Security Control Assessor (NIST 800-53)

Velero

$90K — $130K *
US-AnywhereRemote in Tampa, FL
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 5+ years of hands-on experience performing NIST 800-53A assessments
  • Proven ownership of Security Assessment Plans (SAP) and Security Assessment Reports (SAR) deliverables
  • Strong experience in designing and executing control testing procedures
  • Knowledge of RMF, FedRAMP, FISMA, or CMS ARS frameworks
  • Ability to validate controls independently, beyond simple documentation reviews

Responsibilities

  • Develop Security Assessment Plans (SAP) with defined testing procedures
  • Conduct control assessments across all control families including technical and administrative
  • Interview control owners to validate implementation statements in SSPs
  • Perform evidence-based testing, including logs, configurations, and artifacts
  • Write Security Assessment Reports (SAR) detailing findings and risk ratings
  • Build POA&M entries associated with identified control deficiencies

Benefits

  • Direct involvement in decision-making as the company grows
  • Clear opportunities for career progression
  • Autonomy to make a tangible impact from the start
  • A lean organizational structure that prioritizes results over bureaucracy
Full Job Description
We're hiring Senior NIST 800-53A Security Control Assessors for multiple federal assessment projects kicking off between This is NOT a general GRC or compliance role. We are specifically looking for professionals who have hands-on experience executing full NIST 800-53A assessments, not just mapping controls or supporting audits. What you'll actually be doing: • Developing Security Assessment Plans (SAP) with defined testing procedures (Inspect / Interview / Test) • Conducting control assessments across all control families (technical + administrative) • Interviewing control owners and validating implementation statements in SSPs • Performing evidence-based testing (logs, configurations, artifacts) • Writing Security Assessment Reports (SAR) with formal findings and risk ratings • Building POA&M entries tied to identified control deficiencies 🚫 Not a fit if your experience is limited to SOC 2, ISO 27001, or third-party risk management without hands-on 800-53A assessment execution. Requirements What we're looking for: • 5+ years of direct experience performing NIST 800-53A assessments • Proven ownership of SAP and SAR deliverables • Strong experience designing and executing control testing procedures • Background in RMF, FedRAMP, FISMA, or CMS ARS frameworks • Ability to independently validate controls beyond documentation review Nice to have: • Experience with CMS ARS / ARC-AMPE baseline • Strong Excel-based evidence mapping and tracking Benefits As a lean, growing firm, we prioritize results over red tape, offering you a direct seat at the table and a clear path for career progression as we scale. You won't be just a number here; you'll have the autonomy to make a visible impact on the business from day one.

Similar Jobs

More Jobs at Velero

More Information Technology Jobs

Find similar Security Control Assessor (NIST 800-53) jobs: