1

Contractual Security Controls Assessor Jobs (NOW HIRING)

Security Controls Assessor

Bluemont, VA · On-site

$110K - $125K/yr

... security controls. The candidate will lead cybersecurity compliance assessments, identify control gaps and vulnerabilities, and recommend risk-mitigation strategies to support enterprise system ...

U.S. Citizenship Senior Security Controls Assessor (SCA): The primary role of personnel in this position will be assessing the overall security compliance of the client's information systems. This ...

Security Controls Assessor

Bluemont, VA · On-site

$110K - $125K/yr

... security controls. The candidate will lead cybersecurity compliance assessments, identify control gaps and vulnerabilities, and recommend risk-mitigation strategies to support enterprise system ...

Avint is seeking a highly motivated Senior Security Controls Assessor (SCA) in support of a critical federal contract. The Senior SCA is a subject matter expert responsible for executing ...

Avint is seeking a highly motivated Journeyman Security Controls Assessor (SCA) in support of a critical federal contract. The Journeyman SCA is a mid-level professional responsible for executing ...

next page

Showing results 1-20

Contractual Security Controls Assessor information

See salary details

$8

$58

$78

How much do contractual security controls assessor jobs pay per hour?

As of Jul 13, 2026, the average hourly pay for contractual security controls assessor in the United States is $58.77, according to ZipRecruiter salary data. Most workers in this role earn between $50.48 and $68.03 per hour, depending on experience, location, and employer.

How to become a security control assessor?

To become a security control assessor, typically one needs a bachelor's degree in cybersecurity, information technology, or a related field, along with experience in security assessment and risk management. Certifications such as Certified Authorization Professional (CAP) or Certified Information Systems Security Professional (CISSP) are often required or preferred. Gaining knowledge of security frameworks like NIST and developing strong analytical and communication skills are also important for this role.

Is SOC an entry level job?

A Security Controls Assessor role is typically not entry-level and usually requires prior experience in cybersecurity, risk management, or related fields. Entry-level positions in security often focus on supporting roles or internships, while more advanced roles like a Security Controls Assessor demand relevant certifications and technical knowledge. However, some organizations may offer junior or trainee positions for those new to the field.

What are some common challenges faced by Contractual Security Controls Assessors when evaluating third-party vendors?

Contractual Security Controls Assessors often encounter challenges such as varying levels of security maturity among vendors, incomplete or inconsistent documentation, and limited visibility into vendors' internal processes. Assessors need to balance thoroughness with efficiency, ensuring that they accurately evaluate controls without causing delays in procurement or project timelines. Building strong communication with vendors and staying updated on evolving compliance standards are critical for overcoming these challenges and ensuring robust risk management.

What are the key skills and qualifications needed to thrive as a Contractual Security Controls Assessor, and why are they important?

To thrive as a Contractual Security Controls Assessor, you need in-depth knowledge of information security frameworks, risk assessment methodologies, and regulatory compliance, usually supported by a degree in cybersecurity or a related field. Familiarity with tools such as NIST, ISO/IEC 27001, assessment platforms, and certifications like CISSP or CISA is typical. Exceptional analytical thinking, attention to detail, and strong communication skills make someone stand out in this position. These competencies are crucial for accurately evaluating security controls, ensuring compliance, and effectively communicating risks and recommendations to stakeholders.

What are Contractual Security Controls Assessors?

Contractual Security Controls Assessors are professionals who evaluate and verify whether an organization's security controls meet specific contractual, regulatory, or industry standards. They review policies, technical safeguards, and operational processes to ensure compliance with requirements outlined in contracts or security frameworks. Their work often involves conducting risk assessments, documentation reviews, and interviews to identify gaps and recommend improvements. These assessors play a crucial role in helping organizations manage risk and maintain trust with clients and partners.

Can you make $500,000 a year in cyber security?

Contractual Security Controls Assessors typically earn between $70,000 and $150,000 annually, depending on experience, certifications, and location. Reaching a $500,000 annual salary in cybersecurity generally requires senior roles such as security executives, consultants, or specialists with advanced skills and extensive experience, often supplemented by bonuses or consulting fees.

What does a security controls assessor do?

A security controls assessor evaluates an organization's security measures to ensure they meet established standards and compliance requirements. They review policies, perform testing, and document findings to identify vulnerabilities and recommend improvements, often using frameworks like NIST or ISO. This role requires knowledge of security controls, risk management, and assessment tools.

What is the difference between Contractual Security Controls Assessor vs Security Analyst?

AspectContractual Security Controls AssessorSecurity Analyst
CertificationsISO 27001 Lead Auditor, CISSP, CISACISSP, Security+
Work EnvironmentAudit-focused, compliance assessments, client sitesMonitoring, incident response, security operations
Employer & Industry UsageConsulting firms, government, regulated industriesIn-house security teams, corporations, government agencies

The Contractual Security Controls Assessor primarily conducts compliance audits and assessments of security controls based on contractual requirements, often working with clients or external organizations. In contrast, a Security Analyst focuses on monitoring security systems, analyzing threats, and responding to incidents within an organization. While both roles require security certifications, the assessor emphasizes compliance and evaluation, whereas the analyst concentrates on operational security and threat management.

More about Contractual Security Controls Assessor jobs
What cities are hiring for Contractual Security Controls Assessor jobs? Cities with the most Contractual Security Controls Assessor job openings:
What are the most commonly searched types of Security Controls Assessor jobs? The most popular types of Security Controls Assessor jobs are:
What states have the most Contractual Security Controls Assessor jobs? States with the most job openings for Contractual Security Controls Assessor jobs include:
What job categories do people searching Contractual Security Controls Assessor jobs look for? The top searched job categories for Contractual Security Controls Assessor jobs are:
Security Controls Assessor

Security Controls Assessor

BOOZ, ALLEN & HAMILTON, INC.

Encinitas, CA • On-site

$99K - $225K/yr

Full-time

Medical, Life, Retirement, PTO

Posted 3 days ago

New


Booz Allen Hamilton rating

8.8

Company rating: 8.8 out of 10

Based on 47 frontline employees who took The Breakroom Quiz

9th of 58 rated business consultants


Job description

Security Controls Assessor
The Opportunity:
Assists in designing, implementing, and managing policies and procedures to ensure database and software security. Applies leading-edge principles, theories, and concepts, contributes to the development of new principles and concepts. Works on unusually complex problems and provides highly innovative solutions. Operates with substantial latitude for unreviewed action or decision, mentors or supervises employees in both company and technical competencies.
You Have:
  • 14+ years of experience in cybersecurity or information security fields
  • Knowledge of NIST Special Publication 800-53, the associated security controls, and DoD-Specific implementations of the related Risk Management Framework process for system authorizations
  • Knowledge of the DoW, it's components and the varied authorities and responsibilities of each component-type
  • Ability to assess the relevant controls within operational systems, including Operational technology and information technology systems
  • Ability to review of broad scope technical implementations for a wide array of disparate or disconnected systems, including capabilities such as cross domain solutions, layered defensive techniques, on premises, cloud or hybrid solutions, virtualization, Artificial Intelligence/Machine Learning (AI/ML), or robotic processing
  • Ability to maintain a professional bearing in high pressure situations
  • Ability to clearly and concisely communicate factual information regarding information systems, relevant implementation of security controls and their overall impact on system security
  • TS/SCI clearance
  • Bachelor's degree

Nice If You Have:
  • Experience conducting security controls assessment of operational DoW systems
  • Knowledge of the Joint Special Access Program Implementation Guide
  • Ability to work independently, while still maintaining a constant flow of communication to other team members and government clients
  • Master's degree in IT, Cybersecurity, Engineering or Information Security fields
  • CISSP, CASP, or other expert-level Cybersecurity Certifications

Clearance:
Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; TS/SCI clearance is required.
Compensation
At Booz Allen, we celebrate your contributions, provide you with opportunities and choices, and support your total well-being. Our offerings include health, life, disability, financial, and retirement benefits, as well as paid leave, professional development, tuition assistance, work-life programs, and dependent care. Our recognition awards program acknowledges employees for exceptional performance and superior demonstration of our values. Full-time and part-time employees working at least 20 hours a week on a regular basis are eligible to participate in Booz Allen's benefit programs. Individuals that do not meet the threshold are only eligible for select offerings, not inclusive of health benefits. We encourage you to learn more about our total benefits by visiting the Resource page on our Careers site and reviewing Our Employee Benefits page.
Salary at Booz Allen is determined by various factors, including but not limited to location, the individual's particular combination of education, knowledge, skills, competencies, and experience, as well as contract-specific affordability and organizational requirements. The projected compensation range for this position is $99,000.00 to $225,000.00 (annualized USD). The estimate displayed represents the typical salary range for this position and is just one component of Booz Allen's total compensation package for employees. This posting will close within 90 days from the Posting Date.
Identity Statement
As part of the hiring process, we will ask you to complete an identity verification process that leverages advanced biometrics and artificial intelligence to ensure authenticity and protect against identity fraud. You are expected to be on camera during interviews and assessments. We reserve the right to take your picture to verify your identity and prevent fraud.
Candidate AI Usage Policy
AI is a part of our daily work at Booz Allen, and we are committed to the responsible and ethical use of AI tools. However, we want to ensure a fair candidate process based on your own skills and knowledge. As part of this commitment, the use of artificial intelligence (AI) or other tools to assist with responses during interviews (whether in-person or virtual) is prohibited unless permission is explicitly provided.
Work Model
Our people-first culture prioritizes the benefits of collaboration, whether it occurs in person or virtually. To support engagement and effective communication, employees working virtually are generally expected to have their cameras on during meetings.
  • Remote: If this position is listed as remote, there may still be occasions when you are required to work in person at a Booz Allen or customer facility.
  • Hybrid: If this position is listed as hybrid, you will be expected to work from a Booz Allen facility frequently, in alignment with leadership expectations and the needs of the role. You may also be required to work from or visit a customer facility.
  • Onsite: If this position is listed as onsite, work will primarily be performed at a Booz Allen office or customer facility, where employees will collaborate directly with colleagues and customers as required by the role.

Commitment to Non-Discrimination
All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, local, or international law.

What Booz Allen Hamilton employees say

Pay

Benefits

Hours and flexibility

Workplace

Get the full story on Breakroom


Booz Allen Hamilton logo

About Booz Allen Hamilton

Sourced by ZipRecruiter

Booz Allen Hamilton is a leading provider of management and technology consulting services to the US government in defense, intelligence, and civil markets. Headquartered in McLean, Virginia, the firm also serves major corporations, institutions, and not-for-profit organizations. Founded in 1914 by Edwin G. Booz, the company has a long-standing tradition of helping clients achieve success by delivering a wide range of consulting services that include strategic planning, human capital and learning, communication, systems development, and others. The company's mission is to empower people to change the world, and it has a reputation for maintaining the highest standards of integrity and-excellence.

Industry

It services

Company size

10,000+ Employees

Headquarters location

McLean, VA, US

Year founded

1914