1

Contractual Security Controls Assessor Jobs (NOW HIRING)

The Security Controls Assessor will lead hands-on technical security control assessments and provide FISMA and FedRAMP subject matter expertise for our government client's information systems. The ...

next page

Showing results 1-20

Contractual Security Controls Assessor information

See salary details

$8

$58

$78

How much do contractual security controls assessor jobs pay per hour?

As of Jul 13, 2026, the average hourly pay for contractual security controls assessor in the United States is $58.77, according to ZipRecruiter salary data. Most workers in this role earn between $50.48 and $68.03 per hour, depending on experience, location, and employer.

How to become a security control assessor?

To become a security control assessor, typically one needs a bachelor's degree in cybersecurity, information technology, or a related field, along with experience in security assessment and risk management. Certifications such as Certified Authorization Professional (CAP) or Certified Information Systems Security Professional (CISSP) are often required or preferred. Gaining knowledge of security frameworks like NIST and developing strong analytical and communication skills are also important for this role.

Is SOC an entry level job?

A Security Controls Assessor role is typically not entry-level and usually requires prior experience in cybersecurity, risk management, or related fields. Entry-level positions in security often focus on supporting roles or internships, while more advanced roles like a Security Controls Assessor demand relevant certifications and technical knowledge. However, some organizations may offer junior or trainee positions for those new to the field.

What are some common challenges faced by Contractual Security Controls Assessors when evaluating third-party vendors?

Contractual Security Controls Assessors often encounter challenges such as varying levels of security maturity among vendors, incomplete or inconsistent documentation, and limited visibility into vendors' internal processes. Assessors need to balance thoroughness with efficiency, ensuring that they accurately evaluate controls without causing delays in procurement or project timelines. Building strong communication with vendors and staying updated on evolving compliance standards are critical for overcoming these challenges and ensuring robust risk management.

What are the key skills and qualifications needed to thrive as a Contractual Security Controls Assessor, and why are they important?

To thrive as a Contractual Security Controls Assessor, you need in-depth knowledge of information security frameworks, risk assessment methodologies, and regulatory compliance, usually supported by a degree in cybersecurity or a related field. Familiarity with tools such as NIST, ISO/IEC 27001, assessment platforms, and certifications like CISSP or CISA is typical. Exceptional analytical thinking, attention to detail, and strong communication skills make someone stand out in this position. These competencies are crucial for accurately evaluating security controls, ensuring compliance, and effectively communicating risks and recommendations to stakeholders.

What are Contractual Security Controls Assessors?

Contractual Security Controls Assessors are professionals who evaluate and verify whether an organization's security controls meet specific contractual, regulatory, or industry standards. They review policies, technical safeguards, and operational processes to ensure compliance with requirements outlined in contracts or security frameworks. Their work often involves conducting risk assessments, documentation reviews, and interviews to identify gaps and recommend improvements. These assessors play a crucial role in helping organizations manage risk and maintain trust with clients and partners.

Can you make $500,000 a year in cyber security?

Contractual Security Controls Assessors typically earn between $70,000 and $150,000 annually, depending on experience, certifications, and location. Reaching a $500,000 annual salary in cybersecurity generally requires senior roles such as security executives, consultants, or specialists with advanced skills and extensive experience, often supplemented by bonuses or consulting fees.

What does a security controls assessor do?

A security controls assessor evaluates an organization's security measures to ensure they meet established standards and compliance requirements. They review policies, perform testing, and document findings to identify vulnerabilities and recommend improvements, often using frameworks like NIST or ISO. This role requires knowledge of security controls, risk management, and assessment tools.

What is the difference between Contractual Security Controls Assessor vs Security Analyst?

AspectContractual Security Controls AssessorSecurity Analyst
CertificationsISO 27001 Lead Auditor, CISSP, CISACISSP, Security+
Work EnvironmentAudit-focused, compliance assessments, client sitesMonitoring, incident response, security operations
Employer & Industry UsageConsulting firms, government, regulated industriesIn-house security teams, corporations, government agencies

The Contractual Security Controls Assessor primarily conducts compliance audits and assessments of security controls based on contractual requirements, often working with clients or external organizations. In contrast, a Security Analyst focuses on monitoring security systems, analyzing threats, and responding to incidents within an organization. While both roles require security certifications, the assessor emphasizes compliance and evaluation, whereas the analyst concentrates on operational security and threat management.

More about Contractual Security Controls Assessor jobs
What cities are hiring for Contractual Security Controls Assessor jobs? Cities with the most Contractual Security Controls Assessor job openings:
What are the most commonly searched types of Security Controls Assessor jobs? The most popular types of Security Controls Assessor jobs are:
What states have the most Contractual Security Controls Assessor jobs? States with the most job openings for Contractual Security Controls Assessor jobs include:
What job categories do people searching Contractual Security Controls Assessor jobs look for? The top searched job categories for Contractual Security Controls Assessor jobs are:
Security Controls Assessor

Full-time

Medical, Dental, Vision, Life

Re-posted 13 days ago


Job description

Position Description

Valiant Solutions is seeking a Security Controls Assessor to join our rapidly growing and innovative cybersecurity team!

The Security Controls Assessor will lead hands-on technical security control assessments and provide FISMA and FedRAMP subject matter expertise for our government client's information systems. The role guides assessment teams through Security Assessment and Authorization (SA&A), Annual Security Controls Assessment (ASCA), and Event-Driven assessments against NIST SP 800-53, producing audit-defensible packages and mentoring junior analysts.

Named one of the Best Places to Work in the Washington DC area for 12 consecutive years, Valiant is proud of our employee-centric culture and commitment to excellence. If you are interested in learning more about Valiant and this opportunity, we invite you to apply now!

Location: The Security Controls Assessor can expect 100% telework. Remote work requires a high level of trust in our employees, and we strictly adhere to the details outlined in our Remote Work Policy below. 

Eligibility Requirements: U.S. Citizenship is required due to federal contract obligations, along with the ability to successfully pass a federal background investigation.

Required Experience:

  • Two (2) or more years of progressively responsible experience in information security, security control assessment, or cyber risk management.
  • Bachelor's degree in Computer Science, Information Systems, Cybersecurity, Engineering, or a related field, or an additional three (3) to five (5) years of relevant experience in lieu of a degree.
  • Demonstrated hands-on experience assessing NIST SP 800-53 controls and producing A&A artifacts (System Security Plan, Security Assessment Plan, Security Assessment Report, Security Controls Traceability Matrix, and Plan of Action and Milestones).
  • Knowledge of FISMA, the NIST Risk Management Framework (NIST SP 800-37), FedRAMP, ISCM, and CDM.
  • Demonstrated experience with technology risk assessments, security engineering, and security architecture principles.
  • Experience with cloud systems, cloud service providers, and FedRAMP requirements.
  • Experience with GRC platforms (e.g., Qmulos Q-Compliance, ServiceNow GRC), SharePoint, scanning tools, and SIEM (e.g., Splunk).
  • Familiarity with FIPS 199 security categorization and privacy control assessment.
  • Strong written and verbal communication and stakeholder engagement skills.

Preferred Certifications

  • CISSP, CISM, CISA, or CAP certification preferred.

Responsibilities

  • Lead hands-on technical NIST SP 800-53 security control assessments, including applicable overlays (e.g., high-value assets, artificial intelligence, critical software, and FedRAMP).
  • Serve as a FISMA and FedRAMP technical subject matter expert across SA&A, ASCA, and Event-Driven Security Controls Assessment efforts.
  • Guide the Discovery, Assessment, Risk Validation, and Finalization stages, including Security Assessment Plan development, evidence collection, control assessment meetings, and Security Assessment Report finalization.
  • Coordinate and conduct stakeholder meetings and findings reviews, and brief stakeholders on draft Security Assessment Report findings and risk decisions.
  • Maintain and update assessment package templates (Security Assessment Plan, System Security Plan, Security Controls Traceability Matrix, Security Assessment Report, and Action Item List) for consistency and compliance.
  • Assess the impact of new laws, regulations, policies, and guidance on the client's assessment requirements and recommend process changes.
  • Provide day-to-day technical direction and mentorship to other security analysts.
  • Incorporate threat modeling and threat hunting into the assessment process to proactively identify and mitigate risks.
  • Recommend automation approaches, including robotic process automation, workflow orchestration, and data transformation, to improve assessment efficiency and accuracy.
  • Support FedRAMP package reviews for cloud efforts and responses to data calls and audits from the agency inspector general, GAO, and OMB.
  • Provide knowledge transfer and upskilling to federal staff so they can perform assessments and serve as backup to contractor assessors.

About Valiant Solutions

Valiant Solutions is a security-focused IT solutions provider with public clients nationwide. Named one of the fastest growing privately held companies by Inc. 5000, Washington Technology's Fast 50, and Washington Business Journal's Best Places to Work in the D.C. area, Valiant Solutions prides itself on providing its employees with great benefits and career development opportunities. As a company, we are just as committed to growing careers as we are to building world-class IT solutions, all while enjoying an unparalleled work-life balance. We are in a phase of tremendous growth and building the team that will take us to the next level. We seek people whose talents and accomplishments will contribute to a thriving company, who have the character to support their capacity, and can make a positive impact on our culture. Alongside our talented team, you'll learn to think quickly on your feet and expand your own personal and professional skill set. Our management team will inspire you to consider new perspectives and challenge you to become a better practitioner in the fast-paced industry of IT security. We hire people we respect - and we trust them to deliver results leveraging their expertise. If you would enjoy working in a dynamic environment as part of a stellar team of professionals, then we invite you to apply online today.

Benefits Snapshot (includes, but not limited to)Valiant pays 99% of the Medical, Dental, and Vision Coverage for Full-time EmployeesValiant contributes 25% towards Health Coverage for Family and Dependents100% Paid Short Term Disability and Life Insurance Policy for Full-time Employees100% Paid Certifications401K Matching up to 4%Paid Time OffPaid Federal HolidaysWellness & Fitness ProgramValiant University - Online Education and Training PortalFSA programs for: Medical Costs, Dependent Care, Transit, and ParkingReferral Bonuses

The salary range for this position is a general guideline and not a guarantee of compensation or salary. It has been benchmarked in relation to the scope of the role, market rate, and internal equity. Where a candidate falls within the band can be determined based on one or more of the following: skillset, experience level, achievements, education, geographic location, security clearance, involvement in corporate tasks, and other non-discriminatory factors. In addition to the base salary, this role will include benefits as described above.  Valiant reserves the right to adjust the salary range, experience requirements, and position responsibilities at any time without prior notice.

Remote Work Policy 

Remote work necessitates a high level of trust in our employees. To ensure that employee performance does not suffer in a remote work environment, all employees who telecommute are expected to have a quiet and distraction-free workspace with adequate internet, dedicate their full attention and availability to their job duties during working hours, and maintain a schedule during core business hours that align with those of their coworkers and Valiant's clients. In alignment with Valiant's inclusive and engaging environment, cameras are encouraged and can be required to be on during virtual video conferences. Additionally, in alignment with the Office of the Inspector General's effort to eliminate conflicting employment, all Valiant employees are required to disclose any current or future outside employment engagements. During onboarding and throughout employment, employees must disclose any current activities or intent to engage in outside employment or other professional activities and obtain written approval.  Employees may not solicit or conduct any outside business during core business hours for Valiant Solutions and our clients.

Equal Employment Opportunity

Valiant Solutions is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability, genetic information, marital status, or veteran status, in accordance with applicable law.

Physical Demands

Sitting or standing at a desk for prolonged periods of time and consistent operation of a computer. Frequent communication and exchanging of accurate information via electronic communication, phones, and in person. Occasionally lift and/or move moderate amounts of weight, typically less than 20 pounds. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of the job.

Authorization to Share Resume and Personal Information

By submitting your resume for this position, you authorize Valiant Solutions to share your resume, as well as, personal information included on the resume, with its subsidiaries, affiliates and teaming partners for the purpose of considering you for this position and other available positions requiring comparable skills, education and experience. Should Valiant Solutions or its affiliates and teaming partners wish to initiate pre-employment discussions, you will be asked to complete an employment application and related employment documents.

#LI-LH1

Employment Type: FULL_TIME