Everforth ECS is seeking an OT Control Assessor to work in our Portland,OR office. Please Note: This position is contingent upon contract award.
The Operational Technology (OT) Control Assessor supports the execution of security and risk control assessments across industrial control systems, OT networks, cyber-physical systems, and mission or facility environments. This role evaluates the design, implementation, and operating effectiveness of technical, administrative, and operational controls while accounting for safety, reliability, availability, and operational continuity requirements.
The ideal candidate has hands-on cybersecurity, control assessment, or OT/ICS experience; understands how security controls apply in operational environments; and can conduct evidence-based testing while collaborating with engineers, operators, system owners, and cybersecurity stakeholders.
Key Responsibilities
OT Control Assessment & Testing
- Perform assessments of security and risk controls across OT systems, industrial control systems, supervisory control and data acquisition environments, distributed control systems, building automation systems, and related support infrastructure.
- Evaluate control implementation, design effectiveness, and operating effectiveness using approved assessment methodologies and procedures.
- Execute control testing through interviews, documentation reviews, configuration or architecture reviews, evidence analysis, and validation of operational procedures.
- Collect, review, and validate assessment evidence while minimizing disruption to production, safety, mission, or facility operations.
OT/ICS Environment Analysis
- Review OT architecture, network segmentation, data flows, asset inventories, trust boundaries, remote access paths, vendor access, logging coverage, and interfaces between enterprise IT and OT environments.
- Assess operational practices related to change control, patching, vulnerability management, backup and recovery, incident response, account management, physical access, and configuration management in OT environments.
- Identify control gaps, compensating controls, operational constraints, and risk tradeoffs that affect OT security, resilience, and mission continuity.
Framework & Standards Alignment
- Assess OT controls against applicable frameworks, standards, and organizational baselines such as NIST, NIST SP 800-82, IEC 62443, NERC CIP, CIS Controls, ISO 27001/27002, and program-specific requirements.
- Map OT control implementation and supporting evidence to applicable assessment objectives, regulatory requirements, contractual requirements, and risk management expectations.
- Distinguish between enterprise IT control expectations and OT-specific constraints, compensating controls, safety requirements, and availability requirements.
Analysis & Documentation
- Document assessment activities, evidence reviewed, testing approach, assumptions, limitations, and results clearly and accurately.
- Develop or contribute to OT-focused findings, risk statements, evidence summaries, and remediation recommendations.
- Support corrective action planning by recommending practical, risk-informed improvements that account for operational feasibility and system lifecycle constraints.
- Maintain assessment workpapers and artifacts in accordance with program quality, audit-readiness, and evidence-handling expectations.
Stakeholder Collaboration
- Work with OT engineers, control system operators, system owners, cybersecurity teams, facility personnel, vendors, and business stakeholders to understand control implementation and operational context.
- Clarify assessment requirements, evidence needs, site coordination requirements, and testing expectations with technical and operational personnel.
- Support presentations, status updates, and briefings of OT assessment results as requested by assessment leads or program leadership.
Risk, Safety & Compliance Support
- Apply approved methodologies consistently to ensure assessment results are accurate, repeatable, defensible, and sensitive to safety and operational priorities.
- Escalate significant control gaps, evidence limitations, safety concerns, availability impacts, or cyber-physical risk issues to assessment leadership.
- Support audit readiness, compliance reporting, risk register updates, remediation tracking, and follow-up assessment activities for OT environments.
Continuous Improvement
- Assist with improving OT assessment methodologies, checklists, templates, tools, evidence requests, and reporting processes.
- Participate in lessons-learned activities, reassessments, and process improvement initiatives.
- Stay current with evolving OT cybersecurity threats, control frameworks, regulatory requirements, assessment practices, and industry best practices.
- 3-5 years of experience in cybersecurity, risk management, compliance, audit, control assessment, OT security, industrial control systems, or related technical roles.
- Experience supporting or executing formal control assessments, audits, compliance reviews, cybersecurity evaluations, or OT security assessments.
- Working knowledge of security control frameworks and OT-relevant guidance such as NIST, NIST SP 800-82, IEC 62443, CIS Controls, NERC CIP, ISO, or organizational control baselines.
- Ability to analyze OT architecture diagrams, network diagrams, system security documentation, policies, procedures, configurations, and operational evidence.
- Understanding of OT risk considerations, including safety, availability, reliability, segmentation, remote access, vendor access, patching constraints, and lifecycle limitations.
- Strong written documentation skills, including the ability to develop clear findings, evidence summaries, and risk statements.
- Ability to communicate effectively with technical, operational, and non-technical stakeholders.
Skills Required
- 3-5 years of experience in cybersecurity, risk management, compliance, audit, or OT security
- Experience supporting formal control assessments, audits, compliance reviews
- Working knowledge of security control frameworks and OT-relevant guidance
- Ability to analyze OT architecture diagrams and security documentation
- Strong written documentation skills
ECS Compensation & Benefits Highlights
The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about ECS and has not been reviewed or approved by ECS.
-
Healthcare Strength — ECS advertises multiple national-network medical plan options with HSA eligibility alongside dental and vision coverage. Coverage generally begins quickly and is paired with company-paid short- and long-term disability, adding stability to the health package.
-
Retirement Support — A 401(k) with Safe Harbor and immediate vesting on employer contributions is emphasized, with an employer match available. Access to an employee stock purchase plan via the parent company provides an additional savings avenue.
-
Parental & Family Support — Paid parental leave up to 30 days, adoption assistance, and other family-oriented leaves are highlighted. Feedback suggests these offerings add meaningful value beyond base pay for many roles.
ECS Insights
What We Do
ECS, a segment of ASGN (NYSE: ASGN), delivers advanced solutions and services in cloud, cybersecurity, artificial intelligence (AI), machine learning (ML), application and IT modernization, and science and engineering. The company solves critical, complex challenges for customers across the U.S. public sector, defense, intelligence and commercial industries. ECS maintains partnerships with leading cloud, cybersecurity, and AI/ML providers and holds specialized certifications in their technologies. Headquartered in Fairfax, Virginia, ECS has more than 3,400 employees throughout the U.S. and has been recognized as a Top Workplace by The Washington Post for the last five years.
