the IT Risk Management process and information security policies.
What You Need:
- Bachelor's degree in Cybersecurity, Information Technology, or related field.
- Minimum 5 years' experience in cybersecurity, including 2+ years in control assessments.
- Strong knowledge of NIST CSF v2 and NIST 800-53 v5.
- Professional certifications such as CISA, CISSP, CISM, or CRISC.
- Familiarity with RSA Archer or similar GRC systems (preferred).
- Strong communication and stakeholder management skills.
- Analytical mindset with strong planning and time management abilities.
- Demonstrated commitment to upholding organisational values.
If the above matches you, apply now or message me for a confidential chat.
