Job Description
Senior Security Control Manager
Department: Connectivity
Employment Type: Permanent
Location: Remote, UK
This role is responsible for leading Nasstar’s compliance with the Telecoms Security Act (TSA) and associated Ofcom regulatory requirements, ensuring the organisation can evidence a robust and defensible security posture.
As a key member of the Risk & Compliance function, this role operates at the intersection of regulation and technology, partnering closely with engineering, security, and operational teams to translate regulatory expectations into practical, real-world control effectiveness.
This is a high-impact role with visibility across senior stakeholders and direct relevance to the protection of critical national infrastructure.
Key Responsibilities
TSA Compliance & Regulatory Engagement ·
- Lead delivery of Telecoms Security Act compliance activities.
- Coordinate responses to Ofcom information requests and regulatory submissions.
- Interpret TSA Code of Practice measures and translate into business and technical actions.
Technical Assurance & Evidence Validation
- Partner closely with Core Engineering, Voice, OSS, Operations, Procurement and IT & Security teams to gather required information.
- Review and validate technical, architectural, and operational evidence.
- Provide effective, evidence-based challenge and ensure submissions are complete, accurate, and aligned to regulatory expectations.
Risk & Control Assessment
- Identify gaps in evidence, control weaknesses, and areas requiring remediation.
- Assess adequacy of compensating controls where full compliance is not achieved.
- Apply risk scoring in line with Nasstar’s risk management framework.
- Focus on risks impacting Security Critical Functions and supporting network oversight capabilities.
Framework Alignment & Governance
- Align TSA requirements with broader frameworks such as NCSC CAF, ISO 27001 and HSCN.
- Support governance reporting and risk committee discussions.
- Contribute to the development of internal assurance and control frameworks.
Third-Party Security & Contractual Oversight
- Review and advise on supplier contracts to ensure security obligations are appropriate and enforceable.
- Support Legal & Procurement with security requirements and risk considerations.
- Contribute to third-party risk and assurance activities.
Skills, Knowledge and Expertise
Experienced in one or more of the following areas:
- Telecoms or network service provider environments
- Cyber security, network security, or infrastructure security
- Risk, compliance, or regulatory assurance within technology functions
- Supporting or responding to regulatory frameworks (e.g. TSA, NCSC CAF, ISO 27001, NIS)
Experience operating in a second line (GRC) or assurance capacity, rather than hands-on engineering or operational delivery
Ability to engage with asset owners and technical SMEs to:
- Extract relevant control evidence
- Validate that controls are appropriately designed and operating
- Challenge where control coverage or assurance appears insufficient
At least one certification from the following:
(ISC)² / ISACA:
CISSP – Certified Information Systems Security Professional CISM
Certified Information Security Manager CRISC
Certified in Risk and Information Systems Control
Industry Network Security Certifications (desirable):
CCNP Security / CCSP / CCNA Security CompTIA Security+ / Network+
Equivalent vendor or industry-recognised certifications
Demonstrated ability to interpret technical concepts and align them to security or regulatory requirements. And assess control effectiveness and identify gaps or weaknesses.
Experience within a regulated telecoms environment, particularly under either Telecoms Security Act (TSA) or Ofcom regulatory engagement.
Benefits
At Nasstar, we know the importance of looking after our employees – after all, it’s the team that underpins our business!
In addition to a competitive salary, supportive teams, and a real opportunity to progress in your career with a forward-thinking organisation, our benefits package includes:
- 25 days’ holiday (excluding bank holidays) + Your Birthday Off
- Flexible working – it’s important to maintain a work/life balance, as such, we will consider any written request for flexible working
- Virtual working – we practice what we preach and empower our people to work remotely
- Top tech – Leading services and solutions aren’t just for our clients; we supply best-of-breed software and hardware for all our staff too
- 4x annual salary life assurance
- Health cash plan
- Retail discounts and other perks from major brands