Cyber Security Controls Assessor

Job Title:
Cyber Security Controls Assessor

Location:
Oakland, CA (Hybrid – 1–3 days onsite per week;)

Employment Type: 12+ Months Contract

Start Date: ASAP

We are seeking a detail-oriented Cyber Security Controls Assessor to support enterprise-wide IT General Computer Controls (GCC) assessments. This role is responsible for evaluating IT systems, business processes, and security controls to ensure compliance with regulatory standards, internal policies, and industry best practices.

This is a hybrid role requiring candidates to be located in the Bay Area, with expected onsite presence approximately once per month (subject to adjustment as needed).

• Deep understanding of security frameworks
• Strong IT assessment and control testing experience
• Highly detail-oriented

Client laptop will be provided. If there is any delay, the supplier must provide a laptop and enable secure access via Citrix until a client device is available.

• Perform multi-platform assessments across applications, databases, operating systems, middleware, monitoring tools, and business processes.
• Execute control testing based on predefined test plans and objectives.
• Collect, review, and interpret evidence to validate control effectiveness.
• Perform re-testing of remediated controls.
• Execute and report on IT compliance assessments aligned with standards such as NIST SP800-53, NIST SP800-115, and NERC CIP.
• Identify control gaps, vulnerabilities, and deficiencies.
• Assess risks related to control failures and recommend mitigating controls.
• Partner with control owners to develop sustainable remediation plans.
• Review and interpret IT policies, procedures, and standards to identify risk mitigation opportunities.
• Ensure control documentation accurately reflects the current control environment.
• Support Compliance leadership as needed.

Education
:
Bachelor’s degree in Computer Science, Business, or related field (or equivalent experience).

Experience
:

• Minimum 3 years of general IT experience.
• Experience in IT security, IT audit, or IT risk management.
• Hands‑on experience with IT compliance or control testing.
• Ability to manage multiple projects with competing priorities.

• CISA (Certified Information Systems Auditor)
• CRISC (Certified in Risk and Information Systems Control)
• CIA (Certified Internal Auditor)
• CISSP (Certified Information Systems Security Professional)

• Utility industry experience
• Experience with SOX ITGC testing
• Experience working with NIST SP800-53 control framework

• CEH
• ITIL
• MCP / MCSE
• CCNP
• CISM
• PMP

• Strong understanding of General Computer Controls (GCCs)
• Knowledge of IT governance and control frameworks (e.g., COBIT, ITIL)
• Familiarity with regulatory standards (SOX, NERC CIP)
• Understanding of application, database, network, and system security
• Strong analytical and problem‑solving skills
• Excellent written and verbal communication skills
• Strong documentation and reporting abilities
• Ability to work independently in a fast‑paced environment