Control Assessor

About The Position

Requirements

• 3-5 years of experience in cybersecurity, risk management, compliance, audit, or control assessment roles.
• Experience executing formal control assessments, audits, compliance reviews, or security evaluation activities.
• Working knowledge of security control frameworks and assessment methodologies such as NIST, ISO, CIS, SOC, or organizational control baselines.
• Ability to analyze technical configurations, policies, procedures, diagrams, plans, and operational evidence.
• Strong written documentation skills, including the ability to develop clear findings, evidence summaries, and risk statements.
• Ability to communicate effectively with technical and non-technical stakeholders.

Responsibilities

• Perform assessments of security and risk controls across systems, applications, infrastructure, and business processes.
• Evaluate control implementation, design effectiveness, and operating effectiveness using approved assessment procedures.
• Execute control testing activities, including interviews, documentation reviews, technical validation, and evidence analysis.
• Collect, review, and validate assessment evidence to support defensible conclusions and findings.
• Assess controls against established frameworks, standards, and organizational baselines such as NIST, ISO, CIS, and applicable regulatory or contractual requirements.
• Map control implementation and evidence to applicable requirements, control objectives, and assessment criteria.
• Identify control gaps, weaknesses, strengths, and opportunities for improvement.
• Document assessment activities, evidence reviewed, testing approach, and results clearly and accurately.
• Develop or contribute to assessment findings, risk statements, and supporting narratives.
• Support development of remediation recommendations, corrective action plans, and follow-up assessment activities.
• Maintain assessment workpapers and artifacts in accordance with program quality and audit-readiness expectations.
• Work with system owners, engineers, security teams, and business stakeholders to understand control implementation and operational context.
• Clarify assessment requirements, evidence needs, and testing expectations with control owners and technical personnel.
• Support presentations, status updates, and briefings of assessment results as requested by assessment leads or program leadership.
• Apply approved methodologies consistently to ensure assessment results are accurate, repeatable, and defensible.
• Escalate significant control gaps, evidence limitations, or risk concerns to assessment leadership.
• Support audit readiness, compliance reporting, risk register updates, and remediation tracking activities.
• Assist with improving assessment methodologies, checklists, templates, tools, and reporting processes.
• Participate in lessons-learned activities, reassessments, and process improvement initiatives.
• Stay current with evolving cybersecurity requirements, control frameworks, assessment practices, and industry best practices.