Senior Security Advisor – Lead Control Assessor

Soteria - Security Solutions & Advisory•Charleston, SC

3h•Remote

About The Position

The Senior Security Advisor – Lead Control Assessor serves as both a hands-on assessor and engagement lead for structured cybersecurity control assessments. This role is responsible for executing cybersecurity control testing, while also leading assessment planning, supervising assessors, and ensuring consistent, defensible application of assessment methodologies across a defined set of key security controls. This position is ideal for an experienced assessor who combines strong technical judgment with leadership capability, thrives in repeatable, large-scale assessment programs, and understands the importance of standardization, comparability, and audit rigor. The role emphasizes disciplined execution and quality oversight rather than bespoke advisory consulting.

Requirements

7+ years of industry experience in cybersecurity, information security, IT audit, or risk and compliance.
2+ years of experience leading or performing cybersecurity control assessments or IT audits, with demonstrated responsibility for control testing and validation.
Bachelor’s degree in Information Security, Information Systems, Computer Science, or a related field, or equivalent professional experience.
Proven experience testing and evaluating security controls aligned to NIST SP 800-53 Rev. 5 and applying assessment procedures consistent with NIST SP 800-53A Rev. 5.
Experience executing repeatable, methodology-driven assessment programs across multiple organizations or systems.
Strong written and verbal communication skills, including experience presenting assessment results to executive and board-level audiences.
Maintains confidentiality and professionalism with sensitive client information.
Prolonged periods of being at a desk and working on a computer.

Nice To Haves

Relevant professional certifications such as CISSP, CISM, CISA, CRISC, or equivalent strongly preferred.

Responsibilities

Lead and execute cybersecurity control assessments against a defined subset of key controls aligned to established frameworks (NIST SP 800-53 Rev. 5).
Assess control implementation status using standardized criteria and validation methodologies. (NIST SP 800-53A Rev. 5).
Test information systems using documentation review, system walk-throughs, and stakeholder interviews to assess the design and operating effectiveness of NIST SP 800-53 Rev. 5 security controls.
Apply consistent judgment to determine evidence sufficiency and appropriateness.
Lead planning, kickoff, execution coordination, and closeout activities for assigned assessment engagements.
Coordinate assessment activities and task assignments across Control Assessors to meet delivery timelines.
Serve as the primary point of contact for client stakeholders during assessment engagements.
Review and approve assessment narratives, findings, and control determinations prior to quality assurance submission.
Ensure assessments are executed consistently across multiple clients to support trend analysis and benchmarking.
Enforce adherence to defined assessment methodologies, scope boundaries, and validation standards.
Support quality assurance reviews by addressing feedback and ensuring accuracy, clarity, and consistency of deliverables.
Lead and participate in client interviews, system walkthroughs, and working sessions in a professional, structured manner.
Clearly communicate assessment scope, expectations, and evidence requirements to stakeholders.
Present assessment results, key findings, and risk implications to executive leadership and board-level stakeholders in a clear, concise, and professional manner.
Mentor and guide Control Assessors on assessment techniques, documentation standards, and professional judgment.
Escalate risks, issues, or control interpretation questions to program leadership as appropriate.