[Contingent] Senior Cybersecurity Compliance Analyst (ATO SME)

About The Position

Requirements

• Developed A&A packages from scratch and carried systems through to ATO.
• Knowledge of each RMF step and the documentation required at every gate.
• Produce SSPP, SAR, and POA&M documentation that is accurate, complete, and ready for government review without requiring extensive rework.
• Recognize when a system triggers PII documentation requirements and know how to coordinate IPA and PIA processes with privacy officials under tight timelines.
• Understand federal ISCM strategies and can implement system-level monitoring plans that supplement agency-level requirements.
• Manage multiple systems simultaneously, tracking each system's authorization status, POA&M items, and upcoming assessment milestones without missing deadlines.
• Understand FISMA, NIST SP 800-53, the Privacy Act, and OMB A-130 in practice.
• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field
• 7+ years performing systems security assessments, preparing A&A documentation, and supporting security authorizations for federal information systems including classified systems
• 7+ years of federal IT security compliance experience
• Minimum one (1) of the following certifications: CISA (ISACA), CRISC (ISACA), CISSP (ISC2), CAP/CGRC (ISC2)
• Public Trust / Suitability clearance required
• Must be a U.S. Citizen.

Nice To Haves

• Prior experience with federal agency ATO programs
• Experience with federal authorization management platforms used in federal environments
• Familiarity with automated scanning tools used for asset discovery and boundary definition
• Experience supporting Privacy Impact Assessments (PIA) and coordinating with Senior Component Officials for Privacy (SCOP)
• Experience managing POA&M lifecycle tracking in a federal environment
• Experience supporting both on-premises and FedRAMP cloud authorization packages

Responsibilities

• Perform security categorization analysis under FIPS 199 and NIST SP 800-60: analyze data types, determine CIA impact levels, identify PII, and document findings in the applicable authorization management system.
• Select, tailor, and allocate NIST SP 800-53 Rev. 5 security and privacy controls per applicable federal cybersecurity standards; develop and maintain Requirements Traceability Matrices (RTM).
• Draft and maintain System Security and Privacy Plans (SSPP), ensuring all implemented and planned controls are documented accurately and reflect the as-implemented state of the system.
• Support ISSO activities: coordinate with system owners and operations and maintenance (O&M) staff to ensure ongoing compliance with federal security requirements and standards.
• Develop and maintain RMF supplemental documents: Incident Response Plans (IRP), Contingency Plans (CP), Configuration Management Plans (CMP), Initial Privacy Assessments (IPA), Privacy Impact Assessments (PIA), MOUs, and ISAs.
• Review assessment findings and support remediation planning; develop and track Plans of Action and Milestones (POA&M) for identified control weaknesses.
• Support preparation of authorization packages for Authorizing Official (AO) review and signature; maintain authorization status documentation.
• Support continuous monitoring activities: control assessment scheduling, security and privacy impact analyses, and authorization package updates based on system and environment changes.
• Coordinate privacy documentation with privacy officials for systems processing PII.
• Assist with annual FISMA and FISCAM audit activities.

Benefits

• Medical Insurance
• Dental Insurance
• Vision Insurance
• Life Insurance
• Short Term & Long Term Disability
• 401k Retirement Savings Plan with Company Match
• Paid Holidays
• Paid Time Off (PTO)
• Tuition and Professional Development Assistance