Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

Cybersecurity Compliance Auditor / Security Control Assessor (SCA)

$100k

Johns Hopkins University Applied Physics Lab

Cybersecurity Compliance Auditor / Security Control Reviewer (SCR)

Do you enjoy assessing complex systems and ensuring they meet the highest cybersecurity standards in support of national security, space exploration, and advanced technologies?

If so, we are looking for someone like you to join our team at APL.

Recognized as one of Computerworld's Top Places to Work in IT for seven consecutive years, APL is expanding its cybersecurity compliance and assessment capabilities.

We are seeking a Cybersecurity Compliance Auditor / Security Control Reviewer (SCR) to perform independent security control assessments across classified information systems to determine the overall effectiveness of the controls.

Our team is mission-driven—focused on securing systems that enable critical national security objectives. We operate in a collaborative, technically rigorous environment where your expertise directly impacts mission success.

As a Cybersecurity Compliance Auditor / Security Control Reviewer (SCR), you will:

  • Planning, conducting, and performing independent security control assessments of classified systems in accordance with Risk Management Framework (RMF), Joint Special Access Program (SAP) Implementation Guide (JSIG), and applicable DoD/IC standards.
  • Evaluate the implementation and effectiveness of security controls across a wide range of technologies and environments.
  • Conduct risk-based assessments to determine system compliance and identify vulnerabilities, control gaps, and areas for process improvement.
  • Analyze system documentation, test results, and artifacts to validate control implementation and authorization readiness.
  • Develop clear, concise, and defensible assessment reports, including findings, risk determinations, corrective actions, and recommendations to address identified vulnerabilities.
  • Collaborate with Program Managers/System Owners, ISSMs, ISSOs, system engineers/administrators, and program teams to resolve findings and improve security posture.
  • Support internal security reviews and external inspections (e.g., DCSA, DoD, IC), ensuring systems are prepared for independent evaluation and compliance inspections.
  • Interpret and apply cybersecurity policies and frameworks, including RMF, NISPOM, DAAG/DAAPM, and JSIG.
  • Evaluate the effectiveness and implementation of Continuous Monitoring Plans
  • Contribute to the continuous improvement of assessment methodologies, tools, and processes.

Qualifications

You meet our minimum qualifications for the job if you:

  • Hold a Bachelor's degree in Information Systems, Computer Science, Cybersecurity, or a related field (or equivalent experience).
  • Have at least 5 years of cybersecurity experience, including involvement in RMF, Certification & Accreditation (C&A), or Assessment & Authorization (A&A) processes.
  • Have experience performing or supporting Security Control Assessments or independent validation of security controls.
  • Have experience in three or more of the following areas:
    • Network, endpoint, and application security
    • Identity and access management
    • Vulnerability and configuration management
    • Encryption and data protection technologies
    • Incident response and monitoring
  • Hold a relevant certification such as CISA, GSNA, CASP+ CE, CISSP, CISM or DoD 8570/8140 IAT/IAM Level II/III equivalent.
  • Have experience applying cybersecurity standards such as:
    • NISPOM
    • DAAG/DAAPM
    • JSIG
    • NIST SP 800-53 / RMF
  • Demonstrate strong technical understanding of operating systems, networking, virtualization, AI/ML, and cloud environments.
  • Possess strong written and verbal communication skills, with the ability to clearly document and communicate risk.
  • Hold an active Secret clearance with the ability to obtain a Top-Secret clearance. If selected, you will be subject to a government security clearance investigation and must meet the requirements for access to classified information. Eligibility requirements include U.S. citizenship.

You'll go above and beyond our minimum requirements if you:

  • Have direct experience functioning as a Security Control Assessor (SCA) in DoD or IC environments.
  • Have served in roles such as ISSO, ISSM, ISSE, Security Engineer, or Cyber Risk Analyst.
  • Possess deep expertise in RMF, NIST SP 800-37, NIST SP 800-53, and CNSSI 1253.
  • Have supported DCSA, DoD, or IC inspections and understand external assessment expectations.
  • Experience with GRC/RMF Tools such as eMASS, ServiceNow (SNOW), XACTA
  • Have 8+ years of cybersecurity experience in classified environments.
  • Are familiar with JHU/APL systems, processes, and mission areas.
  • Hold an active TS/SCI (or TS/SCI with polygraph).

Why Work at APL?

The Johns Hopkins University Applied Physics Laboratory (APL) brings world-class expertise to our nation's most critical defense, security, space and science challenges. While we are dedicated to solving complex challenges and pioneering new technologies, what makes us truly outstanding is our culture. We offer a vibrant, welcoming atmosphere where you can bring your authentic self to work, continue to grow, and build strong connections with inspiring teammates.

At APL, we celebrate our differences of perspectives and encourage creativity and bold, new ideas. Our employees enjoy generous benefits, including a robust education assistance program, unparalleled retirement contributions, and a healthy work/life balance. APL's campus is located in the Baltimore-Washington metro area. Learn more about our career opportunities at

All qualified applicants will receive consideration for employment without regard to race, creed, color, religion, sex, gender identity or expression, sexual orientation, national origin, age, physical or mental disability, genetic information, veteran status, occupation, marital or familial status, political opinion, personal appearance, or any other characteristic protected by applicable law. APL is committed to providing reasonable accommodation to individuals of all abilities, including those with disabilities. If you require a reasonable accommodation to participate in any part of the hiring process, please contact View email address on click.appcast.io.

The referenced pay range is based on JHU APL's good faith belief at the time of posting. Actual compensation may vary based on factors such as geographic location, work experience, market conditions, education/training and skill level with consideration for internal parity. For salaried employees scheduled to work less than 40 hours per week, annual salary will be prorated based on the number of hours worked. APL may offer bonuses or other forms of compensation per internal policy and/or contractual designation. Additional compensation may be provided in the form of a sign-on bonus, relocation benefits, locality allowance or discretionary payments for exceptional performance. APL provides eligible staff with a comprehensive benefits package including retirement plans, paid time off, medical, dental, vision, life insurance, short-term disability, long-term disability, flexible spending accounts, education assistance, and training and development. Applications are accepted on a rolling basis.

Minimum Rate $100,000 Annually

Maximum Rate $245,000 Annually

Vacancy posted 2 days ago
Similar jobs that could be interesting for youBased on the Cybersecurity Compliance Auditor / Security Control Assessor (SCA) in Laurel, MD vacancy
  •  ...Security Control Assessor (SCA) LOCATION Annapolis Junction, MD 20701...  ...standards of security and compliance. In this role, you will be...  ...Assessor, Information Security Auditor, Security Compliance...  ...Degree DEGREE (Focus) Cybersecurity, Information Technology,... 
    Suggested
    Temporary work
    For contractors
    Immediate start
    Flexible hours

    Cymertek

    Annapolis Junction, MD
    4 days ago
  • $100k - $245k

    Johns Hopkins Applied Physics Lab is looking for a Cybersecurity Compliance Auditor / Security Control Reviewer to assess security controls across classified systems. This role involves planning and conducting security assessments, developing reports, and collaborating... 
    Suggested

    Johns Hopkins Applied Physics Lab

    Laurel, MD
    4 days ago
  •  ...address the convergence of cybersecurity, intelligence, analytics, and...  ...you can build, innovate, and secure your career. Role...  ...and validation for security compliance of all information systems,...  ...Active Directory, firewalls, and controlled interfaces Benefits In addition... 
    Suggested
    Temporary work
    For contractors
    Work experience placement

    Sentar Inc.

    Columbia, MD
    4 days ago
  • Senior Security Controls Assessor (SCA) nDepth Security, LLC - Columbia, MD Responsibilities Conducting verification and validation for security compliance of all information systems, products, and components. Analyzing design specifications, design documentation, configuration... 
    Suggested
    Work experience placement

    nDepth Security, LLC

    Columbia, MD
    2 days ago
  • A technology firm is seeking a mid- to senior-level Security Control Assessor for conducting cybersecurity assessments across various sites. The position involves up to 85% travel and requires an active DoD Top Secret clearance and specific certifications. Candidates should... 
    Suggested

    Leidos Inc

    Odenton, MD
    2 days ago
  • A security consulting firm in Columbia, MD, is seeking a Senior Security Controls Assessor to conduct security compliance verification, perform vulnerability assessments, and analyze design specifications. Candidates should have significant experience in security engineering... 

    nDepth Security, LLC

    Columbia, MD
    2 days ago
  • $112.5k

     ...is seeking mid- to senior-level Security Control Assessors to join our SCA team. This position requires significant...  ...Key Responsibilities: Conduct cybersecurity assessments, audits, and...  ..., TTPs, STIGs, RMF controls, and compliance with DoD policies and guidelines.... 
    Daily paid
    Contract work
    Local area
    Immediate start
    Work from home

    Leidos

    Odenton, MD
    2 days ago
  •  ...SCI Other Requirements: U.S. Citizenship Senior Security Controls Assessor (SCA): The primary role of personnel in this position will be assessing the overall security compliance of the client's information systems. This will be accomplished through... 
    Work experience placement

    SW Complete

    Columbia, MD
    1 day ago
  •  ...Internal Auditor Conducts internal audits to determine compliance with federal regulations, policies/procedures, and sound business practices. Risks and controls will be evaluated to determine strengths and/or weaknesses in business processes and will be reported to... 
    Flexible hours

    MRINetwork

    Annapolis Junction, MD
    1 day ago
  •  ...Senior Auditor The Senior Auditor is responsible for completing compliance testing of the Company’s SOX/Internal Controls Program as assigned and championing internal control and corporate governance concepts throughout the business. This includes planning, executing... 

    MRINetwork

    Annapolis Junction, MD
    1 day ago
  •  ...County Auditor Position Anne Arundel County Government, located on the scenic...  ...standards (GAGAS) to evaluate internal controls, verify compliance with laws and regulations, and assess...  ...processing of data with due regard for security. # Evaluating the economy,... 
    Work at office
    Local area

    GovernmentJobs.com

    Ellicott City, MD
    21 hours ago
  •  ...Internal Auditor/Healthcare Analyst Talantage is currently seeking a Full-time Internal...  ...auditing team and clients to evaluate compliance with applicable regulations and industry...  ...analyst/reviewer Ability to obtain a security clearance, to include drug screen and criminal... 
    Full time
    Contract work

    Talantage

    Columbia, MD
    2 days ago
  •  ...process. Certified CMMC Assessor Columbia, MD, Columbia,...  ...assessment leadership, control evaluation, and final compliance determinations, while ensuring...  ...of experience in: Cybersecurity IT audit or assessments...  ...compliance Information security program management 3-5... 

    Digiflight

    Columbia, MD
    21 hours ago
  • $128.45k - $167.5k

     ...networking, sensing, and security. IonQ's newest...  ...modeling, logistics, cybersecurity, and defense. In 2025...  ...gap between technical control requirements and enterprise...  ..., IT, and legal/compliance pillars, ensuring governance...  ...with external auditors to ensure a seamless... 
    Permanent employment
    Contract work
    Work at office

    IonQ

    College Park, MD
    4 days ago
  •  ...J29, Inc is seeking a part-time Physician Auditor to perform blinded Independent Review clinical evaluations while adhering to Medicare guidelines. The position is contingent upon the successful award of the associated contract. The ideal candidate has over 10 years of... 
    Contract work
    Part time
    Remote work
    Flexible hours

    J29, Inc

    Millersville, MD
    1 day ago
  • The Senior Auditor position performs inquiry, walkthrough and test work in accordance with...  ...and the adequacy of the system of control to achieve established objectives. The Senior...  ...(CISA) and/or Certified Regulatory Compliance Manager (CRCM), are preferred. Professional... 
    Full time
    Work experience placement

    Atlantic Union Bank

    Laurel, MD
    3 days ago
  •  ...USPosted Yesterday## Role OverviewTeksky LLC is hiring a Senior Auditor. This is a full-time role in Columbia. posted yesterday. Full...  ...Responsibilities* Obtain and document an understanding of client internal control policies and procedures and perform testing of operating... 
    Full time

    TryApplyNow

    Columbia, MD
    4 days ago
  • Position Summary Maintains accurate count of all merchandise on the floor, steel and receiving. Identifies, investigates and corrects inventory discrepancies. Benefits We offer a comprehensive package of benefits including: paid time off medical, dental, vision, hearing...
    Temporary work

    Elijahhouseliving

    Beltsville, MD
    4 days ago
  •  ...Lot Auditor Parking Management Company (PMC) is a national leader in hospitality-focused...  ...the lot, and keeping the area clean and secure. The ideal candidate is friendly, detail...  ...records of parked cars. Security & Compliance: Check the lot regularly, report unsafe... 
    Hourly pay
    Minimum wage
    Local area
    Shift work
    Night shift

    Parking Management Company

    Hanover, MD
    2 days ago
  •  ...for planning, execution, and documentation of all Information Systems (IS) related audit activities and system compliance solutions to ensure that controls are adequate and adhere to industry standards, regulatory requirements, and corporate policies. This position is... 
    Full time
    Work experience placement
    Remote work
    Work from home
    Day shift

    Johns Hopkins Medicine

    Hanover, MD
    4 days ago
  • A leading insurance training provider in Laurel, Maryland is seeking Independent Insurance Claims Adjusters. This opportunity offers flexibility and competitive compensation while helping people recover from disasters. Whether you are an experienced adjuster or new to ...
    Flexible hours

    MileHigh Adjusters Houston

    Laurel, MD
    2 days ago
  • $61.32k - $76.65k

     ...Clinical Provider Auditor II - Maryland Behavioral Health Supports Payment Integrity...  ...make an impact: Examines claims for compliance with relevant billing and processing guidelines...  ...for fraud and abuse prevention and control. Reviews and conducts analysis of claims... 
    Work experience placement
    Work at office
    Local area

    Elevance Health

    Hanover, MD
    4 days ago
  •  ...for a CMMC Certified Assessor (CCA) at CyberRx, Inc...  ..., validating compliance with NIST 800-171 and...  ...the technical rigor of cybersecurity assessments and prefer...  ...safeguarding national security and committed to partnering...  ...related to handling Controlled Unclassified... 
    Full time
    For contractors
    Remote work

    CYBERRX INC

    Silver Spring, MD
    9 days ago
  • $60k - $75.07k

     ...Development and institutions, and delivers on work projects to ensure compliance, efficiency and effective delivery of ISS business systems and...  ...Acceptance Testing processes and adheres to Process Change Controls required by Internal Audit. Reviews, identifies, and... 
    Work at office

    Covista

    Columbia, MD
    4 days ago
  • $74.6k - $112k

     ...and support Government Business Systems Audits as well as SOX compliance. Results will be achieved through partnering with management to...  ..., financial, Government Business System, and Financial Control audits with guidance from internal management Provide audit... 
    Work at office
    Night shift

    Oceaneering

    Hanover, MD
    4 days ago
  • A leading insurance training provider in Laurel, Maryland is seeking Independent Insurance Claims Adjusters. This opportunity offers flexibility and competitive compensation while helping people recover from disasters. Whether you are an experienced adjuster or new to the...
    Flexible hours

    MileHigh Adjusters Houston

    Laurel, MD
    21 hours ago
  • $20.4 - $32.6 per hour

     ...Ellicott City, Maryland, 21043 General Summary The Vehicle Condition Assessor (VCA) position is responsible for delivering exceptional...  ...with customer transfers, complete lot merchandising activities, secure vehicles, and support the Merchandising team with additional... 
    Hourly pay
    Full time
    Contract work
    Work at office
    Flexible hours
    Night shift

    CarMax

    Ellicott City, MD
    4 days ago
  • $52.6k - $86.8k

    Who Are We? Taking care of our customers, our communities and each other. That’s the Travelers Promise. By honoring this commitment, we have maintained our reputation as one of the best property casualty insurers in the industry for over 170 years. Join us to discover...
    Work experience placement
    Internship
    Work at office
    Local area
    Remote work

    Travelers Insurance

    Laurel, MD
    3 days ago
  • $665 - $760 per month

    Jessup, MD Shift: 1st| Monday - Friday | 6:30a- Until Finish Pay: $665-760|Weekly People want to work at Capstone because of our high-performance culture. We build strong relationships, challenge the status quo, work hard to deliver results, and pay it forward...
    Weekly pay
    Monday to Friday
    Shift work

    Capstone Logistics

    Jessup, MD
    4 days ago
  • A leading technology solutions provider in Millersville, MD is seeking a Government Compliance Senior Associate to oversee compliance with government procurement laws and conduct audits. The successful candidate will be responsible for monitoring business processes to... 

    L3Harris Technologies

    Millersville, MD
    4 days ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to Cybersecurity Compliance Auditor / Security Control Assessor (SCA). Be the first to apply!