Cyber Security Controls Assessor

Overview

Job Title:

Cyber Security Controls Assessor - Career

Location:

Oakland, CA (Hybrid)
Duration:
April 13, 2026 – April 12, 2027

• Perform multi-platform (application, database, operating system, middleware, monitoring tools, and business processes) level assessments based on predefined test objectives and test plans.
• Perform retest of controls that have been remediated or updated as a result of previously identified deficiencies.
• Obtain, review, and interpret evidence provided to validate controls are performed effectively.
• Execute and report on results of IT Compliance assessments in accordance with industry best practices and established regulatory standards and requirements (e.g., NIST SP800-53, SP800-115, SOX, NERC CIP).
• Obtain, review, and interpret organizational IT policies, standards and procedures to identify control points that would assist in mitigating risk to the business.
• Review test results or interpret evidences to address vulnerabilities, gaps, or control deficiencies; work with stakeholders to establish plans for sustainable resolution.
• Identify risks associated with control failures and supports the identification of mitigating controls.
• Partner with control owners to ensure control documentation is updated periodically to reflect current control environment.
• Perform other tasks as necessary to ensure that the Compliance meets its commitments to customers.
• Support the Compliance Sr. Manager/Manager as needed.

• Minimum
  
  Education Required:
  
  BA/BS in Computer Science, Business, or equivalent experience.
• Minimum On-the-Job
  
  Experience:
  
  Minimum of 3 years of general IT experience, including IT security or IT risk management experience.
• Experience using Excel worksheets, workbooks, and formulas.
• Experience managing multiple projects with conflicting priorities.

• Utility Industry Experience
• Big 4 experience
• Demonstrated experience with Sarbanes Oxley or National Institute of Standards and Technology (NIST) SP800-53 security controls catalog.

• Minimum Required License / Certification:
  At least one existing certification from the following list, which must be currently maintained and valid: CCNA; CISA; CRISC; CIA; CISSP.
• Desired License / Certification:
  One or more current and valid certifications directly applicable or complementary to the role and area of expertise, including those listed above, as well as CEH, ITIL, MCP/MCSE, CCNA/CCNP, CISM, PMP.

• Strong oral and written communication skills
• Strong analytical skills
• Understanding of application, database, network and systems security
• Understanding of general computing controls (GCCs)
• Able to identify complex control gaps
• Understanding of generally applicable and accepted auditing standards and framework (e.g. COBIT) and best practices for IT services management (e.g., ITIL), regulatory standards and requirements (e.g. Sarbanes Oxley Act, NERC/CIP)
• Excellent planning, organizational, and project management skills
• Able to multi-task projects or assessments
• Ability to work with minimal supervision in a fast-paced environment
• Detail oriented