1

Contractual Security Controls Assessor Jobs (NOW HIRING)

Title: Sr. Cybersecurity Engineer Security Controls Assessor Representative Belong. Connect. Grow. with KBR! KBR's National Security Solutions team provides high-end engineering and advanced ...

next page

Showing results 1-20

Contractual Security Controls Assessor information

See salary details

$8

$58

$78

How much do contractual security controls assessor jobs pay per hour?

As of Jul 13, 2026, the average hourly pay for contractual security controls assessor in the United States is $58.77, according to ZipRecruiter salary data. Most workers in this role earn between $50.48 and $68.03 per hour, depending on experience, location, and employer.

How to become a security control assessor?

To become a security control assessor, typically one needs a bachelor's degree in cybersecurity, information technology, or a related field, along with experience in security assessment and risk management. Certifications such as Certified Authorization Professional (CAP) or Certified Information Systems Security Professional (CISSP) are often required or preferred. Gaining knowledge of security frameworks like NIST and developing strong analytical and communication skills are also important for this role.

Is SOC an entry level job?

A Security Controls Assessor role is typically not entry-level and usually requires prior experience in cybersecurity, risk management, or related fields. Entry-level positions in security often focus on supporting roles or internships, while more advanced roles like a Security Controls Assessor demand relevant certifications and technical knowledge. However, some organizations may offer junior or trainee positions for those new to the field.

What are some common challenges faced by Contractual Security Controls Assessors when evaluating third-party vendors?

Contractual Security Controls Assessors often encounter challenges such as varying levels of security maturity among vendors, incomplete or inconsistent documentation, and limited visibility into vendors' internal processes. Assessors need to balance thoroughness with efficiency, ensuring that they accurately evaluate controls without causing delays in procurement or project timelines. Building strong communication with vendors and staying updated on evolving compliance standards are critical for overcoming these challenges and ensuring robust risk management.

What are the key skills and qualifications needed to thrive as a Contractual Security Controls Assessor, and why are they important?

To thrive as a Contractual Security Controls Assessor, you need in-depth knowledge of information security frameworks, risk assessment methodologies, and regulatory compliance, usually supported by a degree in cybersecurity or a related field. Familiarity with tools such as NIST, ISO/IEC 27001, assessment platforms, and certifications like CISSP or CISA is typical. Exceptional analytical thinking, attention to detail, and strong communication skills make someone stand out in this position. These competencies are crucial for accurately evaluating security controls, ensuring compliance, and effectively communicating risks and recommendations to stakeholders.

What are Contractual Security Controls Assessors?

Contractual Security Controls Assessors are professionals who evaluate and verify whether an organization's security controls meet specific contractual, regulatory, or industry standards. They review policies, technical safeguards, and operational processes to ensure compliance with requirements outlined in contracts or security frameworks. Their work often involves conducting risk assessments, documentation reviews, and interviews to identify gaps and recommend improvements. These assessors play a crucial role in helping organizations manage risk and maintain trust with clients and partners.

Can you make $500,000 a year in cyber security?

Contractual Security Controls Assessors typically earn between $70,000 and $150,000 annually, depending on experience, certifications, and location. Reaching a $500,000 annual salary in cybersecurity generally requires senior roles such as security executives, consultants, or specialists with advanced skills and extensive experience, often supplemented by bonuses or consulting fees.

What does a security controls assessor do?

A security controls assessor evaluates an organization's security measures to ensure they meet established standards and compliance requirements. They review policies, perform testing, and document findings to identify vulnerabilities and recommend improvements, often using frameworks like NIST or ISO. This role requires knowledge of security controls, risk management, and assessment tools.

What is the difference between Contractual Security Controls Assessor vs Security Analyst?

AspectContractual Security Controls AssessorSecurity Analyst
CertificationsISO 27001 Lead Auditor, CISSP, CISACISSP, Security+
Work EnvironmentAudit-focused, compliance assessments, client sitesMonitoring, incident response, security operations
Employer & Industry UsageConsulting firms, government, regulated industriesIn-house security teams, corporations, government agencies

The Contractual Security Controls Assessor primarily conducts compliance audits and assessments of security controls based on contractual requirements, often working with clients or external organizations. In contrast, a Security Analyst focuses on monitoring security systems, analyzing threats, and responding to incidents within an organization. While both roles require security certifications, the assessor emphasizes compliance and evaluation, whereas the analyst concentrates on operational security and threat management.

More about Contractual Security Controls Assessor jobs
What cities are hiring for Contractual Security Controls Assessor jobs? Cities with the most Contractual Security Controls Assessor job openings:
What are the most commonly searched types of Security Controls Assessor jobs? The most popular types of Security Controls Assessor jobs are:
What states have the most Contractual Security Controls Assessor jobs? States with the most job openings for Contractual Security Controls Assessor jobs include:
What job categories do people searching Contractual Security Controls Assessor jobs look for? The top searched job categories for Contractual Security Controls Assessor jobs are:
Security Controls Assessor / OSCAL (Part Time, Remote)

Security Controls Assessor / OSCAL (Part Time, Remote)

TestPros

Sterling, VA • On-site, Remote

$50 - $85/hr

Part-time

Medical, Dental, Vision, Life, Retirement, PTO

Re-posted 4 days ago


Job description

TestPros delivers innovative independent IT assessment solutions to critical challenges facing the nation and the world. We support the U.S. Federal Government and Commercial clients within the continental USA. TestPros is dedicated to making lives better, safer and more secure.
Start: Future projects late 2026 or 2027 (not an immediate job opening)
Type: Part-time consulting
Overview
The ideal candidate will have strong hands-on experience conducting independent security control compliance assessments using guidelines from NIST (800-53, 800-171) and assessment automation via OSCAL (Open Security Controls Assessment Language). You must have security controls and OSCAL experience in both U.S. Government and Commercial environments. FedRAMP experience is a plus...
Required Qualifications
  • Proven OSCAL experience (at least two years).
  • 5+ years of hands-on security controls assessment and development of Security Assessment Plan (SAP), Security Assessment Report (SAR) and Plan of Actions and Milestones (POA&M).
  • Experience with RegScale, Paramify, or similar tools.
  • Experience with government, public sector, or municipal IT environments is highly preferred.
  • Ability to write clear, professional, and actionable technical reports.
  • Full U.S. Citizenship, and ability to pass an extensive background check.
Preferred Skills
  • Experience with NIST 800-53 based ATO assessment, NIST 800-171/CMMC assessment, and/or HIPAA assessment.
  • Ability to produce a set of interoperable, extensible, machine-readable formats that supports a broad range of control-based risk management processes (XML-, JSON-, and YAML-based formats that allow for lossless translations between XML, JSON, and YAML representations).
  • Familiarity with U.S. Government security policy requirements.
  • Experience coordinating with multi-agency or cross-organizational IT teams.
  • Expertise with common tools such as Kali Linux, Burp Suite, Nmap, Metasploit, Nessus/Tenable, and Wireshark.
Engagement Details
  • Estimated Start: Late 2026 or 2027
  • Estimated Duration: TBD
  • Work Location: Fully Remote
  • Clearances: Not required, but government experience is a plus

Rate: $50-85/hr (1099 or Corp. to Corp.) This range represents a good-faith estimate and is not a guarantee; final compensation is determined by factors such as experience, qualifications, and government contract labor rate requirements and may fall outside the stated range.
Equal Opportunity Employer
TestPros is an equal-opportunity employer and does not discriminate in employment based on race, color, religion, sex (including pregnancy and gender identity), national origin, political affiliation, sexual orientation, marital status, disability, genetic information, age, membership in an employee organization, retaliation, parental status, military service, or any other non-merit factor.
Offer Considerations
TestPros considers several factors when extending an offer, including but not limited to, Federal Government contract labor categories and contract wage rates, relevant prior work experience, specific skills and competencies, geographic location, education, and certifications.
Federal Compliance
As a federal contractor, TestPros is subject to all federal and state mandates and/or other customer requirements.
Benefits
TestPros offers a competitive salary, medical/dental/vision insurance, life insurance, paid time off, paid holidays, 401(k) retirement plan with company match, opportunities for professional growth, cell phone discounts, and much more! All benefits are per TestPros current policies and are subject to change without notice. Benefits are available to full-time employees.