diff --git a/operator/controllers/execution/scan_controller.go b/operator/controllers/execution/scan_controller.go
index c15e7cdb..9af4e47b 100644
--- a/operator/controllers/execution/scan_controller.go
+++ b/operator/controllers/execution/scan_controller.go
@@ -711,22 +711,22 @@ func (r *ScanReconciler) startReadOnlyHooks(scan *executionv1.Scan) error {
 		return nil
 	}
 
-	rules := []rbacv1.PolicyRule{
-		{
-			APIGroups: []string{"execution.experimental.securecodebox.io"},
-			Resources: []string{"scans"},
-			Verbs:     []string{"get", "create", "list"},
-		},
+	// Get all read-only-hooks for scan to later check that they weren't already created
+	jobs, err := r.getJobsForScan(scan, client.MatchingLabels{
+		"experimental.securecodebox.io/job-type": "read-only-hook",
+	})
+	if err != nil {
+		return err
 	}
-	serviceAccountName := "scan-completion-hook"
-	r.ensureServiceAccountExists(
-		scan.Namespace,
-		serviceAccountName,
-		"ScanCompletionHooks need to access the current scan to view where its results are stored",
-		rules,
-	)
 
 	for _, hook := range readOnlyHooks {
+		// Check if hook was already executed
+		if containsJobForHook(jobs, hook) == true {
+			r.Log.V(4).Info("Skipping creation of job for hook '%s' as it already exists", hook.Name)
+			// Job was already created
+			continue
+		}
+
 		rawFileURL, err := r.PresignedGetURL(scan.UID, scan.Status.RawResultFile)
 		if err != nil {
 			return err
@@ -758,6 +758,20 @@ func (r *ScanReconciler) startReadOnlyHooks(scan *executionv1.Scan) error {
 	return nil
 }
 
+func containsJobForHook(jobs *batch.JobList, hook executionv1.ScanCompletionHook) bool {
+	if len(jobs.Items) == 0 {
+		return false
+	}
+
+	for _, job := range jobs.Items {
+		if job.ObjectMeta.Labels["experimental.securecodebox.io/hook-name"] == hook.Name {
+			return true
+		}
+	}
+
+	return false
+}
+
 func (r *ScanReconciler) checkIfReadOnlyHookIsCompleted(scan *executionv1.Scan) error {
 	ctx := context.Background()
 	readOnlyHookCompletion, err := r.checkIfJobIsCompleted(scan, client.MatchingLabels{"experimental.securecodebox.io/job-type": "read-only-hook"})
@@ -1135,6 +1149,18 @@ func (r *ScanReconciler) executeReadAndWriteHooks(scan *executionv1.Scan) error
 			return err
 		}
 
+		jobs, err := r.getJobsForScan(scan, client.MatchingLabels{
+			"experimental.securecodebox.io/job-type":  "read-and-write-hook",
+			"experimental.securecodebox.io/hook-name": nonCompletedHook.HookName,
+		})
+		if err != nil {
+			return err
+		}
+		if len(jobs.Items) > 0 {
+			// Job already exists
+			return nil
+		}
+
 		jobName, err := r.createJobForHook(
 			&hook,
 			scan,