Senior Security Advisor – Lead Control Assessor
Soteria - Security Solutions & Advisory · Charleston, SC · 1 wk ago
RemoteRemoteManagementFull-time
Core Responsibilities
- Lead and execute cybersecurity control assessments against a defined subset of key controls aligned to established frameworks (NIST SP 800-53 Rev. 5).
- Assess control implementation status using standardized criteria and validation methodologies. (NIST SP 800-53A Rev. 5).
- Test information systems using documentation review, system walk-throughs, and stakeholder interviews to assess the design and operating effectiveness of NIST SP 800-53 Rev. 5 security controls.
- Apply consistent judgment to determine evidence sufficiency and appropriateness.
- Lead planning, kickoff, execution coordination, and closeout activities for assigned assessment engagements.
- Cookordination assessment activities and task assignments across Control Assessors to meet delivery timelines.
- Serve as the primary point of contact for client stakeholders during assessment engagements.
- Review and approve assessment narratives, findings, and control determinations prior to quality assurance submission.
- Ensure assessments are executed consistently across multiple clients to support trend analysis and benchmarking.
- Enforce adherence to defined assessment methodologies, scope boundaries, and validation standards.
- Support quality assurance reviews by addressing feedback and ensuring accuracy, clarity, and consistency of deliverables.
- Lead and participate in client interviews, system walkthroughs, and working sessions in a professional, structured manner.
- Clearly communicate assessment scope, expectations, and evidence requirements to stakeholders.
- Present assessment results, key findings, and risk implications to executive leadership and board-level stakeholders in a clear, concise, and professional manner.
- Mentor and guide Control Assessors on assessment techniques, documentation standards, and professional judgment.
- Escalate risks, issues, or control interpretation questions to program leadership as appropriate.
Technologies and Platforms
- GSuite (Gmail, Docs, Sheets, Slides, Calendar)
- Microsoft 365 (Word, Excel, PowerPoint, Teams)
- Zoom
- Asana
- Slack
Education and Experience Requirements
- 7+ years of industry experience in cybersecurity, information security, IT audit, or risk and compliance.
- 2+ years of experience leading or performing cybersecurity control assessments or IT audits, with demonstrated responsibility for control testing and validation.
- Bachelor’s degree in Information Security, Information Systems, Computer Science, or a related field, or equivalent professional experience.
- Relevant professional certifications such as CISSP, CISM, CISA, CRISC, or equivalent strongly preferred.
- Proven experience testing and evaluating security controls aligned to NIST SP 800-53 Rev. 5 and applying assessment procedures consistent with NIST SP 800-53A Rev. 5.
- Experience executing repeatable, methodology-driven assessment programs across multiple organizations or systems.
- Strong written and verbal communication skills, including experience presenting assessment results to executive and board-level audiences.
- Maintains confidentiality and professionalism with sensitive client information.
Physical Requirements
- Prolonged periods of being at a desk and working on a computer.
Travel Requirements
- This role is primarily remote; however, periodic travel to client sites is required based on client needs.
Hours of Operation
- Soteria is a remote workforce with flexibility in scheduling. The majority of work time will be 9:00 AM EST to 5:00 PM EST.
Pay Range
The pay range for this role is: 120,000 - 145,000 USD per year (Remote (Charleston, South Carolina, US))