Protect our Land, Ascend with Us!

Ascension is seeking a Cybersecurity Assessment Analyst / Controls Validation & Reporting Specialist to support a high-impact cybersecurity risk assessment engagement for a state judiciary environment. This role is critical to executing the core technical assessment work, including validating cybersecurity controls, performing detailed gap analyses, and producing executive- and technical-level reporting aligned to the NIST Cybersecurity Framework (CSF) 2.0.

This position is ideal for a hands-on cybersecurity practitioner who thrives at the intersection of analysis, validation, and reporting, and who can translate complex security findings into clear, actionable insights for both technical and non-technical stakeholders.

The selected candidate will play a central execution role in assessing the client’s cybersecurity posture, identifying risks, and shaping remediation strategies that directly impact enterprise security maturity.

Summary of the Contractor Role

The Cybersecurity Assessment Analyst will support the execution of two enterprise-level cybersecurity risk assessments focused on evaluating existing security controls and practices against the NIST CSF 2.0 framework.

This role requires a detail-oriented, analytical, and self-driven professional who can operate independently in a remote environment while collaborating with cross-functional stakeholders.

The ideal candidate will:

• Demonstrate strong critical thinking and analytical rigor
• Be comfortable working with incomplete or evolving information
• Possess the ability to validate controls using evidence-based methods, not just policy review
• Translate technical findings into clear, structured reports and recommendations
• Effectively manage multiple priorities across assessment phases

The candidate will support activities including:

• Control validation and evidence review
• NIST CSF categorization and scoring
• Gap analysis and maturity assessment
• Development of technical and executive reporting
• Contribution to remediation roadmap development

The work will rely heavily on interviews, documentation review, questionnaires, and supporting evidence validation, rather than direct system access.

Day-to-Day Activities

• Conduct stakeholder interviews and facilitate information-gathering sessions
• Analyze cybersecurity documentation, policies, and procedures
• Validate implementation of security controls through evidence-based review
• Map controls to NIST CSF, NIST SP 800-53, and NIST SP 800-171 frameworks
• Perform gap analysis comparing current vs. target cybersecurity posture
• Assess CSF Implementation Tiers and organizational maturity
• Develop and maintain assessment workbooks, scoring matrices, and tracking tools
• Document findings, risks, and observations in structured formats
• Draft technical report content, including detailed findings and recommendations
• Contribute to executive-level summaries and risk narratives
• Support development of remediation strategies and improvement roadmaps
• Participate in internal team reviews and quality assurance of deliverables
• Support preparation of materials for final presentation to stakeholders