Security Advisor – Control Assessor

The Security Advisor – Control Assessor is responsible for executing structured cybersecurity control assessments. This role focuses on consistent, evidence-based validation of a defined set of key security controls across multiple client organizations, supporting statewide or enterprise-wide assessment initiatives.

This position is ideal for an assessor who thrives in repeatable, methodology-driven environments, values precision and documentation quality, and understands the importance of comparability, defensibility, and audit rigor. The role emphasizes execution excellence rather than bespoke advisory consulting.

Core Responsibilities:

• Execute cybersecurity control assessments against a defined subset of key controls aligned to established frameworks (NIST SP 800-53 Rev. 5). 
• Assess control implementation status using standardized criteria and validation methodologies. (NIST SP 800-53A Rev. 5).
• Test information systems using documentation review, system walk-throughs, and stakeholder interviews to assess the design and operating effectiveness of NIST SP 800-53 Rev. 5 security controls.
• Apply consistent judgment to determine evidence sufficiency and appropriateness.
• Maintain organized evidence repositories using secure collaboration platforms.
• Draft standardized assessment narratives and findings.
• Contribute to assessment workbooks, reports, and presentations using approved templates and language standards.
• Adhere strictly to defined assessment methodologies, scope boundaries, and validation standards.
• Ensure assessments are executed consistently across multiple clients to support trend analysis and benchmarking.
• Support quality assurance reviews by addressing feedback and ensuring accuracy and clarity of deliverables.
• Escalate ambiguities, inconsistencies, or control interpretation questions to senior team members.
• Participate in client interviews and working sessions in a professional, structured manner.
• Communicate assessment expectations and evidence needs clearly to stakeholders.
• Collaborate effectively with Lead Assessors and peers to meet delivery timelines.

Technologies and Platforms we use:

• GSuite (Gmail, Docs, Sheets, Slides, Calendar)
• Microsoft 365 (Word, Excel, PowerPoint, Teams)
• Zoom
• Asana
• Slack

Education and Experience Requirements: 

• 3+ years of experience in cybersecurity, IT risk, audit, or compliance.
• 1+ year of experience performing IT audits or control assessments.
• Familiarity with common cybersecurity frameworks (NIST CSF, NIST 800-53 Rev. 5, ISO 27001, CIS Controls).
• Strong written communication skills with the ability to produce clear, defensible documentation.
• Proficiency with Microsoft Word, Excel, and collaboration tools.
• Relevant certifications (CISA, CISM, CISSP, or similar) preferred.
• Detail-oriented with strong analytical judgment.
• Comfortable working in structured, repeatable delivery models.
• Maintains confidentiality and professionalism with sensitive client information.

Physical Requirements: 

• Prolonged periods of being at a desk and working on a computer.

Travel Requirements: 

• This role is primarily remote; however, periodic travel to client sites is required based on client needs.

Hours of Operation:

• Soteria is a remote workforce with flexibility in scheduling. The majority of work time will be 9:00 AM EST to 5:00 PM EST.