IT Security Control Assessor
About The Position
At Accenture Federal Services, our mission is to strengthen and secure the US federal government, making the nation safer and improving citizens' lives through technology and ingenuity. We are a technology company within global Accenture, recognized for our collaborative and supportive community where employees are empowered to grow and thrive. As a Risk Management Framework (RMF) Information Systems Security Engineer (ISSE)/ Information Systems Security Officer (ISSO), you will be responsible for overseeing the security posture of complex information systems and ensuring compliance with the Risk Management Framework (RMF).
Requirements
- Hands-on experience with host and network access controls, incident response and handling methodologies, as well as a deep understanding of network protocols and the latest system and application security threats.
- Familiarity with tools and processes related to system monitoring, vulnerability management, and security auditing.
- Strong communication skills are essential, as you will be expected to clearly articulate security risks and recommendations to both technical and non-technical stakeholders.
- Experience with risk assessment and conducting security testing.
- Hands-on experience applying the Risk Management Framework (RMF).
- Familiarity with incident response and handling methodologies.
- Awareness of system and application security threats and vulnerabilities.
- Experience developing and maintaining security documentation, including any of these: System Security Plans (SSP), Plan of Actions and Milestones (POA&M), Security Control Traceability Matrix (SCTM), Risk Assessment Reports, Concept of Operations (CONOPS), Security Control Assessment Plans.
- Requires one of the following 8140 Advanced certifications: Certified Chief Information Security Officer (CCISO), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), CompTIA Cybersecurity Analyst (CySA+), GIAC Security Leadership Certification (GSLC), GIAC Systems and Network Auditor (GSNA), Information Systems Security Engineering Professional (ISSEP).
Nice To Haves
- Knowledge of network protocols
- Knowledge of secure system architecture and system monitoring
- Strong security control analysis skills
- Experience conducting system audits
- Understanding of host and network access controls
Responsibilities
- Conducting thorough risk assessments, performing security testing, and analyzing security controls to identify and mitigate vulnerabilities.
- Developing and maintaining critical documentation such as System Security Plans (SSP), Plans of Action and Milestones (POA&M), Security Control Traceability Matrices (SCTM), Risk Assessment Reports, Concepts of Operations (CONOPS), and Security Control Assessment Plans.
- Monitoring systems for security events, conducting regular audits, and providing recommendations for secure system architecture.
- Applying the Risk Management Framework (RMF).
- Applying incident response and handling methodologies.
- Analyzing system and application security threats and vulnerabilities.
- Developing and maintaining security documentation, including SSPs, POA&Ms, SCTMs, Risk Assessment Reports, CONOPS, and Security Control Assessment Plans.
- Conducting system audits.
Benefits
- Accenture Federal Services offers a wide variety of benefits.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
No Education Listed
