1

Security Control Assessor Jobs (NOW HIRING)

We are seeking a highly skilled Security Control Assessor (SCA) to support independent cybersecurity assessments of systems in accordance with the Risk Management Framework (RMF). This role is ...

Security Control Assessor

Arlington, VA · On-site

$110K - $130K/yr

Security Control Assessor Location: Arlington, VA (On-Site) Citizenship: US only Clearance: Active TS/SCI (DHS EOD Suitability required) Company: Argo Cyber Systems, LLC - Service-Disabled Veteran ...

We are seeking a highly skilled Security Control Assessor (SCA) to support independent cybersecurity assessments of systems in accordance with the Risk Management Framework (RMF). This role is ...

Security Control Assessor III Responsibilities: * Leads comprehensive security assessments for complex or high-impact systems. * Oversees control testing strategies, validates remediation ...

Security Control Assessor - TS/SCI clearance required - Port of San Antonio, TX IPSecure is seeking an experienced Security Control Assessor (SCA) to support the 16 AF Assessments and Authorization ...

New

They are seeking a Security Control Assessor to lead comprehensive security assessments for complex systems and oversee control testing strategies while providing risk determinations to Authorizing ...

Security Control Assessor - TS/SCI clearance required - Port of San Antonio, TX IPSecure is seeking an experienced Security Control Assessor (SCA) to support the 16 AF Assessments and Authorization ...

New

We are looking for a SME Security Control Assessor that supports security control assessment activities for HHS-ACF information systems by applying NIST security controls and frameworks to evaluate ...

We are looking for a SME Security Control Assessor that supports security control assessment activities for HHS-ACF information systems by applying NIST security controls and frameworks to evaluate ...

Description Tyto Athene is seeking a Security Control Assessor (SCA) to support a federal customer in Washington, DC. The successful candidate will evaluate information systems to ensure compliance ...

Security Control Assessor

Washington, DC · On-site

$155K - $165K/yr

Security Control Assessor III Responsibilities: * Leads comprehensive security assessments for complex or high-impact systems. * Oversees control testing strategies, validates remediation ...

We are looking for a SME Security Control Assessor that supports security control assessment activities for HHS-ACF information systems by applying NIST security controls and frameworks to evaluate ...

FEDITC is seeking a Security Control Assessor to support an effort to develop, implement, manage, and maintain a Risk Management Framework Cybersecurity Program at Peterson Space Force Base, Colorado.

next page

Showing results 1-20

Security Control Assessor information

See salary details

$8

$58

$78

How much do security control assessor jobs pay per hour?

As of Jul 11, 2026, the average hourly pay for security control assessor in the United States is $58.77, according to ZipRecruiter salary data. Most workers in this role earn between $50.48 and $68.03 per hour, depending on experience, location, and employer.

Can you make $500,000 a year in cyber security?

Security Control Assessors typically earn salaries ranging from $70,000 to $150,000 annually, depending on experience, certifications, and location. Reaching a $500,000 annual salary in cybersecurity generally requires senior roles, specialized expertise, management positions, or consulting work with high-value contracts.

Is SOC an entry level job?

A Security Control Assessor (SOC) role is typically not entry-level; it usually requires prior experience in cybersecurity, knowledge of security frameworks, and relevant certifications such as CISSP or Security+. Entry-level positions in cybersecurity may include roles like Security Analyst or Technician, with SOC roles often requiring more specialized skills and experience. However, some organizations offer junior or trainee SOC positions for those starting their cybersecurity careers.

What are the key skills and qualifications needed to thrive as a Security Control Assessor, and why are they important?

To thrive as a Security Control Assessor, you need expertise in information security principles, risk management frameworks like NIST RMF, and a relevant bachelor's degree or equivalent work experience. Familiarity with security assessment tools, compliance management systems, and certifications such as CISSP, CISA, or CAP is typically required. Strong analytical thinking, attention to detail, and effective communication are crucial for evaluating security controls and reporting findings clearly. These skills ensure accurate risk assessments, regulatory compliance, and robust protection of organizational information assets.

What skills do you need to be a security control assessor?

A security control assessor needs strong knowledge of cybersecurity frameworks, risk management, and security controls. Skills in analyzing security policies, conducting assessments, and familiarity with tools like NIST, ISO standards, and vulnerability scanning are essential. Certifications such as CISSP or CISA can also enhance qualifications.

What is the difference between Security Control Assessor vs Security Analyst?

AspectSecurity Control AssessorSecurity Analyst
CertificationsRisk Management Framework (RMF), CISSP, CISACISSP, Security+
Work EnvironmentFederal agencies, DoD, government complianceCorporate, cybersecurity teams, IT departments
ResponsibilitiesAssess security controls, ensure compliance, auditMonitor security, analyze threats, implement security measures

The Security Control Assessor primarily evaluates security controls for compliance and risk management, often within government agencies. In contrast, the Security Analyst focuses on monitoring and analyzing security threats to protect organizational assets. While both roles require cybersecurity knowledge and certifications like CISSP, their focus areas and work environments differ significantly.

What is the role of a security control assessor?

A security control assessor evaluates the effectiveness of security controls implemented within an organization to ensure they meet security standards and compliance requirements. They review documentation, conduct testing, and provide recommendations for improvement, often working with frameworks like NIST or ISO. Certification such as CISSP or CISA is commonly required for this role.

What are the main challenges Security Control Assessors face when evaluating complex information systems?

Security Control Assessors often encounter challenges such as rapidly evolving security threats, integrating new technologies, and ensuring compliance with multiple frameworks (like NIST, FISMA, or RMF). Assessing large, interconnected systems requires attention to detail and strong analytical skills to identify vulnerabilities and recommend effective controls. Collaboration with system owners, IT staff, and auditors is essential to obtain comprehensive documentation and clarify system boundaries, which can be a demanding part of the assessment process.

What are Security Control Assessors?

Security Control Assessors (SCAs) are professionals responsible for evaluating the security controls of information systems to ensure they meet required standards and regulations. They conduct assessments, document findings, and provide recommendations to help organizations manage risk and achieve compliance with frameworks such as NIST or FISMA. SCAs play a critical role in maintaining the security and integrity of sensitive data by identifying vulnerabilities and verifying that corrective actions are implemented effectively.
More about Security Control Assessor jobs
What cities are hiring for Security Control Assessor jobs? Cities with the most Security Control Assessor job openings:
What are the most commonly searched types of Security Control Assessor jobs? The most popular types of Security Control Assessor jobs are:
What states have the most Security Control Assessor jobs? States with the most job openings for Security Control Assessor jobs include:
What job categories do people searching Security Control Assessor jobs look for? The top searched job categories for Security Control Assessor jobs are:
Infographic showing various Security Control Assessor job openings in the United States as of July 2026, with employment types broken down into 3% Locum Tenens, 26% Full Time, 2% Part Time, 1% Temporary, 1% Contract, and 67% Nights. Highlights an 89% Physical, 2% Hybrid, and 9% Remote job distribution, with an average salary of $122,236 per year, or $58.8 per hour.
Security Control Assessor

Other

Re-posted 4 days ago


Job description

Job Description We are seeking a highly skilled Security Control Assessor (SCA) to support independent cybersecurity assessments of systems in accordance with the Risk Management Framework (RMF). This role is responsible for evaluating the implementation and effectiveness of security controls, assessing residual risk, and providing actionable recommendations to support authorization decisions. The ideal candidate brings deep DoD cybersecurity experience, strong analytical judgment, and the ability to communicate technical risk clearly to both cybersecurity and senior mission stakeholders.

This is a high-visibility role supporting mission-critical systems in a dynamic national security environment. Key Responsibilities Perform independent security control assessments of information systems in support of RMF authorization and continuous monitoring activities Evaluate the implementation, effectiveness, and compliance of security controls in accordance with NIST SP 800-53 and DoD cybersecurity requirements Review technical artifacts, system documentation, test results, and evidence to determine control inheritance, applicability, and residual risk Document assessment findings, vulnerabilities, recommendations, and risk impacts in clear and concise language Develop Security Assessment Reports (SARs), risk summaries, and briefing materials for Authorizing Officials and senior stakeholders Coordinate with system owners, ISSMs, engineers, and cybersecurity teams to validate findings and support remediation planning Assess cloud, hybrid, enclave, and enterprise architectures for cybersecurity compliance and security posture Support high-priority authorization decisions while ensuring alignment with mission execution and operational requirements Required Qualifications 7+ years of experience in cybersecurity, RMF, information assurance, or related information security roles Demonstrated experience performing security control assessments, compliance reviews, or cybersecurity audits Strong knowledge of Risk Management Framework (RMF), NIST SP 800-53, and security assessment methodologies Experience analyzing technical evidence and articulating cybersecurity risk to technical and non-technical stakeholders Prior experience supporting complex DoD or enterprise IT systems Active Secret Clearance (or higher) required Ability to work onsite at Joint Base Andrews, MD two days per week Prior DoD cybersecurity experience required CISSP certification required Preferred Qualifications Previous experience serving as a Security Control Assessor (SCA) or SCA-Validator Experience supporting Air Force systems or A4 mission environments Familiarity with cloud, hybrid, and enclave architectures Strong briefing, customer engagement, and stakeholder communication skills Additional certifications such as CISM or CISA preferredIdeal Candidate Profile Critical thinker with strong attention to technical detail Comfortable operating in mission-focused, high-visibility DoD environments Able to balance cybersecurity rigor with operational mission requirements Effective collaborator with engineers, program teams, and senior leadership Passionate about improving security posture and supporting national security missions