Controls Testing Consultant Chief Controls Office - Security and Technology

at  Nationwide

As a Testing Consultant in the Controls Testing Team you will assess the design and operational effectiveness of controls across the Society, centred on Automation, Data (Governance and Privacy), Technology and Information Security Risk Management Frameworks and Cloud, to ensure they mitigate the risks that the Society faces to a defined risk appetite.
You will be responsible for testing controls to the highest standards and in accordance with our defined methodology, as well as working with the business to ensure control framework uplifts and enhancements deliver sustainable and proportionate risk mitigation.
To support this, our Control Testing Team is expanding and looking for an ambitious, energetic controls tester with a background in any of the above disciplines, ideally in the Financial Services sector, but not a necessity.
As part of the Chief Controls Office, the Controls Testing Team is critical to ensuring the design and operational effectiveness of controls through regular assessment, ensuring they are sufficiently robust to safely and reliably deliver the services our Members expect.
At Nationwide we offer hybrid working wherever possible. More rewarding relationships are supported through our hybrid approach, bringing colleagues together across our UK wide estate, whilst also supporting generous access to home working. We value our time in the office to solve problems, to learn, and to feel connected.
For this job you’ll be located at our nearest regional hub. There will be a need to regularly connect with colleagues for collaboration events in one of our office sites. This is anticipated to be in . If your application is successful, your hiring manager will provide further details on how this works. You can also find out more about our approach to hybrid working here.
If we receive a high volume of relevant applications, we may close the advert earlier than the advertised date, so please apply as soon as you can.

ABOUT YOU

• You’ll have a Technology, Information Security, Data Privacy, Technical Audit, Controls, Risk or Compliance background.
• Good communication skills are essential, you’ll be communicating updates and solutions with a variety of stakeholders working in different disciplines.
• The ability to relate to and influence peers and business colleagues.
• A degree, relevant qualification or equivalent operational experience in a technical technology or information security role.

You’ll have experience in at least one of the below three areas:

• Certified in or be on your way to completing any of CISA, CISM, CISSP and/or relevant Cloud, Cyber security or Data/Data Privacy certifications. (Training and support can be provided).
• A knowledge of NIST and ISO 27001/27002 standards and applicable security regulations (PCI-DSS etc.) – or Cloud and Cyber risk and control frameworks (CCM and CIS etc.).
• Any experience of applied testing of technology and/or information security management controls across large diverse technology environments. For example, MS Windows and Windows Server, UNIX, LINUX, Mainframes (UNISYS and Fujitsu) and/or database management systems, or networks etc.

Our Customer First behaviours are all about putting customers and members at the heart of how we work together. You can strengthen your application by showing the behaviours that resonate with you, and how you might have already demonstrated these.

• Say it straight - This is about being honest and direct with good intent and saying what needs to be said in the room. It’s also about being clear, precise, and using language that we and, importantly, our customers and members can understand.
• Push for better - This is about aiming high and constantly looking for better in how we work together and serve our customers and members.
• Get it done - This is about prioritising what will have the greatest impact, being decisive and taking accountability for delivering on the end-to-end outcome.

We know applying for jobs can sometimes feel like you’re sending an application into a black hole. We review each application individually. So, it’s a good idea to call out your most relevant experience on your application to give yourself the best chance.

You will be working as key part of the Controls Testing Team (CTT) to:

• Proactively contribute to the planning and timely delivery of a control testing plan for the first line of defence.
• Test controls against standards that drive continuous improvement in risk and control management practices and contribute to consistency.
• Report on the design adequacy and operational effectiveness of controls in line with our established control testing methodology.
• Work with the business to explain the results of your testing, and suggest ways through which control gaps can be remediated to strengthen the control environment.
• Explore new technologies / approaches to derive and deliver control testing efficiencies.
• Provide constructive challenge and advice to ensure the right outcomes for our members.
• Work as an integral member of CTT contributing to internal initiatives to drive a continuous improvement approach in all we do.