1

Security Controls Assessor Jobs (NOW HIRING)

Title: Sr. Cybersecurity Engineer Security Controls Assessor Representative Belong. Connect. Grow. with KBR! KBR's National Security Solutions team provides high-end engineering and advanced ...

This Assessor is responsible for leading the Risk Management Engineering (RME) team in planning and ... Complete and execute a cloud Security Controls Test (SCT) plan. * Provide the final cloud analysis ...

next page

Showing results 1-20

Security Controls Assessor information

See salary details

$8

$58

$78

How much do security controls assessor jobs pay per hour?

As of Jul 12, 2026, the average hourly pay for security controls assessor in the United States is $58.77, according to ZipRecruiter salary data. Most workers in this role earn between $50.48 and $68.03 per hour, depending on experience, location, and employer.

What are Security Controls Assessors?

Security Controls Assessors are professionals responsible for evaluating and validating the effectiveness of security controls within an organization's information systems. They conduct assessments to ensure compliance with regulatory standards, such as NIST, FISMA, or other security frameworks. Their work helps organizations identify vulnerabilities, manage risks, and maintain the confidentiality, integrity, and availability of critical data. Security Controls Assessors often provide recommendations for remediation and support efforts to achieve or maintain security certifications.

What are the key skills and qualifications needed to thrive as a Security Controls Assessor, and why are they important?

To thrive as a Security Controls Assessor, you need expertise in information security frameworks, risk assessment methodologies, and compliance requirements, often supported by a degree in cybersecurity or related fields and certifications like CISSP, CISA, or CAP. Familiarity with tools such as vulnerability scanners, security assessment platforms, and compliance management systems is typically required. Strong analytical thinking, attention to detail, and effective communication skills help you identify risks and clearly report findings to stakeholders. These skills ensure that organizations maintain robust security postures and meet regulatory requirements to protect critical assets.

What are some common challenges Security Controls Assessors face when evaluating compliance across multiple systems?

Security Controls Assessors often encounter challenges with inconsistent documentation, varying system configurations, and differing interpretations of compliance standards across departments. Coordinating with multiple teams to collect evidence and clarify control implementations can be time-consuming, especially in large organizations. Staying current with evolving regulations and ensuring all systems meet the latest requirements also demands continuous learning and adaptability. Building strong communication channels with system owners and IT staff helps overcome these hurdles and ensures thorough, accurate assessments.

What Does a Security Controls Assessor Do?

A security controls assessor (SCA) evaluates the security controls within network systems to identify vulnerabilities and recommend actions to correct problems, working either alone or as part of a team. As a security controls assessor, your duties begin with conducting an in-depth assessment of the management, operations, and technical security controls. You must analyze information and prepare reports describing the vulnerability level of the network with specific detail as to what compromises data systems. You then develop a plan to address vulnerabilities and continue to monitor the security of network systems.

What is the difference between Security Controls Assessor vs Security Analyst?

AspectSecurity Controls AssessorSecurity Analyst
CertificationsISO 27001 Lead Auditor, CISSP, CISACISSP, Security+
Work EnvironmentAssessing security controls, compliance auditsMonitoring security systems, incident response
Employer & IndustryGovernment agencies, compliance firmsCorporate IT, cybersecurity teams

The Security Controls Assessor primarily evaluates and verifies security controls for compliance, often in government or regulated environments. In contrast, a Security Analyst focuses on monitoring, analyzing, and responding to security threats within organizations. While both roles require security certifications and involve cybersecurity, their core responsibilities and work settings differ significantly.

What cities are hiring for Security Controls Assessor jobs? Cities with the most Security Controls Assessor job openings:
What are the most commonly searched types of Security Controls Assessor jobs? The most popular types of Security Controls Assessor jobs are:
Who are the top companies hiring for Security Controls Assessor jobs? The top employers for Security Controls Assessor jobs are:
What states have the most Security Controls Assessor jobs? States with the most job openings for Security Controls Assessor jobs include:
What job categories do people searching Security Controls Assessor jobs look for? The top searched job categories for Security Controls Assessor jobs are:
What are popular job titles related to Security Controls Assessor jobs? For Security Controls Assessor jobs, the most frequently searched job titles are:
Security Controls Assessor / OSCAL (Part Time, Remote)

Security Controls Assessor / OSCAL (Part Time, Remote)

TestPros

Sterling, VA โ€ข On-site, Remote

$50 - $85/hr

Part-time

Medical, Dental, Vision, Life, Retirement, PTO

Re-posted 3 days ago


Job description

TestPros delivers innovative independent IT assessment solutions to critical challenges facing the nation and the world. We support the U.S. Federal Government and Commercial clients within the continental USA. TestPros is dedicated to making lives better, safer and more secure.
Start: Future projects late 2026 or 2027 (not an immediate job opening)
Type: Part-time consulting
Overview
The ideal candidate will have strong hands-on experience conducting independent security control compliance assessments using guidelines from NIST (800-53, 800-171) and assessment automation via OSCAL (Open Security Controls Assessment Language). You must have security controls and OSCAL experience in both U.S. Government and Commercial environments. FedRAMP experience is a plus...
Required Qualifications
  • Proven OSCAL experience (at least two years).
  • 5+ years of hands-on security controls assessment and development of Security Assessment Plan (SAP), Security Assessment Report (SAR) and Plan of Actions and Milestones (POA&M).
  • Experience with RegScale, Paramify, or similar tools.
  • Experience with government, public sector, or municipal IT environments is highly preferred.
  • Ability to write clear, professional, and actionable technical reports.
  • Full U.S. Citizenship, and ability to pass an extensive background check.
Preferred Skills
  • Experience with NIST 800-53 based ATO assessment, NIST 800-171/CMMC assessment, and/or HIPAA assessment.
  • Ability to produce a set of interoperable, extensible, machine-readable formats that supports a broad range of control-based risk management processes (XML-, JSON-, and YAML-based formats that allow for lossless translations between XML, JSON, and YAML representations).
  • Familiarity with U.S. Government security policy requirements.
  • Experience coordinating with multi-agency or cross-organizational IT teams.
  • Expertise with common tools such as Kali Linux, Burp Suite, Nmap, Metasploit, Nessus/Tenable, and Wireshark.
Engagement Details
  • Estimated Start: Late 2026 or 2027
  • Estimated Duration: TBD
  • Work Location: Fully Remote
  • Clearances: Not required, but government experience is a plus

Rate: $50-85/hr (1099 or Corp. to Corp.) This range represents a good-faith estimate and is not a guarantee; final compensation is determined by factors such as experience, qualifications, and government contract labor rate requirements and may fall outside the stated range.
Equal Opportunity Employer
TestPros is an equal-opportunity employer and does not discriminate in employment based on race, color, religion, sex (including pregnancy and gender identity), national origin, political affiliation, sexual orientation, marital status, disability, genetic information, age, membership in an employee organization, retaliation, parental status, military service, or any other non-merit factor.
Offer Considerations
TestPros considers several factors when extending an offer, including but not limited to, Federal Government contract labor categories and contract wage rates, relevant prior work experience, specific skills and competencies, geographic location, education, and certifications.
Federal Compliance
As a federal contractor, TestPros is subject to all federal and state mandates and/or other customer requirements.
Benefits
TestPros offers a competitive salary, medical/dental/vision insurance, life insurance, paid time off, paid holidays, 401(k) retirement plan with company match, opportunities for professional growth, cell phone discounts, and much more! All benefits are per TestPros current policies and are subject to change without notice. Benefits are available to full-time employees.