Senior Security Advisor – Lead Control Assessor

Senior Security Advisor – Lead Control Assessor

Established in 2014 and based in Charleston, South Carolina, Soteria's expertise in the cybersecurity domain is predicated upon the accumulated practical experience across all team members. Soteria's security professionals have held leading positions in private industries, state governments, and federal intelligence communities.

Driven by this combined pool of knowledge as well as the belief that “Security is for Everyone,” Soteria offers advisory services and solutions which are significantly differentiated from the security status quo. Soteria treats each client as a unique case deserving of individualized security insights and specialized hands‑on assistance.

The Senior Security Advisor – Lead Control Assessor serves as both a hands‑on assessor and engagement lead for structured cybersecurity control assessments. This role is responsible for executing cybersecurity control testing, while also leading assessment planning, supervising assessors, and ensuring consistent, defensible application of assessment methodologies across a defined set of key security controls.

This position is ideal for an experienced assessor who combines strong technical judgment with leadership capability, thrives in repeatable, large‑scale assessment programs, and understands the importance of standardization, comparability, and audit rigor. The role emphasizes disciplined execution and quality oversight rather than bespoke advisory consulting.

Core Responsibilities:

• Lead and execute cybersecurity control assessments against a defined subset of key controls aligned to established frameworks (NIST SP 800-53 Rev.
  5).
• Assess control implementation status using standardized criteria and validation methodologies. (NIST SP 800-53A Rev.
  5).
• Test information systems using documentation review, system walk‑throughs, and stakeholder interviews to assess the design and operating effectiveness of NIST SP 800-53 Rev. 5 security controls.
• Apply consistent judgment to determine evidence sufficiency and appropriateness.
• Lead planning, kickoff, execution coordination, and closeout activities for assigned assessment engagements.
• Coordinate assessment activities and task assignments across Control Assessors to meet delivery timelines.
• Serve as the primary point of contact for client stakeholders during assessment engagements.
• Review and approve assessment narratives, findings, and control determinations prior to quality assurance submission.
• Ensure assessments are executed consistently across multiple clients to support trend analysis and benchmarking.
• Enforce adherence to defined assessment methodologies, scope boundaries, and validation standards.
• Support quality assurance reviews by addressing feedback and ensuring accuracy, clarity, and consistency of deliverables.
• Lead and participate in client interviews, system walkthroughs, and working sessions in a professional, structured manner.
• Clearly communicate assessment scope, expectations, and evidence requirements to stakeholders.
• Present assessment results, key findings, and risk implications to executive leadership and board‑level stakeholders in a clear, concise, and professional manner.
• Mentor and guide Control Assessors on assessment techniques, documentation standards, and professional judgment.
• Escalate risks, issues, or control interpretation questions to program leadership as appropriate.

Technologies and Platforms we use:

• GSuite (Gmail, Docs, Sheets, Slides, Calendar)
• Microsoft 365 (Word, Excel, PowerPoint, Teams)
• Zoom
• Asana
• Slack

Education and Experience Requirements:

• 7+ years of industry experience in cybersecurity, information security, IT audit, or risk and compliance.
• 2+ years of experience leading or performing cybersecurity control assessments or IT audits, with demonstrated responsibility for control testing and validation.
• Bachelor’s degree in Information Security, Information Systems, Computer Science, or a related field, or equivalent professional experience.
• Relevant professional certifications such as CISSP, CISM, CISA, CRISC
  , or equivalent strongly preferred.
• Proven experience testing and evaluating security controls aligned to NIST SP 800-53 Rev. 5 and applying assessment procedures consistent with NIST SP 800-53A Rev. 5.
• Experience executing repeatable, methodology‑driven assessment programs across multiple organizations or systems.
• Strong written and verbal communication skills, including experience presenting assessment results to executive and board‑level audiences.
• Maintains confidentiality and professionalism with sensitive client information.

Physical Requirements:

• Prolonged periods of being at a desk and working on a computer.

Travel Requirements:

• This role is primarily remote; however, periodic travel to client sites is required based on client needs.

Hours of Operation:

• Soteria is a remote workforce with flexibility in scheduling. The majority of work time will be 9:00 AM EST to 5:00 PM EST.