Security Control Assurance Lead #3609144

Join a mission-driven organization operating in the energy and utility space, where cybersecurity, data protection, and operational resilience are critical to supporting secure business growth. This team plays an important role in protecting sensitive customer, operational, and financial information while helping the business maintain alignment with regulatory obligations, internal security policies, and enterprise risk expectations. The environment calls for a collaborative security assurance professional who can partner across cybersecurity, IT, engineering, data governance, and legal stakeholders to strengthen control effectiveness and reduce data-related risk.

This opportunity offers the chance to lead and mature a continuous security control assurance program with strong visibility across cybersecurity, data governance, compliance, audit, and executive leadership. The role is ideal for someone who enjoys building structure, improving control testing practices, and translating technical security risks into clear business impact.

• Design, implement, and manage a risk-based security control assurance program across core IT and cybersecurity environments.
• Develop and execute formal control testing procedures, including audits, technical assessments, risk assessments, and control validation activities.
• Evaluate the effectiveness of security controls aligned to frameworks and regulatory requirements such as NIST CSF, ISO 27001, CCPA/CPRA, and GDPR.
• Lead continuous monitoring and internal audit activities for data protection controls, including access control, encryption, DLP, and retention policies.
• Serve as a key liaison during external audits, regulatory reviews, and evidence collection efforts.
• Identify, document, and assess risks tied to data handling, storage, transmission, and disposal across technology environments.
• Track control gaps, audit findings, non-conformities, and remediation progress.
• Develop test plans to evaluate control design and operating effectiveness, including BCP/DR and internal policy controls.
• Partner with Data Governance, IT, Engineering, and Legal teams to embed security requirements and control validation into business processes and system development lifecycles.

• 8+ years of experience in cybersecurity, IT risk, internal audit, technology assurance, or a related discipline.
• 3+ years of hands-on experience focused specifically on security control assurance, control testing, or technology control validation.
• Strong expertise with data protection controls, including DLP, encryption, access controls, encryption control validation, data retention, and secure data handling.
• Demonstrated experience working in highly regulated environments; utility sector experience is highly preferred.
• Strong understanding of security frameworks, standards, and control testing methodologies, including DET/OET.
• Working knowledge of NIST CSF and ISO 27001.
• Proven ability to design and execute manual and automated control testing procedures.
• Experience managing audit response, audit readiness, evidence collection, and external auditor/regulator interactions.
• Ability to assess risks related to data handling, transmission, storage, and disposal.
• Strong written and verbal communication skills, with the ability to explain complex technical issues in business-relevant risk language.
• Bachelor’s degree in Computer Science, Information Security, Business Administration, or a related field.
• Relevant certifications are strongly preferred, including CISSP, CISA, CISM, or CRISC.