Enterprise Cybersecurity GRC Security Controls Assessor

Booz Allen HamiltonMcLean, VA
$77,600 - $176,000Remote

About The Position

Enterprise Cybersecurity (ECS) Governance, Risk, and Compliance (GRC) plays a pivotal role in safeguarding the organization's sensitive information and ensuring compliance with stringent cybersecurity regulations and guidance. As the Security Controls Assessor, you will support the GRC team responsible for the assessment and management of compliance and regulatory requirements with key stakeholders. You will work closely on Booz Allen’s internal information systems and environments assessing their compliance with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 security controls and Cybersecurity Maturity Model Certification (CMMC) requirements. You will review technical and environmental details to assess the entire threat landscape and provide a hands-on approach with accountability for assessing and managing compliance and regulatory requirements with key stakeholders. Due to the nature of work performed within this facility, U.S. citizenship is required.

Requirements

  • 8+ years of experience in cybersecurity roles such as Security Control Assessor (SCA), System Steward, Information System Owner (ISO), Controls Validator, Information System Security Officer (ISSO), Information System Security Engineer (ISSE), or Information Systems Security Manager (ISSM)
  • Experience performing in-depth assessments of cybersecurity controls, artifacts, and scanning results to evaluate effectiveness and ensure continuous compliance, and evaluating and advising on technical security implementations
  • Experience partnering with IT, operations, and delivery teams to provide expert guidance, drive GRC initiatives, and foster a culture of security awareness
  • Experience using automation and AI-driven tools to streamline control assessments, enhance evidence collection, and accelerate compliance validation activities
  • Experience with the Department of Defense (DoD), Federal Information Security Modernization Act (FISMA) FedRAMP, NIST, Risk Management Framework (RMF), DevSecOps principles, and Infrastructure-as-Code (IAC), and leveraging it for security controls, assessments, and risk mitigation into specific, actionable technical tasks for IL5 environments
  • Knowledge of network defense tools
  • Knowledge of security control alignment and assessment against NIST SP 800-53 rev. 4 and rev. 5, NIST SP 800-171 rev. 2 and rev. 3, the Federal Risk and Authorization Management Program (FedRAMP), CMMC, or System and Organization Controls (SOC) 2 Type II
  • Ability to manage the full risk lifecycle, from identification of vulnerabilities to implementation of mitigation strategies and final closure, using both qualitative and quantitative frameworks
  • Ability to develop and communicate technical and non-technical metrics regarding compliance trends and vulnerability management across various business lines
  • HS diploma or GED
  • U.S. citizenship is required

Nice To Haves

  • Experience identifying problems, determining pragmatic solutions, identifying and obtaining needed resources, and executing with little supervision
  • Ability to quickly comprehend complex problems, draw logical conclusions, make sound decisions, develop solutions, and negotiate and respond accordingly to drive closure
  • Ability to communicate and collaborate effectively to engage and interact with senior and executive management
  • Possession of excellent analytical and problem-solving skills

Responsibilities

  • Support the GRC team responsible for the assessment and management of compliance and regulatory requirements with key stakeholders.
  • Work closely on Booz Allen’s internal information systems and environments assessing their compliance with NIST SP 800-171 security controls and CMMC requirements.
  • Review technical and environmental details to assess the entire threat landscape.
  • Provide a hands-on approach with accountability for assessing and managing compliance and regulatory requirements with key stakeholders.
  • Perform in-depth assessments of cybersecurity controls, artifacts, and scanning results to evaluate effectiveness and ensure continuous compliance.
  • Evaluate and advise on technical security implementations.
  • Partner with IT, operations, and delivery teams to provide expert guidance, drive GRC initiatives, and foster a culture of security awareness.
  • Use automation and AI-driven tools to streamline control assessments, enhance evidence collection, and accelerate compliance validation activities.
  • Manage the full risk lifecycle, from identification of vulnerabilities to implementation of mitigation strategies and final closure, using both qualitative and quantitative frameworks.
  • Develop and communicate technical and non-technical metrics regarding compliance trends and vulnerability management across various business lines.

Benefits

  • health, life, disability, financial, and retirement benefits
  • paid leave
  • professional development
  • tuition assistance
  • work-life programs
  • dependent care
  • recognition awards program
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service