Cyber Security Controls Assessor

Overview

Swoon is partnering with a leading utilities organization seeking an experienced IT Controls / Cyber Security Controls Assessor to support enterprise-wide control assessments and regulatory compliance initiatives. This role will focus on evaluating IT General Controls (ITGCs), security frameworks, and compliance processes across multiple platforms and systems.

This is a 12-month contract opportunity offering hybrid flexibility within the Bay Area.

• Perform IT General Controls (ITGC) testing and security control assessments across applications, databases, operating systems, and cloud environments
• Execute risk-based assessments aligned with frameworks such as NIST 800-53, SOX, COBIT, and other regulatory standards
• Conduct walkthroughs, review evidence, and evaluate control design and operating effectiveness
• Identify control gaps, assess risk impact, and provide actionable remediation recommendations
• Partner with control owners and cross-functional stakeholders to validate findings and track remediation efforts
• Support internal and external audit activities
• Assist in maintaining updated control documentation, narratives, and risk control matrices (RCMs)

• 3+ years of experience in IT Audit, IT Risk, IT Compliance, or Cyber Security Controls
• Hands-on experience performing ITGC testing and control assessments
• Strong understanding of security and compliance frameworks (NIST, SOX, COBIT, etc.)
• Experience reviewing evidence and documenting findings
• Ability to manage multiple assessments simultaneously
• Strong analytical and communication skills
• Bachelor’s degree in Computer Science, Information Systems, Business, or related field (or equivalent experience)

• Experience in utilities, energy, or regulated industries
• Background in Big 4 or enterprise audit environments
• Professional certifications such as CISA, CISSP, CRISC, or CIA