Security Controls Assessor / OSCAL

Jobgether·Lever
United StatesPart-timePosted Jul 1, 2026
Open original posting

This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for a Security Controls Assessor / OSCAL based in the United States.

This role sits at the intersection of cybersecurity assurance, federal compliance, and modern automation-driven assessment practices. You will be responsible for evaluating security controls across complex environments using established frameworks such as NIST 800-53 and NIST 800-171, while leveraging OSCAL to modernize and automate assessment workflows. The position involves working on high-impact security compliance initiatives across government and commercial systems, ensuring controls are accurately assessed, documented, and continuously improved. You will contribute directly to the production of critical compliance artifacts such as SAPs, SARs, and POA&Ms, helping organizations strengthen their security posture. This is a highly analytical and detail-oriented role suited for professionals who thrive in structured, regulated environments. You will also collaborate with cross-functional technical teams to translate security requirements into actionable, machine-readable compliance outputs. The environment values precision, clarity, and strong technical judgment in security risk management.

This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for a Security Controls Assessor / OSCAL based in the United States.

This role sits at the intersection of cybersecurity assurance, federal compliance, and modern automation-driven assessment practices. You will be responsible for evaluating security controls across complex environments using established frameworks such as NIST 800-53 and NIST 800-171, while leveraging OSCAL to modernize and automate assessment workflows. The position involves working on high-impact security compliance initiatives across government and commercial systems, ensuring controls are accurately assessed, documented, and continuously improved. You will contribute directly to the production of critical compliance artifacts such as SAPs, SARs, and POA&Ms, helping organizations strengthen their security posture. This is a highly analytical and detail-oriented role suited for professionals who thrive in structured, regulated environments. You will also collaborate with cross-functional technical teams to translate security requirements into actionable, machine-readable compliance outputs. The environment values precision, clarity, and strong technical judgment in security risk management.

Accountabilities

    • Conduct independent security control assessments aligned with NIST 800-53 and NIST 800-171 frameworks, ensuring compliance with federal and industry standards.
    • Develop and maintain key assessment artifacts including Security Assessment Plans (SAP), Security Assessment Reports (SAR), and Plans of Action and Milestones (POA&M).
    • Apply OSCAL-based methodologies to automate, structure, and modernize security assessment and compliance reporting processes.
    • Evaluate security controls across government and commercial environments, identifying gaps, risks, and remediation requirements.
    • Utilize compliance automation and governance tools such as RegScale, Paramify, or similar platforms to streamline assessment workflows.
    • Collaborate with technical and compliance stakeholders across organizations to ensure consistent interpretation and implementation of security requirements.
    • Produce clear, structured, and actionable technical documentation supporting audit readiness and authorization processes.
    • Support the creation of machine-readable, interoperable compliance outputs (XML, JSON, YAML) enabling scalable risk management practices.
    • Coordinate with cross-functional teams in multi-agency or enterprise environments to support assessment activities and findings validation.
    • Requirements

      • 5+ years of hands-on experience in security controls assessment, compliance, or related cybersecurity assurance roles.
      • At least 2 years of practical experience working with OSCAL (Open Security Controls Assessment Language).
      • Strong knowledge of NIST 800-53, NIST 800-171, and related federal security control frameworks.
      • Experience producing SAPs, SARs, and POA&Ms in regulated environments.
      • Familiarity with compliance automation platforms such as RegScale, Paramify, or equivalent tools.
      • Strong ability to write clear, professional, and audit-ready technical documentation and reports.
      • Experience in government, public sector, or highly regulated enterprise environments strongly preferred.
      • Understanding of machine-readable data formats (XML, JSON, YAML) for compliance and control mapping.
      • Familiarity with security testing and assessment tools such as Nessus, Nmap, Burp Suite, Wireshark, or similar.
      • Strong analytical, communication, and stakeholder coordination skills.
      • U.S. Citizenship required and ability to pass a comprehensive background check.
      • FedRAMP, CMMC, or HIPAA assessment experience is considered a strong plus.
      • Benefits

        • Fully remote consulting opportunity (part-time engagement).
        • Competitive hourly compensation aligned with experience and contract requirements.
        • Exposure to high-impact federal and commercial cybersecurity compliance projects.
        • Opportunity to work with modern OSCAL-based security automation and assessment frameworks.
        • Flexible engagement structure (1099 or Corp-to-Corp).
        • Professional growth in advanced security compliance and federal assessment practices.
        • Collaborative environment working with experienced cybersecurity and compliance professionals.
        • Potential for long-term project extensions depending on program needs.
How Jobgether works: We use an AI-powered matching process to ensure your application is reviewed quickly, objectively, and fairly against the role's core requirements. Our system identifies the top-fitting candidates, and this shortlist is then shared directly with the hiring company. The final decision and next steps (interviews, assessments) are managed by their internal team. We appreciate your interest and wish you the best!  Why Apply Through Jobgether?    Data Privacy Notice: By submitting your application, you acknowledge that Jobgether will process your personal data to evaluate your candidacy and share relevant information with the hiring employer. This processing is based on legitimate interest and pre-contractual measures under applicable data protection laws (including GDPR). You may exercise your rights (access, rectification, erasure, objection) at any time.     #LI-CL1

Want jobs like this matched to you?

Swoopd scores fresh postings against your résumé so you only see the matches that matter.

Get started free