IT Security Controls Auditor Utilities Predominantly remote: 1-3 days per month in Warwick 6 months £600 per day In short: IT Security Controls Auditor required to join a large utilities client in assessing the design of controls, testing them and documenting whether they are effective or ineffective across IT and Cyber. In full: We require someone to assist with the rollout and implementation of the IT Controls framework. Working within the Security Governance, Risk and Compliance (GRC) and reporting to Policy and Assurance Manager you will work on identifying controls owners for IT security controls within in the framework and work with them to assess the design and control effectiveness of the controls within their ownership. In addition, where control issues or gaps are identified you will support control owners to develop adequate remediation plans. Reporting to the Security GRC Policy and Assurance Manager and a working within a small team performing controls testing, you will document control walkthroughs, collect evidence supporting the control assessment and control conclusion. The scope of the work will encompass IT security controls in both an Enterprise IT and Operational Technology (OT) setting. Essential Experience: Multiple end-to-end project experience of auditing/testing IT security controls, including documenting walkthroughs and control assessment to high standards Previous experience could be from working in a 1.5, 2nd or 3rd line or external audit role. Professional qualification related to IT audit such as CISA or ISO27001 auditor Familiarity with IT control frameworks, such as NIST CSF, ISO27001 and CAF. Excellent communication skills, both verbal and written Strong stakeholder management skills with the ability to engage at all levels in a business Ability to work on own initiative with minimal supervision, organising and prioritising a demanding workload for yourself and manage stakeholders accordingly. Qualifications: Professional internal / external audit qualification such as IIA. CISA, ISO27001 auditor Candidates will ideally show evidence of the above in their CV in order to be considered. Please be advised if you haven't heard from us within 48 hours then unfortunately your application has not been successful on this occasion, we may however keep your details on file for any suitable future vacancies and contact you accordingly. Pontoon is an employment consultancy and operates as an equal opportunities employer.