Information System Security Officer (ISSO)

Accenture Federal Services is seeking an Information System Security Officer (ISSO) to play a critical role in ensuring the security and integrity of Cloud-focused Information Systems and data. This position requires a unique blend of technical expertise, business acumen, and collaboration skills to effectively implement and manage security controls and risk management processes. The ISSO will work closely with the ISSE and other stakeholders to identify and mitigate security risks, implement security controls, and ensure compliance with relevant regulations and standards.

General Key Responsibilities, not limited to: 

• Work in close collaboration with a team of ISSOs and ISSEs to support critical Information Systems and data
• Ensure systems are operated and maintained in accordance with security policies and procedures
• Conduct security assessments and risk analyses to identify vulnerabilities and recommend mitigation strategies
• Develop and implement security policies and procedures to ensure compliance with relevant regulations
• Conduct periodic reviews of Information Systems to ensure compliance with security authorization packages
• Coordinate with systems administrators to perform system scans for Assessment & Authorization (A&A) and continuous monitoring
• Perform compliance audits, participate in incident handling, and lead investigations into security anomalies
• Review audit logs and continuous monitoring tools to identify anomalies, hacking attempts, or insider threats
• Collaborate with stakeholders to ensure the security and integrity of information systems and data

Goals and Objectives:

• Provide high-quality technical support and guidance for security controls implementation
• Conduct thorough security assessments to identify vulnerabilities and recommend effective mitigation strategies
• Develop and implement robust security policies ensuring compliance with regulations and standards
• Maintain effective collaboration with stakeholders to ensure information systems security and integrity
• Stay current with emerging security trends, threats, and technologies
• Support continuous monitoring activities and ensure timely remediation of identified vulnerabilities
• Contribute to the overall security posture improvement of the organization

Technical Expertise

• Advanced knowledge of security control implementation and risk assessment methodologies
• Expertise in applying security frameworks to cloud-based and on-premises environments
• Experience with security management and oversight, including policies, procedures, and compliance
• Proficiency in cloud security architecture, design principles, and controls implementation
• Knowledge of security information and event management systems, such as Splunk
• Experience with vulnerability scanning and management tools such as ACAS/Nessus
• Understanding of secure configuration management for Windows, Linux, and cloud environments

Professional Competencies

• Excellent communication and interpersonal skills
• Ability to work effectively in a team environment
• Strong problem-solving and analytical skills
• Ability to adapt to changing priorities and deadlines
• Strong customer service orientation
• Ability to engage with users professionally and present technical concepts to semi-technical customers
• Ability to interface effectively with seasoned Government personnel
• Ability to execute autonomously and take ownership of assigned responsibilities

Here's what you need: 

• Relevant Associate or Bachelor’s Degree OR, supporting certifications and relevant job or military experience of 4 years in lieu of degree
• 3 years executing computer security principles and managing cyber risk following RMF, JSIG, or ICD-503
• 1 year of experience implementing security practices in cloud environments (AWS, Azure, OCI, or equivalent)
• 3 years implementing security policies for an enterprise/organization
• 3 years of demonstrated experience reviewing security documentation and conducting vulnerability assessments
• Compliance with DoD Directive 8140, or any successor directives as applicable to their roles, through the duration of the contract which can also include 8570 IAT Level 1 (e.g. Sec+ or higher)
• CISSP certification within 6 months of start date 

Bonus points if you have:

• Experience implementing Domain Controllers, Domain Group Policy Objects, and domain infrastructure
• Experience with Git & automation techniques
• Experience with AGILE and SCRUM processes
• Experience using the Linux Command Line
• Advanced ACAS/Nessus scanning and remediation expertise
• Experience configuring SIEM/Splunk, creating dashboards and reports
• Experience with incident handling procedures and response coordination
• Additional security-related certifications (Cloud, SIEM, forensics, Linux, Windows, etc.)
• Experience working in a DevSecOps project environment
• Experience providing briefings and speaking to public audiences

Security Clearance:

• Active Top-Secret Clearance, preferred with SCI eligibility
• Must be willing to undergo a polygraph examination if necessary