An organizational official responsible for the development, implementation, assessment, and monitoring of common controls (i.e., security controls inherited by information systems).
See common control provider.
Sources:
CNSSI 4009-2015