Senior Security Advisor – Lead Control Assessor
Employment Information
Report this job
Job expired or something wrong with this job?
Job Description
Senior Security Advisor assessing and leading cybersecurity control evaluations. Working remotely with a focus on execution quality and technical validation of security measures.
Responsibilities:
- Lead and execute cybersecurity control assessments against a defined subset of key controls aligned to established frameworks (NIST SP 800-53 Rev. 5).
- Assess control implementation status using standardized criteria and validation methodologies. (NIST SP 800-53A Rev. 5).
- Test information systems using documentation review, system walk-throughs, and stakeholder interviews to assess the design and operating effectiveness of NIST SP 800-53 Rev. 5 security controls.
- Apply consistent judgment to determine evidence sufficiency and appropriateness.
- Lead planning, kickoff, execution coordination, and closeout activities for assigned assessment engagements.
- Coordinate assessment activities and task assignments across Control Assessors to meet delivery timelines.
- Serve as the primary point of contact for client stakeholders during assessment engagements.
- Review and approve assessment narratives, findings, and control determinations prior to quality assurance submission.
- Ensure assessments are executed consistently across multiple clients to support trend analysis and benchmarking.
- Enforce adherence to defined assessment methodologies, scope boundaries, and validation standards.
- Support quality assurance reviews by addressing feedback and ensuring accuracy, clarity, and consistency of deliverables.
- Lead and participate in client interviews, system walkthroughs, and working sessions in a professional, structured manner.
- Clearly communicate assessment scope, expectations, and evidence requirements to stakeholders.
- Present assessment results, key findings, and risk implications to executive leadership and board-level stakeholders in a clear, concise, and professional manner.
- Mentor and guide Control Assessors on assessment techniques, documentation standards, and professional judgment.
- Escalate risks, issues, or control interpretation questions to program leadership as appropriate.
Requirements:
- 7+ years of industry experience in cybersecurity, information security, IT audit, or risk and compliance.
- 2+ years of experience leading or performing cybersecurity control assessments or IT audits, with demonstrated responsibility for control testing and validation.
- Bachelor’s degree in Information Security, Information Systems, Computer Science, or a related field, or equivalent professional experience.
- Relevant professional certifications such as CISSP, CISM, CISA, CRISC , or equivalent strongly preferred.
- Proven experience testing and evaluating security controls aligned to NIST SP 800-53 Rev. 5 and applying assessment procedures consistent with NIST SP 800-53A Rev. 5.
- Experience executing repeatable, methodology-driven assessment programs across multiple organizations or systems.
- Strong written and verbal communication skills, including experience presenting assessment results to executive and board-level audiences.
- Maintains confidentiality and professionalism with sensitive client information.
Benefits:
- Remote work flexibility
- Professional development opportunities
- Health insurance
- Retirement plans
Similar Jobs
Workday Security Administrator – Modernization Program
Workday Security Administrator managing security configuration and access controls for WVU. Collaborating across HR, Finance, and IT to ensure system integrity and compliance.
Security Engineer, Offensive Security
Security Engineer focusing on advanced vulnerability management and Pentesting as a service at Thrive. Collaborating with clients and ensuring high security standards while fostering trust in cybersecurity capabilities.
Cyber Security Expert – Senior Director/Analyst
Senior Director Analyst supporting national defense modernization and innovation through cybersecurity expertise. Analyzing global market trends and delivering actionable insights to executive clients.
Software Engineer – Product Security
Product Security Engineer developing and operating enterprise security controls. Collaborating with product teams at Allstate to enhance security practices.
Regional Channel Lead – Security & Identity
Channel Account Manager responsible for architecting partner ecosystems and driving revenue. Joining SecureW2's mission towards passwordless security solutions.
Senior Consultant, Penetration Testing
Senior Consultant in Penetration Testing for independent IT management and cybersecurity consultancy. Engaging in web and infrastructure penetration tests and improving client IT security.
Enterprise Account Executive, Cloud Security
Enterprise Account Executive at Foresite selling Google Cloud Security solutions. Collaborating with Google and security specialists to drive revenue growth in mid-market and enterprise accounts.
Cyber Security Engineer – Contract
Cyber Security Engineer responsible for security technologies and operational initiatives at Sunshine Enterprise. Implementing, integrating, and maintaining security technologies across a large-scale environment.
Cybersecurity Architect
Cybersecurity Architect embedding security into every phase of software development lifecycle for cloud infrastructure at Castille Resources Ltd. Designing and implementing security controls and a zero-trust environment.
Network Security Engineer
Security Engineer supporting enterprise security operations and enhancing overall security monitoring across a centralized environment. Focused on designing, tuning, and maintaining security detection rules.
Principal Consultant – Cyber/Physical Security
Principal Consultant leading Cyber-Physical Security for Bureau Veritas, offering consulting services in industrial sectors. Ensuring technical delivery excellence and guiding client engagements in cyber-physical security practices.
Lead II, Cybersecurity Defense
Cybersecurity Defense professional at Kyndryl focusing on incident response, threat hunting, and vulnerability management. Monitor infrastructure security and protect organizations from cyber threats in a supportive environment.
Director – Infrastructure Security
Director of Infrastructure Security at 1Password securing its cloud-native platform and leading a team of engineers. Responsible for setting security direction and ensuring scalable security across various systems.
Principal Information Security Engineer
Principal Information Security Engineer responsible for enterprise security tools at Fifth Third Bank. Advancing Zero Trust strategies and mentoring junior team members in a virtual environment.
Project Manager, Security Questionnaire
Project Manager at Workstreet overseeing multiple client engagements in security compliance. Managing Jira workflows and collaborating with cross-functional teams in a remote-first culture.
Security Authorization Specialist
Security Authorization Specialist managing FedRAMP compliance for the Game Warden platform. Collaborating with cross-functional teams to ensure security and regulatory requirements are met.
Product Security Compliance Lead
Product Security Compliance Lead at Second Front Systems ensuring security architecture and compliance programs. Leading a team in security accreditation efforts and driving innovation in compliance processes.
Senior Cybersecurity Engineer, Advanced Security
Join Presidio as a Senior Cybersecurity Engineer to architect and optimize cutting-edge security solutions. Mentor talent while collaborating to innovate threat detection and response capabilities.
Security Engineer – AI
Security Engineer AI implementing and operating security controls for cloud platforms and AI tools. Focused on Cloud Applications security and custom AI integrations.
Senior Cybersecurity Engineer, Advanced Security
Senior Cybersecurity Engineer responsible for architecting and deploying innovative cybersecurity solutions at Presidio. Collaborating with enterprise clients and leading security transformation projects.