Assessment & Authorization (A&A) Support Specialist

About The Position

Requirements

• Experience conducting pre-assessments of security controls and preparing systems for FISMA compliance.
• Experience supporting Assessment and Authorization (A&A) activities and preparing systems for federal security authorization.
• Experience coordinating with IT teams, stakeholders, and system owners to collect and validate assessment artifacts and documentation.
• Experience supporting FedRAMP authorization activities and coordinating related documentation and assessment artifacts.
• Experience supporting independent security assessments and responding to assessment findings and inquiries.
• Experience developing and maintaining security authorization documentation, including System Security Plans (SSPs) and related supporting materials.
• Experience supporting post-assessment activities such as continuous monitoring, remediation, and POA&M management.

Responsibilities

• Conduct pre-assessments of applicable security controls, including planning, review, analysis, and recommendations to prepare systems for compliance with the Federal Information Security Modernization Act (FISMA).
• Coordinate with Information Technology Resource Branch (ITRB) teams, stakeholders, and system owners to gather, validate, and compile artifacts required for system assessment and authorization readiness.
• Maintain and improve Authority to Operate (ATO) guidance documentation to ensure alignment with current federal standards and organizational requirements.
• Provide support for systems requiring initial or ongoing FedRAMP sponsorship, including coordination of documentation and assessment artifacts.
• Provide technical and programmatic support during and after independent assessments, ensuring timely responses to findings and inquiries.
• Ensure System Security Plans (SSPs) contain compliant documentation of hybrid and system-specific controls, system inventories, architecture descriptions, system boundaries, and system diagrams.
• Create and document system assessment packages and review materials for completeness, accuracy, and required approvals.
• Support post-assessment activities, including continuous monitoring, remediation, and verification of Plan of Action and Milestones (POA&M) items through closure.
• Lead or assist technical and security teams in producing and delivering required security authorization artifacts for systems, including: FIPS 199 Security Categorization Privacy Impact Assessment (PIA) HHS E-Authentication Risk Assessment and Assurance Level Selection System Security Plan (SSP) and supporting documentation (system inventory, architecture and boundary documentation, system diagrams) Memorandums of Understanding (MOUs) and Interconnection Security Agreements (ISAs), as applicable Business Impact Analysis (BIA) Contingency Plan (CP) and Contingency Plan Test with After-Action Report Configuration Management Plan (CMP) Incident Response Plan (IRP) and Incident Response Plan Test with After-Action Report Continuous Monitoring documentation