Who ensures that all security controls are implemented and documented effectively?

The correct choice is the Validator, as this role specifically focuses on the assessment and validation of security controls within a system. Validators are responsible for ensuring that all security controls are not only technically configured but also documented in a manner that aligns with established compliance standards. This involves conducting thorough evaluations to confirm that security measures are functioning as intended and adhere to the documented policies.

While the Compliance Officer plays a vital role in overseeing adherence to regulations and policies, their primary focus is on compliance rather than direct validation of controls. The Risk Manager is involved in identifying and mitigating risks rather than the direct implementation or documentation of security controls. The System Owner holds the responsibility for the system's overall security posture, but they may not be the ones carrying out the detailed validation process.

Thus, the Validator’s role is crucial in ensuring that security protocols are not only established but also effectively implemented and documented, which directly ties to organizational compliance and defense against threats.