Security Control Assessor (SCA)

Job description

We are seeking an experienced Security Control Assessor to support the assessment, validation, and authorization of DoD information systems. This role requires a strong background in the Risk Management Framework (RMF) process, security control assessment, and cybersecurity compliance. The ideal candidate will be skilled in evaluating how security controls are implemented, measuring their resilience and reliability, and determining how changes in operational or environmental conditions may affect system security. Key Responsibilities: Conduct in-depth security control assessments for DoD information systems in accordance with NIST SP 800-53, NIST SP 800-37, DoD RMF, and JSIG requirements. Communicate government-approved mitigation and remediation guidance to system owners in support of the RMF process. Assess and validate the implementation of security controls, including how they support system resilience, reliability, and overall cybersecurity posture. Apply and interpret the Confidentiality, Integrity, and Availability (CIA) triad and related categorization impact levels (High, Moderate, Low) for assigned systems and programs. Validate inherited security controls from hosted, in...