Security Control Assessor

Northern Technologies Group, Inc.Washington, VA
Onsite

About The Position

Northern Technologies Group (NTG) is seeking an experienced Security Control Assessor to provide expert-level support to the Department of Defense (DoD) Chief Information Officer’s SAP IT Cybersecurity program. This role delivers technical and managerial leadership across RMF activities, system accreditation, and enterprise-wide cyber compliance. The Security Control Assessor will serve as a trusted cybersecurity advisor, managing high-impact assessments and helping to ensure secure operations across highly classified SAP environments.

Requirements

  • Master’s degree in cybersecurity or a related technical field (Or equivalent combination: e.g., Bachelor’s + 2 years, or High School + 6 years of additional experience)
  • Minimum of 12 years of relevant cybersecurity experience, including leadership in RMF/A&A efforts.
  • Active TS/SCI with eligibility for SAP access
  • Must hold a cybersecurity certification at IAT Level III or IAM Level III (e.g., CISSP, CISM, CASP+)

Responsibilities

  • Lead Risk Management Framework (RMF) activities, including the development, review, and validation of: System Security Plans (SSPs), Security Assessment Plans (SAPs), Plan of Action and Milestones (POA&Ms), Security Assessment Reports (SARs), Security Control Traceability Matrices (SCTMs).
  • Act as an advisor to the Authorizing Official (AO), providing SME input to support Authorization to Operate (ATO) decisions.
  • Perform system security assessments, documentation reviews, and artifact evaluations in eMASS or equivalent tools.
  • Validate control inheritance and implementation across hybrid, cloud, AI/ML-enabled, or cross-domain architectures.
  • Provide technical guidance to system owners, ISSMs, SCAs, and program staff to maintain compliance with DoD cybersecurity mandates.
  • Assist in development and standardization of SOPs, cybersecurity scorecards, and dashboards.
  • Support cybersecurity incident response documentation and post-event reporting in classified environments.
  • Participate in enterprise-wide security initiatives, policy updates (e.g., JSIG revisions), and threat awareness activities.
  • Serve as eMASS administrator: manage accounts, permissions, workflows, and enterprise-level metrics reporting.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service