Security Control Assessor (SCA)

Job description

We are seeking a seasoned Security Control Assessor (SCA) to provide deep-dive security assessments of Department of Defense (DoD) information systems. This role plays a pivotal part in the Risk Management Framework (RMF) process, validating controls and ensuring compliance with DoD cybersecurity standards. Candidates must bring proven expertise in cybersecurity policy implementation, control evaluation, and Authorization to Operate (ATO) documentation. Primary Responsibilities: Conduct in-depth security control assessments in accordance with NIST SP 800-53, DoD RMF policies, and JSIG. Validate inherited controls and ensure accurate application of system-specific configurations, including Ports, Protocols, and Services (PP&S). Analyze the impact of confidentiality, integrity, and availability (CIA triad) as related to system categorization and control implementations. Communicate remediation strategies and government-approved mitigations to system owners. Lead the development and review of ATO documentation packages to ensure completeness and compliance. Collaborate with cross-functional teams to support risk evaluation, compliance efforts, and system accreditation readiness. Quali...