Operational Effectiveness Tester (Security & Compliance)

Operational Effectiveness Tester The Operational Effectiveness Tester is responsible for independently validating that security, privacy, and technology controls operate effectively in real-world conditions, not just on paper or during audits. This role focuses on evidence-based testing, regulatory exposure, and risk across complex, hybrid environments. The tester evaluates controls end-to-end, identifies systemic weaknesses, and translates technical failures into clear regulatory and business risk for leadership. Key Responsibilities • Test design and operating effectiveness of controls across people, process, and technology • Perform end-to-end walkthroughs and re-performance of technical controls • Evaluate evidence quality, favoring system-generated proof over screenshots or attestations • Identify patterns of control failure and assess severity based on regulatory exposure • Test identity, access, and privileged controls, including joiner/mover/leaver processes • Validate security and privacy controls across on-prem, cloud, hybrid, and vendor environments • Assess privacy, data protection, and consent controls involving sensitive data • Support regulatory readiness by aligning testing to enforcement expectations, not theory Required Knowledge & Expertise • Industry-specific risk and sensitive data handling • Identity & Access Management, including PAM, service accounts, SoD, and emergency access • Cloud and hybrid control testing (AWS, Azure, shared responsibility models) • Privacy and data protection (PII, PCI, consent, retention, incident escalation) • Regulatory drivers and compliance obligations • Control frameworks such as NIST, ISO, SOC 2, COBIT, and internal standards Tools & Technology • GRC tools (e.g., ServiceNow, Archer) • CyberArk, SailPoint • Splunk, Sentinel • Vulnerability management tools (Qualys, Tenable) • Cloud platforms (read-only console access) • Audit and evidence management repositories Certifications (Preferred / Expected) Tier 1 (Senior Level Expected): • CISA, CISM, CRISC, or ISO 27001 Lead Auditor Tier 2 (Highly Valued): • CISSP, CCSP, CIPP/US, CIPM, PCI ISA/QSA Tier 3 (Role-Dependent): • CAP or formal NIST RMF training What You Didn’t Know About Us • Competitive salary • Health, Dental and Vision Benefits • Long-Term growth potential • 401k • With this position, you will get the opportunity to work with a game changing client and further advance your already valuable experience in the telecom industry! We are Connectors. We thrive on ‘quality over quantity’ and put in the work building strong relationships. We create connections, discover qualities, uncover skills, and place people with accuracy. We are your true partner! We are Collaborators. You’ll be working with a wholly owned subsidiary of Kelly and part of the Kelly Telecom division. It allows us to be as nimble and fiercely competitive as a startup while having the backing of a multibillion dollar publicly traded company which has been in business for 75 years. With direct access to hiring managers, services don’t stop at standard recruiting processes. We use our expertise to improve your application skills and provide ongoing career support. Kelly Telecom is an equal opportunity employer and will consider all applications without regard to race, genetic information, sex, age, color, religion, national origin, veteran status, disability, or any other characteristic protected by law. For more information click Equal Employment Opportunity is the law. #JobsAtKellyTelecom Apply tot his job