Applicant Controls Security Specialist

Basic Function

An Controls Specialist plays a vital role in safeguarding the organization's IT infrastructure by ensuring the effectiveness of security controls. 

Ensure efficiency and monitor the IT security controls (Data Validation, Authorization Controls, Data Encryption, Audit Logging and Monitoring etc) of our applications (on prem and cloud based), operate efficiently and effectively, aligned with information risk and security policies and standards, adhere to compliance policies and standards, and to the organizations security risk profiles.

The role will play a big part in supporting our internal controls improvement journey, by working to manage the design, implementation, and monitoring of IT controls as part of our ongoing internal compliance programme, building capabilities to support and protect businesses strategy and operations. This role involves proactively monitoring and remediating control points and areas of risk, areas which require improvement and exception issue.

This role involves collaborating closely with cross-functional teams to ensure secure and seamless customer experiences across our platforms.
 

Roles & Responsibilities

• Review product architectures for IT control security design gaps and vulnerabilities and consult with product teams and cyber security to remediate or mitigate cyber risk. Identify IT application end to end security deficiencies and implement approved remedial actions.
• Support adoption of comprehensive application security processes, procedures, and guidelines.
• Undertake required tactical application security skills and awareness training as required.
• Implement systems and integrations to driver greater automation and remove areas of human error.
• Collaborate with internal and external auditors during IT audits.
• Regularly assess the effectiveness of IT application controls using defined metrics and indicators.
• Prepare regular reports on outcomes and recommend enhancements to bolster IT governance.
• Proactively monitor IT security controls (data validation, authorization, encryption, audit logging, etc.) for key applications (on-premises and cloud-based) to identify weaknesses and potential vulnerabilities.
• Analyze security alerts and application security control deficiencies, recommending and implementing corrective actions.
• Regularly assess the effectiveness of IT security controls using defined metrics and indicators to identify areas for improvement.
• Collaborate with internal and external auditors during IT audits, providing technical expertise and insights.
• Ensure IT security controls operate efficiently and effectively, aligned with information security policies, standards, and compliance requirements.
• Identify and address gaps in security control design to mitigate cyber risks.
• Support the adoption of comprehensive application security processes and procedures, ensuring adherence to security best practices.
• Collaborate with cross-functional teams (product, development, security) to ensure a secure and seamless customer experience across platforms.
• Prepare regular reports on security control effectiveness and recommend enhancements to strengthen IT governance.
• Communicate effectively with technical and non-technical audiences regarding security controls and findings.

Min. Qualifications

• Bachelor's degree in Information Technology, Computer Science, or a related field (preferred).
• 7+ years of experience in IT security controls analysis, IT audit, or a similar role.
• Expert knowledge of IT security controls and best practices (data validation, authorization, encryption, audit logging, etc.).
• Experience with security tools and technologies used for control monitoring and analysis.
• Understanding of cloud security concepts and technologies (if applicable).
• SOX knowledge, in addition to experience of implementing/auditing against US SOx IT framework control.
• Expert knowledge and practical product and software security experience, including secure SDLC practices, defense-in-depth design architectures, and secure by default configurations
• 3 years of experience supporting software security governance and compliance activities, i.e. metrics, assessments, audits, exercises, risk frameworks, and maturity models
• 2 + years experience with Cloud technologies;
• Identity and Access Management:
• Application Security Principles and Best Practices: 
• Security Tools and Technologies: 
• Application cloud and on prem logic and data layer architecture, inc SQL, Oracle and Azure.
• Bachelor’s degree in Information Technology, Computer Science, or related field.
• Relevant certifications such as COSO, ISO27001 are preferred.
• Proven experience in IT application control analysis, IT audit, or a similar role.
• Strong understanding of IT governance frameworks and regulatory compliance.

Desired Skills:

• Experience with security automation tools and scripting languages (e.g., Python, PowerShell).
• Experience with SharePoint and project management tools.
• Familiarity with GAAP and financial reporting.

Soft Skills

• Detail and systematic thinking
• Detailed troubleshooting skills
• Written and oral communication
• Technical organization and troubleshooting
• Issue resolution and risk mitigation
• Commitment to follow standards

Preferred Qualifications

Competencies