Nasstar
Senior Security Control Manager

How your CV stacks up
Upload your CV to see how well it fits this job role
?%
Role Overview
This role is responsible for leading Nasstar’s compliance with the Telecoms Security Act (TSA) and associated Ofcom regulatory requirements, ensuring the organisation can evidence a robust and defensible security posture.
As a key member of the Risk & Compliance function, this role operates at the intersection of regulation and technology, partnering closely with engineering, security, and operational teams to translate regulatory expectations into practical, real-world control effectiveness.
This is a high-impact role with visibility across senior stakeholders and direct relevance to the protection of critical national infrastructure.
Key Responsibilities
-
TSA Compliance & Regulatory Engagement
- Lead delivery of Telecoms Security Act compliance activities.
- Coordinate responses to Ofcom information requests and regulatory submissions.
- Interpret TSA Code of Practice measures and translate into business and technical actions.
-
Technical Assurance & Evidence Validation
- Partner closely with Core Engineering, Voice, OSS, Operations, Procurement and IT & Security teams to gather required information.
- Review and validate technical, architectural, and operational evidence.
- Provide effective, evidence-based challenge and ensure submissions are complete, accurate, and aligned to regulatory expectations.
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
-
Risk & Control Assessment
- Identify gaps in evidence, control weaknesses, and areas requiring remediation.
- Assess adequacy of compensating controls where full compliance is not achieved.
- Apply risk scoring in line with Nasstar’s risk management framework.
- Focus on risks impacting Security Critical Functions and supporting network oversight capabilities.
-
Framework Alignment & Governance
- Align TSA requirements with broader frameworks such as NCSC CAF, ISO 27001 and HSCN.
- Support governance reporting and risk committee discussions.
- Contribute to the development of internal assurance and control frameworks.
-
Third-Party Security & Contractual Oversight
- Review and advise on supplier contracts to ensure security obligations are appropriate and enforceable.
- Support Legal & Procurement with security requirements and risk considerations.
- Contribute to third-party risk and assurance activities.
Skills, Knowledge and Expertise
- Experienced in one or more of the following areas:
- Telecoms or network service provider environments
- Cyber security, network security, or infrastructure security
- Risk, compliance, or regulatory assurance within technology functions
- Supporting or responding to regulatory frameworks (e.g. TSA, NCSC CAF, ISO 27001, NIS)


Get help with your application
Your very own career expert that helps elevate your application to the next level.
-
Experience operating in a second line (GRC) or assurance capacity, rather than hands-on engineering or operational delivery
-
Ability to engage with asset owners and technical SMEs to:
- Extract relevant control evidence
- Validate that controls are appropriately designed and operating
- Challenge where control coverage or assurance appears insufficient
-
At least one certification from the following: (ISC)² / ISACA:
- CISSP – Certified Information Systems Security Professional
- CISM – Certified Information Security Manager
- CRISC – Certified in Risk and Information Systems Control
-
Industry Network Security Certifications (desirable):
- CCNP Security / CCSP / CCNA Security
- CompTIA Security+ / Network+
- Equivalent vendor or industry-recognised certifications
-
Demonstrated ability to interpret technical concepts and align them to security or regulatory requirements.
-
Assess control effectiveness and identify gaps or weaknesses.
-
Experience within a regulated telecoms environment, particularly under either Telecoms Security Act (TSA) or Ofcom regulatory engagement.
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills
Location