Manager, 1st Line Controls Testing, Certification and Assurance

Title and Summary

Manager, 1st Line Controls Testing, Certification and Assurance

Main purpose of the role

The newly established 1st Line Control Office function within Vocalink Limited (VLL) is seeking a Manager to join the Control Testing, Certification and Assurance team. This role will be responsible for managing certifications, certification audits and other assurance activities, including conducting control testing to support the retention of VLL's certifications across multiple frameworks and the delivery of assurance obligations. The position requires a broad understanding of security and technology control frameworks, with hands on experience across standards such as ISO27001, ISO22301, PCIDSS, PCIPIN, SWIFTCSP, ISAE3000, etc. The successful candidate must have proven expertise in analysing and assessing control design, implementation and operating effectiveness against at least one of these standards, ensuring compliance and identifying gaps. The role will also include coordinating and managing external audits to ensure smooth execution, therefore experience of this is required.

Key Responsibilities Certification and Assurance Responsibilities

• Maintain certification and assurance related documentation.
• Prepare the organisation for annual certification audits.
• Support the assessment and validation of controls and processes against a variety of security standards and obligations.
• Support the team in the management of VLL certifications, e.g. ISO27001 and PCIDSS.
• Support the team in the management of other assurance activities, e.g. ISAE3000.
• Conduct periodic testing of key and non key controls in line with the Control Testing Methodology.
• Evaluate compliance with internal policies, standards, regulatory requirements and customer obligations.
• Prepare and review control testing documentation, including test procedures, results, and identified gaps.
• Ensure timely escalation of control deficiencies and support remediation tracking.
• Create and quality assure reports and team outputs.

Team Leadership, Collaboration & Stakeholder Engagement

• Supervise and mentor junior team members (e.g. Senior Analysts), providing guidance on certification requirements, assurance requirements, testing execution and quality assurance.
• Support the Vice President and Director of Certification and Assurance in the development and maintenance of the annual Control Testing, Certification and Assurance plan.
• Build and maintain strong partnerships with Control and Process Owners and Operators to ensure efficient and effective execution of certification maintenance and assurance activities.
• Contribute to reporting for governance forums, including dashboards, thematic reviews, and trend analysis.

Governance & Continuous Improvement

• Support the development and refinement of certification management, assurance/control testing processes, standards, tools and methodologies.
• Contribute to the maturity of the 3 Lines of Defence model and promote a culture of proactive risk management.
• Stay informed on emerging risks, regulatory changes, certification changes and industry best practices with a focus on cybersecurity risks.

Knowledge, Skills and Expertise Experience

• Experience working with security related control frameworks and standards (e.g. ISO27001, NIST, CRI, or PCI DSS).
• Experience conducting security related audits/reviews and managing/co ordinating external audits including certification audits.
• Ability to assess control design and operating effectiveness in complex environments and to identify control gaps and improvement opportunities.
• Experience resolving certification and assurance issues.
• Knowledge and experience of all areas of security.
• Strong investigative and analytical experience (e.g. enquiry, scanning, analysis, interviewing, testing), problem solving and decision making skills.
• Experience collaborating cross functionally to identify and implement good practice security audit management and assurance processes.
• Excellent communication and stakeholder engagement skills.

Qualifications

• Certifications such as ISO27001 Lead Auditor, CISA, CISM, CISSP, PCISSCISA, CRISC, or equivalent are desirable.

Preferred Skills & Attributes

• Bachelor's degree in Computer Science, Cyber Security, Information Technology or a related field.
• Good knowledge of security controls and IT general controls across a variety of technologies and environments.
• Proficiency in Microsoft Office Suite (MSWord, MSExcel, MSAccess and MSPowerPoint).
• Strong organisational skills with the ability to prioritise and manage multiple tasks.
• Self starter with a continuous improvement mindset and a collaborative approach.
• Experience creating presentations for business discussions and reporting.
• Experience of Risk Management / GRC related technologies and toolsets.
• Experience working in cross functional large projects with dispersed teams.