Security Control Assessor

Job#: 2082695

Job Description:

Overview

We are seeking a highly experienced Security Control Assessor (SCA) to provide expert-level cybersecurity assessment, compliance, and risk management support across the DoD SAP IT enterprise. This role is critical in guiding programs through the Risk Management Framework (RMF), validating security controls, and ensuring enterprise-wide adherence to DoD cybersecurity policies. The ideal candidate will bring deep technical knowledge, strong analytical skills, and a proactive approach to cybersecurity governance and continuous monitoring.

Key Responsibilities

As a Security Control Assessor, you will:

• Provide SME-level support for evaluating cybersecurity implementations across SAP IT systems, including cloud, hybrid, AI/ML, and robotic processing environments.
• Conduct independent validation of RMF documentation and security controls using eMASS or equivalent tools.
• Review and assess artifacts such as the Security Assessment Plan (SAP), Security Control Traceability Matrix (SCTM), Risk Assessment Report (RAR), and Plan of Action and Milestones (POAM).
• Guide programs through all phases of the RMF process, from system initiation to retirement.
• Validate inherited controls, assess categorization impact levels (High, Moderate, Low), and ensure proper application of the cybersecurity triad (Confidentiality, Integrity, Availability).
• Review security test procedures, STIG checklists, and IV&V results to determine control effectiveness.
• Evaluate system boundary controls, interconnection security, and adherence to DoD and federal cybersecurity policies.
• Validate program-reported controls, including Organizational Defined Values (ODVs) and "Non-Applicable" designations.
• Ensure proper handling of Ports, Protocols, and Services (PP&S) and log file management.
• Serve as the SAP IT eMASS administrator, managing access control, user groups, and system configurations.
• Upload and manage RMF artifacts, adjust workflows, and track POAM remediation progress.
• Provide eMASS-derived enterprise metrics and maintain oversight of continuous monitoring (CONMON) activities.
• Support the development of a DoD SAP IT cybersecurity compliance and verification program.
• Create and maintain cybersecurity scorecards, weekly compliance reports, and dashboards.
• Collaborate with Cyber Command and other threat intelligence entities to analyze and communicate cyber directives.
• Develop and maintain SOPs, templates, and process documentation to support SAP IT cyber compliance.
• Draft revisions to key policy documents such as the Joint Security Implementation Guide (JSIG).
• Document key meetings, working groups, and security events to ensure transparency and coordination.

Qualifications

Required:

• Bachelor's degree in Cybersecurity, Information Assurance, Computer Science, or a related field.
• 10+ years of experience in cybersecurity assessment, RMF, or compliance within a DoD environment.
• Deep understanding of RMF, NIST SP 800-53, DoDI 8500.01, and eMASS.
• Experience reviewing and validating A&A artifacts and security documentation.
• Strong knowledge of cybersecurity testing, STIGs, and continuous monitoring practices.

Preferred:

• Master's degree or advanced certification (e.g., CISSP, CAP, CISM).
• Active DoD security clearance.
• Experience supporting SAP IT or similar enterprise systems.
• Familiarity with cybersecurity scorecarding, compliance reporting, and enterprise-level coordination.

EEO Employer

Apex Systems is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at or .

Apex Systems is a world-class IT services company that serves thousands of clients across the globe. When you join Apex, you become part of a team that values innovation, collaboration, and continuous learning. We offer quality career resources, training, certifications, development opportunities, and a comprehensive benefits package. Our commitment to excellence is reflected in many awards, including ClearlyRated's Best of Staffing in Talent Satisfaction in the United States and Great Place to Work in the United Kingdom and Mexico.

Apex Benefits Overview: Apex offers a range of supplemental benefits, including medical, dental, vision, life, disability, and other insurance plans that offer an optional layer of financial protection. We offer an ESPP (employee stock purchase program) and a 401K program which allows you to contribute typically within 30 days of starting, with a company match after 12 months of tenure. Apex also offers a HSA (Health Savings Account on the HDHP plan), a SupportLinc Employee Assistance Program (EAP) with up to 8 free counseling sessions, a corporate discount savings program and other discounts. In terms of professional development, Apex hosts an on-demand training program, provides access to certification prep and a library of technical and leadership courses/books/seminars once you have 6+ months of tenure, and certification discounts and other perks to associations that include CompTIA and IIBA. Apex has a dedicated customer service team for our Consultants that can address questions around benefits and other resources, as well as a certified Career Coach. You can access a full list of our benefits, programs, support teams and resources within our 'Welcome Packet' as well, which an Apex team member can provide.