Control Assessor

Everforth ECS is seeking a Control Assessor to work in our Portland,OR office. Please Note: This position is contingent upon contract award.

The Control Assessor supports the execution of security and risk control assessments by evaluating the design, implementation, and operating effectiveness of technical, administrative, and operational controls. This role contributes to evidence-based evaluations that inform risk management, compliance, and remediation decisions.

The ideal candidate has hands-on cybersecurity, compliance, or assessment experience; understands control frameworks and assessment methodologies; and can perform structured control testing while collaborating with system owners, engineers, and business stakeholders.

Key Responsibilities

Control Assessment & Testing

• Perform assessments of security and risk controls across systems, applications, infrastructure, and business processes.
• Evaluate control implementation, design effectiveness, and operating effectiveness using approved assessment procedures.
• Execute control testing activities, including interviews, documentation reviews, technical validation, and evidence analysis.
• Collect, review, and validate assessment evidence to support defensible conclusions and findings.

Framework & Standards Alignment

• Assess controls against established frameworks, standards, and organizational baselines such as NIST, ISO, CIS, and applicable regulatory or contractual requirements.
• Map control implementation and evidence to applicable requirements, control objectives, and assessment criteria.
• Identify control gaps, weaknesses, strengths, and opportunities for improvement.

Analysis & Documentation

• Document assessment activities, evidence reviewed, testing approach, and results clearly and accurately.
• Develop or contribute to assessment findings, risk statements, and supporting narratives.
• Support development of remediation recommendations, corrective action plans, and follow-up assessment activities.
• Maintain assessment workpapers and artifacts in accordance with program quality and audit-readiness expectations.

Stakeholder Collaboration

• Work with system owners, engineers, security teams, and business stakeholders to understand control implementation and operational context.
• Clarify assessment requirements, evidence needs, and testing expectations with control owners and technical personnel.
• Support presentations, status updates, and briefings of assessment results as requested by assessment leads or program leadership.

Quality, Compliance & Risk Support

• Apply approved methodologies consistently to ensure assessment results are accurate, repeatable, and defensible.
• Escalate significant control gaps, evidence limitations, or risk concerns to assessment leadership.
• Support audit readiness, compliance reporting, risk register updates, and remediation tracking activities.

Continuous Improvement

• Assist with improving assessment methodologies, checklists, templates, tools, and reporting processes.
• Participate in lessons-learned activities, reassessments, and process improvement initiatives.
• Stay current with evolving cybersecurity requirements, control frameworks, assessment practices, and industry best practices.