IT Security Control Assessor

At Accenture Federal Services, nothing matters more than helping the US federal government make the nation stronger and safer and life better for people. Our 13,000+ people are united in a shared purpose to pursue the limitless potential of technology and ingenuity for clients across defense, national security, public safety, civilian, and military health organizations. Join Accenture Federal Services, a technology company within global Accenture. Recognized as a Glassdoor Top 100 Best Place to Work, we offer a collaborative and caring community where you feel like you belong and are empowered to grow, learn and thrive through hands-on experience, certifications, industry training and more. Join us to drive positive, lasting change that moves missions and the government forward! As a Risk Management Framework (RMF) Information Systems Security Engineer (ISSE)/ Information Systems Security Officer (ISSO), you will be responsible for overseeing the security posture of complex information systems, ensuring compliance with the Risk Management Framework (RMF). Responsibilities Your day-to-day activities will involve conducting thorough risk assessments, performing security testing, and analyzing security controls to identify and mitigate vulnerabilities. You will be tasked with developing and maintaining critical documentation such as System Security Plans (SSP), Plans of Action and Milestones (POAM), Security Control Traceability Matrices (SCTM), Risk Assessment Reports, Concepts of Operations (CONOPS), and Security Control Assessment Plans. Your role will also require you to monitor systems for security events, conduct regular audits, and provide recommendations for secure system architecture. To excel in this position, you should have hands-on experience with host and network access controls, incident response and handling methodologies, as well as a deep understanding of network protocols and the latest system and application security threats. Familiarity with tools and processes related to system monitoring, vulnerability management, and security auditing will be highly beneficial. Strong communication skills are essential, as you will be expected to clearly articulate security risks and recommendations to both technical and non-technical stakeholders. Holding one of the advanced 8140 certifications—such as CISSP, CISM, CCISO, CySA+, GSLC, GSNA, ISSEP, or CISA—is a requirement, ensuring you bring a high level of expertise and leadership to the security team. Here is what you need Experience with risk assessment and conducting security testing Hands-on experience applying the Risk Management Framework (RMF) Familiarity with incident response and handling methodologies Awareness of system and application security threats and vulnerabilities Experience developing and maintaining security documentation, including any of these: System Security Plans (SSP) Plan of Actions and Milestones (POAM) Security Control Traceability Matrix (SCTM) Risk Assessment Reports Concept of Operations (CONOPS) Security Control Assessment Plans Requires one of the following 8140 Advanced certifications; Certified Chief Information Security Officer (CCISO) Certified Information Security Manager (CISM) Certified Information Systems Auditor (CISA) Certified Information Systems Security Professional (CISSP) CompTIA Cybersecurity Analyst (CySA+) GIAC Security Leadership Certification (GSLC) GIAC Systems and Network Auditor (GSNA) Information Systems Security Engineering Professional (ISSEP) Nice to have Knowledge of network protocols Knowledge of secure system architecture and system monitoring Strong security control analysis skills Experience conducting system audits Understanding of host and network access controls Clearance An active TS/SCI is required As required by local law, Accenture Federal Services provides reasonable ranges of compensation for hired roles based on labor costs in the states of California, C ... (truncated, view full listing at source)