Job Description Everforth ECS is seeking a
Control Assessor to work in our
Portland,OR office.
Please Note: This position is contingent upon contract award. The Control Assessor supports the execution of security and risk control assessments by evaluating the design, implementation, and operating effectiveness of technical, administrative, and operational controls. This role contributes to evidence-based evaluations that inform risk management, compliance, and remediation decisions.
The ideal candidate has hands-on cybersecurity, compliance, or assessment experience; understands control frameworks and assessment methodologies; and can perform structured control testing while collaborating with system owners, engineers, and business stakeholders.
Key Responsibilities Control Assessment & Testing - Perform assessments of security and risk controls across systems, applications, infrastructure, and business processes.
- Evaluate control implementation, design effectiveness, and operating effectiveness using approved assessment procedures.
- Execute control testing activities, including interviews, documentation reviews, technical validation, and evidence analysis.
- Collect, review, and validate assessment evidence to support defensible conclusions and findings.
Framework & Standards Alignment - Assess controls against established frameworks, standards, and organizational baselines such as NIST, ISO, CIS, and applicable regulatory or contractual requirements.
- Map control implementation and evidence to applicable requirements, control objectives, and assessment criteria.
- Identify control gaps, weaknesses, strengths, and opportunities for improvement.
Analysis & Documentation - Document assessment activities, evidence reviewed, testing approach, and results clearly and accurately.
- Develop or contribute to assessment findings, risk statements, and supporting narratives.
- Support development of remediation recommendations, corrective action plans, and follow-up assessment activities.
- Maintain assessment workpapers and artifacts in accordance with program quality and audit-readiness expectations.
Stakeholder Collaboration - Work with system owners, engineers, security teams, and business stakeholders to understand control implementation and operational context.
- Clarify assessment requirements, evidence needs, and testing expectations with control owners and technical personnel.
- Support presentations, status updates, and briefings of assessment results as requested by assessment leads or program leadership.
Quality, Compliance & Risk Support - Apply approved methodologies consistently to ensure assessment results are accurate, repeatable, and defensible.
- Escalate significant control gaps, evidence limitations, or risk concerns to assessment leadership.
- Support audit readiness, compliance reporting, risk register updates, and remediation tracking activities.
Continuous Improvement - Assist with improving assessment methodologies, checklists, templates, tools, and reporting processes.
- Participate in lessons-learned activities, reassessments, and process improvement initiatives.
- Stay current with evolving cybersecurity requirements, control frameworks, assessment practices, and industry best practices.
Required Skills - 3-5 years of experience in cybersecurity, risk management, compliance, audit, or control assessment roles.
- Experience executing formal control assessments, audits, compliance reviews, or security evaluation activities.
- Working knowledge of security control frameworks and assessment methodologies such as NIST, ISO, CIS, SOC, or organizational control baselines.
- Ability to analyze technical configurations, policies, procedures, diagrams, plans, and operational evidence.
- Strong written documentation skills, including the ability to develop clear findings, evidence summaries, and risk statements.
- Ability to communicate effectively with technical and non-technical stakeholders.
Desired Skills - Experience in regulated or compliance-driven environments such as government, finance, healthcare, critical infrastructure, or defense contracting.
- Familiarity with system security artifacts such as SSPs, policies, procedures, POA&Ms, risk registers, architecture diagrams, and audit evidence repositories.
- Experience assessing technical, administrative, and operational controls across enterprise or mission systems.
- Familiarity with vulnerability management, identity and access management, logging and monitoring, incident response, configuration management, and contingency planning controls.
- Certifications such as Security+, CISA, CRISC, CISSP, CAP, CGRC, or equivalent experience.
ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.
Everforth ECS is the federal segment of
Everforth , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.
Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.
We value:
- Attracting and developing top talent and high-performing teams
- Fostering a culture that is engaging, accountable, and mission-driven
Meet the challenge. Make a difference with Everforth ECS! 
Never miss an opportunity! Create an alert based on the job you applied for.