1

Security Control Assessor Jobs (NOW HIRING)

We are looking for a SME Security Control Assessor that supports security control assessment activities for HHS-ACF information systems by applying NIST security controls and frameworks to evaluate ...

Senior Security Control Assessor

Arlington, VA ยท On-site

$130K - $150K/yr

Senior Security Control Assessor Overview: TSA is currently seeking a Senior Security Control Assessor who will serve as a Functional Lead and provide support to our NAVAIR customer in the DC Metro ...

PR ยท On-site

Nist Security Control Assessor We are currently seeking a NIST 800-53 Security Control Assessor interested in starting a rewarding career in public accounting by joining our Information Technology ...

Security Control Assessor

Hampton, VA ยท On-site

$61K - $141K/yr

Security Control Assessor The Opportunity: As a cyber mission specialist, you understand the value of hunt-forward operations, and you know that battles are won in the grey. At Booz Allen, you can ...

next page

Showing results 1-20

Security Control Assessor information

See salary details

$8

$58

$78

How much do security control assessor jobs pay per hour?

As of Jul 12, 2026, the average hourly pay for security control assessor in the United States is $58.77, according to ZipRecruiter salary data. Most workers in this role earn between $50.48 and $68.03 per hour, depending on experience, location, and employer.

Can you make $500,000 a year in cyber security?

Security Control Assessors typically earn salaries ranging from $70,000 to $150,000 annually, depending on experience, certifications, and location. Reaching a $500,000 annual salary in cybersecurity generally requires senior roles, specialized expertise, management positions, or consulting work with high-value contracts.

Is SOC an entry level job?

A Security Control Assessor (SOC) role is typically not entry-level; it usually requires prior experience in cybersecurity, knowledge of security frameworks, and relevant certifications such as CISSP or Security+. Entry-level positions in cybersecurity may include roles like Security Analyst or Technician, with SOC roles often requiring more specialized skills and experience. However, some organizations offer junior or trainee SOC positions for those starting their cybersecurity careers.

What are the key skills and qualifications needed to thrive as a Security Control Assessor, and why are they important?

To thrive as a Security Control Assessor, you need expertise in information security principles, risk management frameworks like NIST RMF, and a relevant bachelor's degree or equivalent work experience. Familiarity with security assessment tools, compliance management systems, and certifications such as CISSP, CISA, or CAP is typically required. Strong analytical thinking, attention to detail, and effective communication are crucial for evaluating security controls and reporting findings clearly. These skills ensure accurate risk assessments, regulatory compliance, and robust protection of organizational information assets.

What skills do you need to be a security control assessor?

A security control assessor needs strong knowledge of cybersecurity frameworks, risk management, and security controls. Skills in analyzing security policies, conducting assessments, and familiarity with tools like NIST, ISO standards, and vulnerability scanning are essential. Certifications such as CISSP or CISA can also enhance qualifications.

What is the difference between Security Control Assessor vs Security Analyst?

AspectSecurity Control AssessorSecurity Analyst
CertificationsRisk Management Framework (RMF), CISSP, CISACISSP, Security+
Work EnvironmentFederal agencies, DoD, government complianceCorporate, cybersecurity teams, IT departments
ResponsibilitiesAssess security controls, ensure compliance, auditMonitor security, analyze threats, implement security measures

The Security Control Assessor primarily evaluates security controls for compliance and risk management, often within government agencies. In contrast, the Security Analyst focuses on monitoring and analyzing security threats to protect organizational assets. While both roles require cybersecurity knowledge and certifications like CISSP, their focus areas and work environments differ significantly.

What is the role of a security control assessor?

A security control assessor evaluates the effectiveness of security controls implemented within an organization to ensure they meet security standards and compliance requirements. They review documentation, conduct testing, and provide recommendations for improvement, often working with frameworks like NIST or ISO. Certification such as CISSP or CISA is commonly required for this role.

What are the main challenges Security Control Assessors face when evaluating complex information systems?

Security Control Assessors often encounter challenges such as rapidly evolving security threats, integrating new technologies, and ensuring compliance with multiple frameworks (like NIST, FISMA, or RMF). Assessing large, interconnected systems requires attention to detail and strong analytical skills to identify vulnerabilities and recommend effective controls. Collaboration with system owners, IT staff, and auditors is essential to obtain comprehensive documentation and clarify system boundaries, which can be a demanding part of the assessment process.

What are Security Control Assessors?

Security Control Assessors (SCAs) are professionals responsible for evaluating the security controls of information systems to ensure they meet required standards and regulations. They conduct assessments, document findings, and provide recommendations to help organizations manage risk and achieve compliance with frameworks such as NIST or FISMA. SCAs play a critical role in maintaining the security and integrity of sensitive data by identifying vulnerabilities and verifying that corrective actions are implemented effectively.
More about Security Control Assessor jobs
What cities are hiring for Security Control Assessor jobs? Cities with the most Security Control Assessor job openings:
What are the most commonly searched types of Security Control Assessor jobs? The most popular types of Security Control Assessor jobs are:
What states have the most Security Control Assessor jobs? States with the most job openings for Security Control Assessor jobs include:
What job categories do people searching Security Control Assessor jobs look for? The top searched job categories for Security Control Assessor jobs are:
Infographic showing various Security Control Assessor job openings in the United States as of July 2026, with employment types broken down into 3% Locum Tenens, 26% Full Time, 2% Part Time, 1% Temporary, 1% Contract, and 67% Nights. Highlights an 89% Physical, 2% Hybrid, and 9% Remote job distribution, with an average salary of $122,236 per year, or $58.8 per hour.

SME Security Control Assessor

Imagineeer LLC

Arlington, VA โ€ข On-site

$45 - $50/hr

Full-time

Re-posted 8 days ago


Job description

Benefits:
  • Competitive salary

About this Role:
We are looking for a SME Security Control Assessor that supports security control assessment activities for HHS-ACF information systems by applying NIST security controls and frameworks to evaluate control implementation and effectiveness. This role is responsible for gathering, organizing, and documenting assessment evidence; conducting security testing and evaluations; and assisting with vulnerability scanning and analysis. The assessor leads security control interviews, supports continuous monitoring activities, and contributes to the development of assessment reports, briefings, and formal deliverables. Additionally, the role maintains assessment documentation and tracking artifacts, reviews security documentation, and assists in the development of Plans of Action and Milestones (POA&Ms). The SME Security Control Assessor I actively participates in team meetings and technical discussions to support compliance, risk management, and overall system security posture.
Key Responsibilities:
  • Support security control assessment activities
  • Gather and organize assessment evidence
  • Document security control implementation
  • Conduct security testing and evaluations
  • Assist with vulnerability scans and analysis
  • Create of assessment reports and briefings
  • Maintain assessment documentation and tracking sheets
  • Lead security control interviews
  • Prepare assessment deliverables
  • Applying NIST security controls and frameworks
  • Support continuous monitoring activities
  • Assist with security documentation review
  • Contribute to Plans of Action and Milestones (POA&Ms) development
  • Participate in team meetings and technical discussions

Qualifications and Skills:
  • Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field
  • 2+ years of experience in security control assessments
  • Basic understanding of cybersecurity principles and concepts
  • Knowledge of NIST frameworks and security controls
  • Familiarity with common security tools and technologies
  • Strong attention to detail
  • Excellent organizational skills
  • Basic technical writing abilities
  • Proficiency in Microsoft Office suite
  • Strong analytical and problem-solving skills
  • Ability to follow detailed instructions and procedures
  • Good communication skills
  • Eagerness to learn and develop professional skills
  • Basic understanding of networking concepts
  • Ability to work effectively in a team environment
  • Commitment to maintaining confidentiality and security protocols
  • Familiarity with Risk Management Framework (RMF)

Desired Skills and Competencies:
  • Security+ certification or in progress
  • Basic understanding of FISMA requirements
  • Experience with vulnerability scanning tools
  • Knowledge of basic scripting or programming
  • Familiarity with cloud computing concepts
  • Understanding of basic system administration
  • Experience with documentation management systems
  • Knowledge of compliance frameworks
  • Basic understanding of security assessment methodologies
  • Familiarity with cybersecurity best practices
  • Experience with technical documentation
  • Interest in federal government cybersecurity
  • Basic understanding of privacy principles

Additional Information:
Employment for this position is contingent upon the candidate being a United States citizen and having the ability to successfully obtain and maintain a Public Trust clearance, in accordance with applicable federal regulations. All hiring decisions will be made in compliance with applicable federal, state, and local laws and regulations
Equal Opportunity Employer:
We are an Equal Opportunity Employer and do not discriminate in employment decisions on the basis of race, color, religion, sex (including pregnancy, sexual orientation, or gender identity), national origin, age, disability, genetic information, veteran status, or any other status protected by applicable federal, state, or local laws. All employment decisions are based on business needs, job requirements, and individual qualifications.
Flexible work from home options available.
Compensation: $45.00 - $50.00 per hour
About Us
Our Approach
We firmly believe in the uniqueness of every business, necessitating a personalized approach to transformation. This conviction drives us to invest time in comprehending an organization's historical challenges and operational framework. Our commitment is to foster innovation by adopting a tailored strategy that optimizes the utilization of an organization's human resources and data assets. With a wealth of experience, we specialize in guiding organizations through the implementation of post-quantum security, protocols for autonomy, and artificial intelligence.
We are committed to working with clients to positively disrupt, modernize, and transform their organizations and business processes. Noteworthy achievements include initiatives aimed at enhancing human resilience in the food supply chain, leveraging autonomy for streamlined operations, establishing root-of-trust capabilities for high-quality, trusted data, and designing ecosystems and tools for securing and transferring digital value through digital wallets. . Our proficiency extends to using artificial intelligence and data to fortify security and enhance visibility in data assets, aiding in the management of health issues at local, state, and national levels. We've developed a modern security posture to effectively mitigate risks associated with cyber attacks from nation-states. Our wealth of experience is underpinned by collaborative work with diverse multidisciplinary teams, thriving in highly complex and rapidly changing environments.