Velero logo

Security Control Assessor (NIST 800-53)

Velero Tampa, Florida, United States


No Relocation

Posted: May 5, 2026

Job Description

We’re hiring Senior NIST 800-53A Security Control Assessors for multiple federal assessment projects kicking off between

⚠️ This is NOT a general GRC or compliance role.

We are specifically looking for professionals who have hands-on experience executing full NIST 800-53A assessments, not just mapping controls or supporting audits.

What you’ll actually be doing:

• Developing Security Assessment Plans (SAP) with defined testing procedures (Inspect / Interview / Test)

• Conducting control assessments across all control families (technical + administrative)

• Interviewing control owners and validating implementation statements in SSPs

• Performing evidence-based testing (logs, configurations, artifacts)

• Writing Security Assessment Reports (SAR) with formal findings and risk ratings

• Building POA&M entries tied to identified control deficiencies

🚫 Not a fit if your experience is limited to SOC 2, ISO 27001, or third-party risk management without hands-on 800-53A assessment execution.

We’re hiring Senior NIST 800-53A Security Control Assessors for multiple federal assessment projects kicking off between ⚠️ This is NOT a general GRC or compliance role.We are specifically looking for professionals who have hands-on experience executing...

What we’re looking for:

• 5+ years of direct experience performing NIST 800-53A assessments

• Proven ownership of SAP and SAR deliverables

• Strong experience designing and executing control testing procedures

• Background in RMF, FedRAMP, FISMA, or CMS ARS frameworks

• Ability to independently validate controls beyond documentation review

Nice to have:

• Experience with CMS ARS / ARC-AMPE baseline

• Strong Excel-based evidence mapping and tracking

Additional Content

We’re hiring Senior NIST 800-53A Security Control Assessors for multiple federal assessment projects kicking off between

⚠️ This is NOT a general GRC or compliance role.

We are specifically looking for professionals who have hands-on experience executing full NIST 800-53A assessments, not just mapping controls or supporting audits.

What you’ll actually be doing:

• Developing Security Assessment Plans (SAP) with defined testing procedures (Inspect / Interview / Test)

• Conducting control assessments across all control families (technical + administrative)

• Interviewing control owners and validating implementation statements in SSPs

• Performing evidence-based testing (logs, configurations, artifacts)

• Writing Security Assessment Reports (SAR) with formal findings and risk ratings

• Building POA&M entries tied to identified control deficiencies

🚫 Not a fit if your experience is limited to SOC 2, ISO 27001, or third-party risk management without hands-on 800-53A assessment execution.

We’re hiring Senior NIST 800-53A Security Control Assessors for multiple federal assessment projects kicking off between ⚠️ This is NOT a general GRC or compliance role.We are specifically looking for professionals who have hands-on experience executing...

What we’re looking for:

• 5+ years of direct experience performing NIST 800-53A assessments

• Proven ownership of SAP and SAR deliverables

• Strong experience designing and executing control testing procedures

• Background in RMF, FedRAMP, FISMA, or CMS ARS frameworks

• Ability to independently validate controls beyond documentation review

Nice to have:

• Experience with CMS ARS / ARC-AMPE baseline

• Strong Excel-based evidence mapping and tracking