We’re looking for an Operational Effectiveness Tester who evaluates whether controls actually work in production—not just on audit day. This role focuses on evidence quality, regulatory exposure, and real control performance across complex, legacy, cloud, and hybrid environments.
What You’ll Do
- Test design vs. operating effectiveness of controls
- Perform end-to-end walkthroughs and re-performance
- Execute manual and automated sampling
- Assess evidence quality (system-generated > screenshots > attestations)
- Identify control failure patterns and compensating controls
- Rate issues based on regulatory impact, not theoretical risk
Required Experience
- Telecom / network data risk (CPNI, CDRs, location data, lawful intercept)
- Identity & Access Management:
- JML lifecycle testing
- Privileged access (CyberArk or equivalent)
- Break-glass, service accounts, access reviews, SoD
- Cloud & hybrid environments:
- AWS / Azure shared responsibility
- Cloud IAM, logging, and monitoring
- Privacy & data protection:
- Data classification, retention, consent, third-party sharing
Regulatory & Framework Knowledge
- FCC / CPNI, FTC Safeguards, NYDFS 500, PCI DSS, state privacy laws
- NIST 800-53, SOC 2, ISO 27001, NIST Privacy Framework
Tools
ServiceNow GRC, Archer, CyberArk, SailPoint, Splunk/Sentinel, Qualys/Tenable, cloud consoles (read-only)
Certifications (Preferred)
CISA, CISM, CRISC, ISO 27001 LA
Bonus: CISSP, CCSP, CIPP/US, PCI ISA/QSA
