diff --git a/helm-charts/falcon-self-hosted-registry-assessment/templates/job-controller-deployment.yaml b/helm-charts/falcon-self-hosted-registry-assessment/templates/job-controller-deployment.yaml
index 087fa1e5..7489f23a 100644
--- a/helm-charts/falcon-self-hosted-registry-assessment/templates/job-controller-deployment.yaml
+++ b/helm-charts/falcon-self-hosted-registry-assessment/templates/job-controller-deployment.yaml
@@ -18,6 +18,9 @@ spec:
       annotations:
         checksum/config: {{ include (print $.Template.BasePath "/job-controller-configmap.yaml") . | sha256sum }}
     spec:
+      {{ if .Values.jobController.serviceAccount.create }}
+      serviceAccountName: {{ include "ra-self-hosted-job-controller.fullname" . }}
+      {{- end }}
       securityContext:
 {{ if .Values.jobController.podSecurityContext -}}
 {{ .Values.jobController.podSecurityContext | toYaml | indent 8 }}
diff --git a/helm-charts/falcon-self-hosted-registry-assessment/templates/job-controller-service-account.yaml b/helm-charts/falcon-self-hosted-registry-assessment/templates/job-controller-service-account.yaml
new file mode 100644
index 00000000..08734a22
--- /dev/null
+++ b/helm-charts/falcon-self-hosted-registry-assessment/templates/job-controller-service-account.yaml
@@ -0,0 +1,9 @@
+{{ if .Values.jobController.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "ra-self-hosted-job-controller.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "ra-self-hosted-job-controller.labels" . | nindent 4 }}
+{{- end }}
\ No newline at end of file
diff --git a/helm-charts/falcon-self-hosted-registry-assessment/values.yaml b/helm-charts/falcon-self-hosted-registry-assessment/values.yaml
index d388ee83..b32c07b8 100644
--- a/helm-charts/falcon-self-hosted-registry-assessment/values.yaml
+++ b/helm-charts/falcon-self-hosted-registry-assessment/values.yaml
@@ -138,6 +138,8 @@ executor:
 #      optional: false
 
 jobController:
+  serviceAccount:
+    create: false # true also deploys a Service Account for the job controller if it's required to have one by restrictions like Openshift Container Platform's Security Context Constraints
   storageEngine: "sqlite"  # sqlite or memory
   image:
     registry: