Cybersecurity Compliance Auditor / Security Control Assessor (SCA)

About The Position

Requirements

• Hold a Bachelor’s degree in Information Systems, Computer Science, Cybersecurity, or a related field (or equivalent experience).
• Have at least 5 years of cybersecurity experience, including involvement in RMF, Certification & Accreditation (C&A), or Assessment & Authorization (A&A) processes.
• Have experience performing or supporting Security Control Assessments or independent validation of security controls.
• Have experience in three or more of the following areas: Network, endpoint, and application security; Identity and access management; Vulnerability and configuration management; Encryption and data protection technologies; Incident response and monitoring.
• Hold a relevant certification such as CISA, GSNA, CASP+ CE, CISSP, CISM or DoD 8570/8140 IAT/IAM Level II/III equivalent.
• Have experience applying cybersecurity standards such as: NISPOM, DAAG/DAAPM, JSIG, NIST SP 800-53 / RMF.
• Demonstrate strong technical understanding of operating systems, networking, virtualization, AI/ML, and cloud environments.
• Possess strong written and verbal communication skills, with the ability to clearly document and communicate risk.
• Hold an active Secret clearance with the ability to obtain a Top-Secret clearance. If selected, you will be subject to a government security clearance investigation and must meet the requirements for access to classified information. Eligibility requirements include U.S. citizenship.

Nice To Haves

• Have direct experience functioning as a Security Control Assessor (SCA) in DoD or IC environments.
• Have served in roles such as ISSO, ISSM, ISSE, Security Engineer, or Cyber Risk Analyst.
• Possess deep expertise in RMF, NIST SP 800-37, NIST SP 800-53, and CNSSI 1253.
• Have supported DCSA, DoD, or IC inspections and understand external assessment expectations.
• Experience with GRC/RMF Tools such as eMASS, ServiceNow (SNOW), XACTA.
• Have 8+ years of cybersecurity experience in classified environments.
• Are familiar with JHU/APL systems, processes, and mission areas.
• Hold an active TS/SCI (or TS/SCI with polygraph).

Responsibilities

• Planning, conducting, and performing independent security control assessments of classified systems in accordance with Risk Management Framework (RMF), Joint Special Access Program (SAP) Implementation Guide (JSIG), and applicable DoD/IC standards.
• Evaluate the implementation and effectiveness of security controls across a wide range of technologies and environments.
• Conduct risk-based assessments to determine system compliance and identify vulnerabilities, control gaps, and areas for process improvement.
• Analyze system documentation, test results, and artifacts to validate control implementation and authorization readiness.
• Develop clear, concise, and defensible assessment reports, including findings, risk determinations, corrective actions, and recommendations to address identified vulnerabilities.
• Collaborate with Program Managers/System Owners, ISSMs, ISSOs, system engineers/administrators, and program teams to resolve findings and improve security posture.
• Support internal security reviews and external inspections (e.g., DCSA, DoD, IC), ensuring systems are prepared for independent evaluation and compliance inspections.
• Interpret and apply cybersecurity policies and frameworks, including RMF, NISPOM, DAAG/DAAPM, and JSIG.
• Evaluate the effectiveness and implementation of Continuous Monitoring Plans.
• Contribute to the continuous improvement of assessment methodologies, tools, and processes.

Benefits

• robust education assistance program
• unparalleled retirement contributions
• healthy work/life balance
• retirement plans
• paid time off
• medical
• dental
• vision
• life insurance
• short-term disability
• long-term disability
• flexible spending accounts
• education assistance
• training and development
• sign-on bonus
• relocation benefits
• locality allowance
• discretionary payments for exceptional performance