This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for a Security Controls Assessor / OSCAL based in the United States.
This role sits at the intersection of cybersecurity assurance, federal compliance, and modern automation-driven assessment practices. You will be responsible for evaluating security controls across complex environments using established frameworks such as NIST 800-53 and NIST 800-171, while leveraging OSCAL to modernize and automate assessment workflows. The position involves working on high-impact security compliance initiatives across government and commercial systems, ensuring controls are accurately assessed, documented, and continuously improved. You will contribute directly to the production of critical compliance artifacts such as SAPs, SARs, and POA&Ms, helping organizations strengthen their security posture. This is a highly analytical and detail-oriented role suited for professionals who thrive in structured, regulated environments. You will also collaborate with cross-functional technical teams to translate security requirements into actionable, machine-readable compliance outputs. The environment values precision, clarity, and strong technical judgment in security risk management.
This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for a Security Controls Assessor / OSCAL based in the United States.
This role sits at the intersection of cybersecurity assurance, federal compliance, and modern automation-driven assessment practices. You will be responsible for evaluating security controls across complex environments using established frameworks such as NIST 800-53 and NIST 800-171, while leveraging OSCAL to modernize and automate assessment workflows. The position involves working on high-impact security compliance initiatives across government and commercial systems, ensuring controls are accurately assessed, documented, and continuously improved. You will contribute directly to the production of critical compliance artifacts such as SAPs, SARs, and POA&Ms, helping organizations strengthen their security posture. This is a highly analytical and detail-oriented role suited for professionals who thrive in structured, regulated environments. You will also collaborate with cross-functional technical teams to translate security requirements into actionable, machine-readable compliance outputs. The environment values precision, clarity, and strong technical judgment in security risk management.
Accountabilities
- Conduct independent security control assessments aligned with NIST 800-53 and NIST 800-171 frameworks, ensuring compliance with federal and industry standards.
- Develop and maintain key assessment artifacts including Security Assessment Plans (SAP), Security Assessment Reports (SAR), and Plans of Action and Milestones (POA&M).
- Apply OSCAL-based methodologies to automate, structure, and modernize security assessment and compliance reporting processes.
- Evaluate security controls across government and commercial environments, identifying gaps, risks, and remediation requirements.
- Utilize compliance automation and governance tools such as RegScale, Paramify, or similar platforms to streamline assessment workflows.
- Collaborate with technical and compliance stakeholders across organizations to ensure consistent interpretation and implementation of security requirements.
- Produce clear, structured, and actionable technical documentation supporting audit readiness and authorization processes.
- Support the creation of machine-readable, interoperable compliance outputs (XML, JSON, YAML) enabling scalable risk management practices.
- Coordinate with cross-functional teams in multi-agency or enterprise environments to support assessment activities and findings validation.
- 5+ years of hands-on experience in security controls assessment, compliance, or related cybersecurity assurance roles.
- At least 2 years of practical experience working with OSCAL (Open Security Controls Assessment Language).
- Strong knowledge of NIST 800-53, NIST 800-171, and related federal security control frameworks.
- Experience producing SAPs, SARs, and POA&Ms in regulated environments.
- Familiarity with compliance automation platforms such as RegScale, Paramify, or equivalent tools.
- Strong ability to write clear, professional, and audit-ready technical documentation and reports.
- Experience in government, public sector, or highly regulated enterprise environments strongly preferred.
- Understanding of machine-readable data formats (XML, JSON, YAML) for compliance and control mapping.
- Familiarity with security testing and assessment tools such as Nessus, Nmap, Burp Suite, Wireshark, or similar.
- Strong analytical, communication, and stakeholder coordination skills.
- U.S. Citizenship required and ability to pass a comprehensive background check.
- FedRAMP, CMMC, or HIPAA assessment experience is considered a strong plus.
- Fully remote consulting opportunity (part-time engagement).
- Competitive hourly compensation aligned with experience and contract requirements.
- Exposure to high-impact federal and commercial cybersecurity compliance projects.
- Opportunity to work with modern OSCAL-based security automation and assessment frameworks.
- Flexible engagement structure (1099 or Corp-to-Corp).
- Professional growth in advanced security compliance and federal assessment practices.
- Collaborative environment working with experienced cybersecurity and compliance professionals.
- Potential for long-term project extensions depending on program needs.