Security Control Assurance Lead #3609144

Join a growing cybersecurity organization within a cloud-first business where security assurance, data protection, and control maturity are critical to enterprise resilience. This team is strengthening its cybersecurity and control governance foundation by aligning controls to NIST, improving risk-to-control mapping, and moving beyond point-in-time evidence collection toward continuous assurance and meaningful control effectiveness testing. The environment is collaborative and cross-functional, requiring close partnership with engineering, product, data, legal, compliance, accounting, finance, and core systems teams.

This is an opportunity to help mature a security control assurance program at a pivotal stage. The role offers the ability to shape how controls are tested, reported, automated, and embedded into cloud, engineering, and business workflows. The position is hybrid in Charlotte, NC, with three days onsite per week. Initial engagement is expected to be six months with potential for contract-to-hire conversion.

• Build, refine, and execute a risk-based security control assurance program across cloud-first enterprise systems.
• Map risks to controls and validate whether controls are designed and operating effectively.
• Move control assurance beyond point-in-time evidence gathering by developing repeatable testing, reporting, and monitoring practices.
• Test IT general controls, security controls, data protection controls, and enterprise / financial controls where applicable.
• Evaluate controls aligned to NIST CSF, NIST 800-53, PCI DSS, CCPA, CPRA, GDPR, and related state or federal requirements.
• Partner with development, engineering, data, infrastructure, legal, compliance, accounting, and finance teams to improve control design and control adoption.
• Assess controls tied to customer and financial data, including access, storage, transmission, retention, encryption, and DLP.
• Support audit readiness, external audit requests, evidence collection, and regulatory review activities.
• Develop monthly operational control status reporting and support quarterly or biannual full control testing cycles.
• Help refine existing control documentation, tooling, and testing processes.

• 8+ years of experience in cybersecurity, IT risk, internal audit, technology assurance, security governance, or related work.
• 3+ years of direct experience in security control assurance, control testing, or technology control validation.
• Strong knowledge of risk-to-control mapping and control testing methodologies, including design effectiveness and operating effectiveness testing.
• Hands-on experience with NIST CSF and NIST 800-53.
• Experience testing ITGCs, security controls, cloud controls, data protection controls, and enterprise controls.
• Cloud environment experience; AWS and/or GCP exposure is strongly preferred.
• Strong understanding of data risk involving customer data, financial data, access controls, encryption, DLP, retention, and secure data handling.
• Ability to work with engineering and development teams to understand technical control requirements and practical implementation options.
• Experience supporting audit readiness, evidence requests, control deficiency tracking, and remediation reporting.
• Ability to translate technical control gaps into business-relevant risk language for leadership.
• Bachelor’s degree in Computer Science, Information Security, Business Administration, or a related field.
• Certifications such as CISSP, CISA, CISM, or CRISC are preferred but not required.
• Utility-sector or highly regulated industry experience is a plus.