Business Analyst - Immediate

About The Position

Requirements

• U.S. Citizenship .
• Experience supporting FISMA compliance documentation , including System Security Plans and security categorization artifacts.
• Experience developing or maintaining Privacy Impact Assessments (PIAs) .
• Familiarity with federal information security frameworks including NIST SP 800-53 and NIST SP 800-37 .
• Experience supporting Authority to Operate (ATO) documentation and security assessment activities.
• Experience maintaining IT system inventories and governance documentation .
• Demonstrated experience in business requirements gathering and documentation , including process models, use cases, or functional specifications.
• Ability to collaborate with senior subject matter experts and non-technical stakeholders to uncover and document underlying business needs.
• Strong written communication and documentation skills .

Nice To Haves

• Experience working in a U.S. federal government or regulatory environment .
• Familiarity with federal privacy and information security governance frameworks .
• Experience using process modeling tools such as Visio, Lucidchart, or similar platforms.
• Familiarity with Microsoft Power Platform or SharePoint Online in a business-user context.
• Experience coordinating User Acceptance Testing with non-technical stakeholders .
• Relevant coursework or certifications in information security, privacy, or records management (e.g., CIPP, CISSP, CRM).

Responsibilities

• Maintain and update FISMA compliance documentation , including System Security Plans (SSPs), security categorizations, and related artifacts.
• Support and coordinate Authority to Operate (ATO) processes , working with agency security and privacy offices through assessment and authorization cycles.
• Draft, review, and maintain Privacy Impact Assessments (PIAs) for systems that collect or process personally identifiable information.
• Maintain the DCCA system inventory , ensuring records remain accurate and aligned with agency reporting requirements.
• Support data governance initiatives , including data classification, records management, and retention schedule compliance.
• Serve as a liaison with information security, privacy, and compliance teams on matters affecting the DCCA application portfolio.
• Identify potential compliance risks or gaps and escalate issues requiring updated documentation or reassessment.
• Prepare documentation packages to support security reviews, audits, and compliance assessments .
• Collaborate with program stakeholders (economists, policy analysts, bank examiners, and attorneys) to gather, analyze, and document business requirements.
• Translate stakeholder needs into structured requirements, process flows, and functional specifications for application development.
• Develop process flow diagrams, use cases, and data flow documentation to support system design and implementation.
• Assist project leadership in prioritizing and scoping requirements , identifying dependencies and implementation considerations.
• Support User Acceptance Testing (UAT) by developing test cases, coordinating with business users, and documenting test results.
• Facilitate communication between technical teams and business stakeholders to ensure alignment throughout the development lifecycle.