This is a remote position.
Position Summary We are seeking an experienced Security Control Assessor (SCA) to support cybersecurity assessments for state agencies. The assessor will evaluate compliance against 108 cybersecurity controls aligned to NIST CSF 2.0 and perform effectiveness testing on approximately 40 selected controls.
The ideal candidate has strong experience conducting cybersecurity assessments, evaluating security governance and technical safeguards, and documenting findings and recommendations in accordance with NIST cybersecurity standards.
Key Responsibilities
• Conduct cybersecurity control assessments using 108 NIST CSF 2.0–aligned controls
• Perform effectiveness testing for ~40 administrative, technical, and operational controls
• Review policies, procedures, configurations, evidence artifacts, and operational practices
• Conduct interviews and walkthroughs with agency personnel
• Identify gaps, weaknesses, and remediation needs
• Evaluate maturity and operational effectiveness of cybersecurity controls
• Prepare findings reports, risk observations, and remediation recommendations
• Maintain detailed assessment evidence and workpapers
• Support risk discussions and provide cybersecurity best-practice guidance
• Participate in meetings with project leadership and stakeholders
• Ensure assessments follow consistent, objective, and standardized methodologies
Deliverables
• Control assessment worksheets
• Evidence review documentation
• Effectiveness testing results
• Risk and gap findings
• Remediation recommendations
• Executive and technical assessment reports
Work Location Remote, with potential onsite visits to Florida state agency locations.
Background Requirements Candidates must pass a state background investigation.
Requirements
Required Qualifications
• Bachelor’s degree in Cybersecurity, IT, Information Assurance, or related field
• Minimum 3 years conducting cybersecurity or information security assessments
• Experience with: – NIST CSF 2.0 – NIST SP 800-171 or 800-53 – Security control assessments and testing – Risk assessments and compliance evaluations
• Strong understanding of: – Governance and policy review – Identity and access management – Vulnerability management – Incident response – Logging and monitoring
• Excellent written and verbal communication skills
• Strong documentation and reporting abilities
• Ability to analyze technical and non-technical cybersecurity evidence
Preferred Qualifications
• Experience supporting state government or public sector agencies
• Certifications: CISSP, CISA, CISM, CAP, Security+
• Experience with frameworks: NIST CSF, SP 800-171, SP 800-53, CJIS, SOC 2
Benefits
• Remote work
• Opportunity to support statewide cybersecurity initiatives
• Professional development and growth opportunities
• Collaborative and mission-driven environment