Colibri Digital

Senior Security Control Manager

Colibri Digital  •  Remote  •  2 hours ago
Apply
AI can make mistakes so check important info. Chat history is never stored.

Job Description

Senior Security Control Manager

Department: Connectivity

Employment Type: Permanent

Location: Remote, UK

This role is responsible for leading Nasstar’s compliance with the Telecoms Security Act (TSA) and associated Ofcom regulatory requirements, ensuring the organisation can evidence a robust and defensible security posture.

As a key member of the Risk & Compliance function, this role operates at the intersection of regulation and technology, partnering closely with engineering, security, and operational teams to translate regulatory expectations into practical, real-world control effectiveness.

This is a high-impact role with visibility across senior stakeholders and direct relevance to the protection of critical national infrastructure.

Key Responsibilities

TSA Compliance & Regulatory Engagement ·
  • Lead delivery of Telecoms Security Act compliance activities.
  • Coordinate responses to Ofcom information requests and regulatory submissions.
  • Interpret TSA Code of Practice measures and translate into business and technical actions.
Technical Assurance & Evidence Validation
  • Partner closely with Core Engineering, Voice, OSS, Operations, Procurement and IT & Security teams to gather required information.
  • Review and validate technical, architectural, and operational evidence.
  • Provide effective, evidence-based challenge and ensure submissions are complete, accurate, and aligned to regulatory expectations.
Risk & Control Assessment
  • Identify gaps in evidence, control weaknesses, and areas requiring remediation.
  • Assess adequacy of compensating controls where full compliance is not achieved.
  • Apply risk scoring in line with Nasstar’s risk management framework.
  • Focus on risks impacting Security Critical Functions and supporting network oversight capabilities.
Framework Alignment & Governance
  • Align TSA requirements with broader frameworks such as NCSC CAF, ISO 27001 and HSCN.
  • Support governance reporting and risk committee discussions.
  • Contribute to the development of internal assurance and control frameworks.
Third-Party Security & Contractual Oversight
  • Review and advise on supplier contracts to ensure security obligations are appropriate and enforceable.
  • Support Legal & Procurement with security requirements and risk considerations.
  • Contribute to third-party risk and assurance activities.

Skills, Knowledge and Expertise

Experienced in one or more of the following areas:
  • Telecoms or network service provider environments
  • Cyber security, network security, or infrastructure security
  • Risk, compliance, or regulatory assurance within technology functions
  • Supporting or responding to regulatory frameworks (e.g. TSA, NCSC CAF, ISO 27001, NIS)
Experience operating in a second line (GRC) or assurance capacity, rather than hands-on engineering or operational delivery

Ability to engage with asset owners and technical SMEs to:
  • Extract relevant control evidence
  • Validate that controls are appropriately designed and operating
  • Challenge where control coverage or assurance appears insufficient
At least one certification from the following:
(ISC)² / ISACA:
CISSP – Certified Information Systems Security Professional CISM
Certified Information Security Manager CRISC
Certified in Risk and Information Systems Control

Industry Network Security Certifications (desirable):
CCNP Security / CCSP / CCNA Security CompTIA Security+ / Network+
Equivalent vendor or industry-recognised certifications

Demonstrated ability to interpret technical concepts and align them to security or regulatory requirements. And assess control effectiveness and identify gaps or weaknesses.

Experience within a regulated telecoms environment, particularly under either Telecoms Security Act (TSA) or Ofcom regulatory engagement.

Benefits

At Nasstar, we know the importance of looking after our employees – after all, it’s the team that underpins our business!

In addition to a competitive salary, supportive teams, and a real opportunity to progress in your career with a forward-thinking organisation, our benefits package includes:
  • 25 days’ holiday (excluding bank holidays) + Your Birthday Off
  • Flexible working – it’s important to maintain a work/life balance, as such, we will consider any written request for flexible working
  • Virtual working – we practice what we preach and empower our people to work remotely
  • Top tech – Leading services and solutions aren’t just for our clients; we supply best-of-breed software and hardware for all our staff too
  • 4x annual salary life assurance
  • Health cash plan
  • Retail discounts and other perks from major brands
Colibri Digital

About Colibri Digital

Colibri Digital is at the frontier of AI, Big Data and Cloud Computing. Founded by James Cross in 2013, and part of the Nasstar Group since 2023, the company works to help its clients navigate the rapidly changing and complex world of emerging technologies, transforming their clients challenges of today, into tomorrow’s opportunities. Working with some of the world’s largest and most prestigious companies, including a tier 1 investment bank, a leading management consultancy group, and one of the world’s most popular soft drinks companies, Colibri helps them better make sense of their data providing the foundation for groundbreaking change.

Industry
IT & Software
Company Size
51-200 employees
Headquarters
Welwyn, GB
Year Founded
2013
Social Media