Everforth ECS is seeking an
OT Control Assessor to work in our
Portland,OR office.
Please Note: This position is contingent upon contract award.The Operational Technology (OT) Control Assessor supports the execution of security and risk control assessments across industrial control systems, OT networks, cyber-physical systems, and mission or facility environments. This role evaluates the design, implementation, and operating effectiveness of technical, administrative, and operational controls while accounting for safety, reliability, availability, and operational continuity requirements.
The ideal candidate has hands-on cybersecurity, control assessment, or OT/ICS experience; understands how security controls apply in operational environments; and can conduct evidence-based testing while collaborating with engineers, operators, system owners, and cybersecurity stakeholders.
Key ResponsibilitiesOT Control Assessment & Testing - Perform assessments of security and risk controls across OT systems, industrial control systems, supervisory control and data acquisition environments, distributed control systems, building automation systems, and related support infrastructure.
- Evaluate control implementation, design effectiveness, and operating effectiveness using approved assessment methodologies and procedures.
- Execute control testing through interviews, documentation reviews, configuration or architecture reviews, evidence analysis, and validation of operational procedures.
- Collect, review, and validate assessment evidence while minimizing disruption to production, safety, mission, or facility operations.
OT/ICS Environment Analysis - Review OT architecture, network segmentation, data flows, asset inventories, trust boundaries, remote access paths, vendor access, logging coverage, and interfaces between enterprise IT and OT environments.
- Assess operational practices related to change control, patching, vulnerability management, backup and recovery, incident response, account management, physical access, and configuration management in OT environments.
- Identify control gaps, compensating controls, operational constraints, and risk tradeoffs that affect OT security, resilience, and mission continuity.
Framework & Standards Alignment - Assess OT controls against applicable frameworks, standards, and organizational baselines such as NIST, NIST SP 800-82, IEC 62443, NERC CIP, CIS Controls, ISO 27001/27002, and program-specific requirements.
- Map OT control implementation and supporting evidence to applicable assessment objectives, regulatory requirements, contractual requirements, and risk management expectations.
- Distinguish between enterprise IT control expectations and OT-specific constraints, compensating controls, safety requirements, and availability requirements.
Analysis & Documentation - Document assessment activities, evidence reviewed, testing approach, assumptions, limitations, and results clearly and accurately.
- Develop or contribute to OT-focused findings, risk statements, evidence summaries, and remediation recommendations.
- Support corrective action planning by recommending practical, risk-informed improvements that account for operational feasibility and system lifecycle constraints.
- Maintain assessment workpapers and artifacts in accordance with program quality, audit-readiness, and evidence-handling expectations.
Stakeholder Collaboration - Work with OT engineers, control system operators, system owners, cybersecurity teams, facility personnel, vendors, and business stakeholders to understand control implementation and operational context.
- Clarify assessment requirements, evidence needs, site coordination requirements, and testing expectations with technical and operational personnel.
- Support presentations, status updates, and briefings of OT assessment results as requested by assessment leads or program leadership.
Risk, Safety & Compliance Support - Apply approved methodologies consistently to ensure assessment results are accurate, repeatable, defensible, and sensitive to safety and operational priorities.
- Escalate significant control gaps, evidence limitations, safety concerns, availability impacts, or cyber-physical risk issues to assessment leadership.
- Support audit readiness, compliance reporting, risk register updates, remediation tracking, and follow-up assessment activities for OT environments.
Continuous Improvement - Assist with improving OT assessment methodologies, checklists, templates, tools, evidence requests, and reporting processes.
- Participate in lessons-learned activities, reassessments, and process improvement initiatives.
- Stay current with evolving OT cybersecurity threats, control frameworks, regulatory requirements, assessment practices, and industry best practices.
- 3-5 years of experience in cybersecurity, risk management, compliance, audit, control assessment, OT security, industrial control systems, or related technical roles.
- Experience supporting or executing formal control assessments, audits, compliance reviews, cybersecurity evaluations, or OT security assessments.
- Working knowledge of security control frameworks and OT-relevant guidance such as NIST, NIST SP 800-82, IEC 62443, CIS Controls, NERC CIP, ISO, or organizational control baselines.
- Ability to analyze OT architecture diagrams, network diagrams, system security documentation, policies, procedures, configurations, and operational evidence.
- Understanding of OT risk considerations, including safety, availability, reliability, segmentation, remote access, vendor access, patching constraints, and lifecycle limitations.
- Strong written documentation skills, including the ability to develop clear findings, evidence summaries, and risk statements.
- Ability to communicate effectively with technical, operational, and non-technical stakeholders.
