ZipRecruiter

Log In

1

Lead Security Control Assessor Jobs (NOW HIRING)

IMAGINEEER LLC

SME Security Control Assessor

Arlington, VA · On-site +1

$45 - $50/hr

Lead security control interviews * Prepare assessment deliverables * Applying NIST security controls and frameworks * Support continuous monitoring activities * Assist with security documentation ...

Centurion Consulting Group

We are seeking a highly skilled Security Control Assessor (SCA) to support independent cybersecurity assessments of systems in accordance with the Risk Management Framework (RMF). This role is ...

Electrosoft

Security Control Assessor

Washington, DC · Hybrid

Security Control Assessor III Responsibilities: * Leads comprehensive security assessments for complex or high-impact systems. * Oversees control testing strategies, validates remediation ...

FEDITC

Security Control Assessor

Colorado Springs, CO · On-site

They are seeking a Security Control Assessor to support the development and management of a Risk Management Framework Cybersecurity Program, providing cybersecurity services and conducting technical ...

Electrosoft

Security Control Assessor

Washington, DC · On-site

$155K - $165K/yr

Security Control Assessor III Responsibilities: * Leads comprehensive security assessments for complex or high-impact systems. * Oversees control testing strategies, validates remediation ...

next page

Showing results 1-20

People also search for

All JobsLead Security Control Assessor Jobs

Lead Security Control Assessor information

See salary details

$8

$58

$78

How much do lead security control assessor jobs pay per hour?

As of May 31, 2026, the average hourly pay for lead security control assessor in the United States is $58.77, according to ZipRecruiter salary data. Most workers in this role earn between $50.48 and $68.03 per hour, depending on experience, location, and employer.

What are the key skills and qualifications needed to thrive as a Lead Security Control Assessor, and why are they important?

To thrive as a Lead Security Control Assessor, you need expertise in information security frameworks, risk management, and compliance, typically supported by a bachelor’s degree in cybersecurity or a related field and certifications like CISSP or CISA. Familiarity with assessment tools such as NIST RMF, eMASS, and vulnerability scanning platforms is essential. Strong analytical thinking, attention to detail, and clear communication skills set top assessors apart when evaluating and reporting on security controls. These competencies are crucial for ensuring organizations maintain robust security postures and comply with regulatory requirements.

How does a Lead Security Control Assessor typically collaborate with other cybersecurity and compliance teams during an assessment?

A Lead Security Control Assessor frequently works alongside system owners, IT security staff, and compliance officers to evaluate and validate the effectiveness of security controls. Collaboration often involves conducting interviews, reviewing documentation, and coordinating testing activities to ensure all stakeholders are aligned with security requirements. Strong communication and teamwork are essential, as assessors must clearly explain findings, provide actionable recommendations, and support remediation efforts throughout the assessment lifecycle.

What is a Lead Security Control Assessor?

A Lead Security Control Assessor is a cybersecurity professional responsible for evaluating and validating the effectiveness of security controls within an organization’s information systems. They lead assessment teams, conduct security control assessments, and ensure compliance with relevant frameworks such as NIST RMF (Risk Management Framework). Their work is crucial for identifying vulnerabilities, recommending mitigations, and ensuring that an organization meets federal or industry security requirements. Lead Security Control Assessors also prepare assessment reports and advise stakeholders on improving security posture.

What is the difference between Lead Security Control Assessor vs Security Control Assessor?

AspectLead Security Control AssessorSecurity Control Assessor
CertificationsCISA, CISSP, or similarCISA, CISSP, or similar
Work EnvironmentLeads assessment teams, manages projectsPerforms assessments under supervision
Employer & IndustryGovernment agencies, contractorsGovernment agencies, contractors
Search & Comparison IntentUnderstanding leadership roles in assessmentsUnderstanding assessment responsibilities

The main difference is that the Lead Security Control Assessor manages and oversees assessment teams, while the Security Control Assessor performs the assessments. The lead role involves leadership, planning, and coordination, whereas the assessor focuses on executing security evaluations based on established standards.

More about Lead Security Control Assessor jobs
What job categories do people searching Lead Security Control Assessor jobs look for? The top searched job categories for Lead Security Control Assessor jobs are:
Lead Security Control Assessor jobs near you
Infographic showing various Lead Security Control Assessor job openings in the United States as of May 2026, with employment types broken down into 80% Full Time, and 20% Contract. Highlights an 80% In-person, and 20% Remote job distribution, with an average salary of $122,236 per year, or $58.8 per hour.

SME Security Control Assessor

IMAGINEEER LLC

Arlington, VA • On-site, Remote

$45 - $50/hr

Full-time

Posted 21 days ago

Job description

Benefits:
  • Competitive salary

About this Role:
We are looking for a SME Security Control Assessor that supports security control assessment activities for HHS-ACF information systems by applying NIST security controls and frameworks to evaluate control implementation and effectiveness. This role is responsible for gathering, organizing, and documenting assessment evidence; conducting security testing and evaluations; and assisting with vulnerability scanning and analysis. The assessor leads security control interviews, supports continuous monitoring activities, and contributes to the development of assessment reports, briefings, and formal deliverables. Additionally, the role maintains assessment documentation and tracking artifacts, reviews security documentation, and assists in the development of Plans of Action and Milestones (POA&Ms). The SME Security Control Assessor I actively participates in team meetings and technical discussions to support compliance, risk management, and overall system security posture.
Key Responsibilities:
  • Support security control assessment activities
  • Gather and organize assessment evidence
  • Document security control implementation
  • Conduct security testing and evaluations
  • Assist with vulnerability scans and analysis
  • Create of assessment reports and briefings
  • Maintain assessment documentation and tracking sheets
  • Lead security control interviews
  • Prepare assessment deliverables
  • Applying NIST security controls and frameworks
  • Support continuous monitoring activities
  • Assist with security documentation review
  • Contribute to Plans of Action and Milestones (POA&Ms) development
  • Participate in team meetings and technical discussions

Qualifications and Skills:
  • Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field
  • 2+ years of experience in security control assessments
  • Basic understanding of cybersecurity principles and concepts
  • Knowledge of NIST frameworks and security controls
  • Familiarity with common security tools and technologies
  • Strong attention to detail
  • Excellent organizational skills
  • Basic technical writing abilities
  • Proficiency in Microsoft Office suite
  • Strong analytical and problem-solving skills
  • Ability to follow detailed instructions and procedures
  • Good communication skills
  • Eagerness to learn and develop professional skills
  • Basic understanding of networking concepts
  • Ability to work effectively in a team environment
  • Commitment to maintaining confidentiality and security protocols
  • Familiarity with Risk Management Framework (RMF)

Desired Skills and Competencies:
  • Security+ certification or in progress
  • Basic understanding of FISMA requirements
  • Experience with vulnerability scanning tools
  • Knowledge of basic scripting or programming
  • Familiarity with cloud computing concepts
  • Understanding of basic system administration
  • Experience with documentation management systems
  • Knowledge of compliance frameworks
  • Basic understanding of security assessment methodologies
  • Familiarity with cybersecurity best practices
  • Experience with technical documentation
  • Interest in federal government cybersecurity
  • Basic understanding of privacy principles

Additional Information:
Employment for this position is contingent upon the candidate being a United States citizen and having the ability to successfully obtain and maintain a Public Trust clearance, in accordance with applicable federal regulations. All hiring decisions will be made in compliance with applicable federal, state, and local laws and regulations
Equal Opportunity Employer:
We are an Equal Opportunity Employer and do not discriminate in employment decisions on the basis of race, color, religion, sex (including pregnancy, sexual orientation, or gender identity), national origin, age, disability, genetic information, veteran status, or any other status protected by applicable federal, state, or local laws. All employment decisions are based on business needs, job requirements, and individual qualifications.

Flexible work from home options available.