This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for a Security Controls Assessor based in the United States.
This role focuses on strengthening cybersecurity and regulatory compliance across complex federal and enterprise systems by assessing security controls and supporting risk management frameworks.
You will play a key role in ensuring systems meet NIST, RMF, and FISMA requirements through detailed assessment, documentation, and validation of security posture.
The position involves hands-on work with system security artifacts, including SSPs, SARs, and POA&Ms, to support Authorization to Operate (ATO) processes.
You will collaborate with technical teams and stakeholders to identify control gaps, document findings, and track remediation efforts.
A strong emphasis is placed on analytical rigor, regulatory compliance, and clear communication of security risks and recommendations.
You will also contribute to policy development, security maturity initiatives, and continuous improvement of governance practices.
This is a part-time U.S.-based consulting role supporting high-impact federal and commercial cybersecurity programs.
Accountabilities:
- Develop, update, and maintain NIST 800-53 Rev. 5-aligned System Security Plans (SSPs) to support ATO processes.
- Create and revise Security Assessment Reports (SARs) and Plans of Actions and Milestones (POA&Ms) in accordance with compliance requirements.
- Verify implementation of security controls and document findings to ensure alignment with NIST, RMF, and FISMA frameworks.
- Conduct risk analysis and provide detailed reports on vulnerabilities, mitigation strategies, and escalation of security concerns.
- Facilitate and support POA&M tracking and remediation efforts to ensure timely resolution of identified gaps.
- Develop and maintain security policies, SOPs, and CONOPS covering areas such as incident response, configuration management, and continuity planning.
- Produce security performance metrics (KPIs) and support reporting on the effectiveness of implemented controls.
- Monitor evolving threat landscapes and integrate threat intelligence into ongoing assessments and recommendations.
Requirements:
- 5+ years of experience in IT security compliance, risk management, or security controls assessment roles.
- Strong expertise in NIST 800-53 Rev. 5, RMF, and FISMA compliance frameworks.
- Experience supporting Authority to Operate (ATO) processes, including SSP, SAR, and POA&M development.
- Solid understanding of cloud security, vulnerability management, and security governance practices.
- Familiarity with auditing, monitoring systems, incident response, and threat intelligence analysis.
- Experience with security tools and concepts including scanning, penetration testing, and vulnerability assessment methodologies.
- Strong analytical, documentation, and communication skills with the ability to present risks clearly to stakeholders.
- Bachelor’s degree in Computer Science, Cybersecurity, or related field preferred, or equivalent experience and certifications.
- Military or equivalent professional experience may be considered in place of formal education.
Benefits:
- Competitive hourly rate: $50–$95/hr (contract-based), depending on experience and qualifications.
- Remote, part-time consulting engagement within the United States.
- Opportunity to support critical federal cybersecurity and compliance initiatives.
- Exposure to NIST, RMF, and FISMA-driven security governance programs.
- Flexible consulting structure with project-based assignments.
- Potential for contract extension based on performance and program needs.
- Equal opportunity, merit-based hiring process.