Lead Assessment and Authorization Analyst

Job Description

Lead ISSO / Cyber Security Assessment & Authorization Analyst
Location: Rockville, Maryland

We are looking for highly motivated, flexible, organized, and detail-oriented Lead ISSO / Cyber Security Assessment and Authorization (A&A) Analyst to join our dynamic team in Rockville, MD.

If you are looking to grow your career while supporting mission-critical federal programs that directly impact medical and scientific communities, this is the role for you. Our customer supports groundbreaking research to better understand, treat, and ultimately prevent infectious, immunologic, and allergic diseases while improving public health and quality of life.

Your work will have meaningful impact by helping secure systems that support life-changing research and federal healthcare missions.

Key Responsibilities

• Lead and support client cybersecurity Assessment & Authorization (A&A) efforts across multiple federal systems and environments.
• Manage activities required to obtain and maintain Authority to Operate (ATO) for new, legacy, modernized, and cloud-based systems.
• Serve as senior analyst and team lead, guiding ISSOs, assessors, and junior staff to ensure timely delivery of all assigned A&A efforts.
• Apply the NIST Risk Management Framework to all authorization activities.
• Support implementation of RMF steps including system categorization, control selection, control implementation, security assessment, authorization, and continuous monitoring.
• Review and validate security documentation including:
• System Security Plans (SSP)
• Security Assessment Plans (SAP)
• Security Assessment Reports (SAR)
• POA&Ms
• Contingency Plans
• Policies and Procedures
• Conduct security control assessments of system boundaries, applications, cloud platforms, and hybrid environments.
• Ensure all artifacts, evidence, and deliverables are maintained within the enterprise GRC repository.
• Track vulnerabilities, risks, findings, and remediation actions through POA&M management processes.
• Support executive reporting, risk briefings, and client communications.
• Coordinate with system owners, engineers, developers, and operations teams to resolve security compliance gaps.
• Assist in improving A&A processes through automation, dashboards, metrics, and workflow efficiencies.

Required Qualifications

• Bachelor’s degree in Cybersecurity, Computer Science, MIS, Information Systems, or related discipline.
• Master’s degree preferred.
• 8+ years of experience supporting federal Assessment & Authorization (A&A) programs.
• 8+ years of experience performing security control assessments, validations, or authorization support.
• 8+ years of experience maintaining IT security policies, standards, procedures, and guidance.
• Strong experience with:
• NIST SP 800-53
• NIST SP 800-37
• NIST SP 800-137
• FISMA
• Experience using GRC tools such as CSAM or equivalent platforms.
• Experience using continuous monitoring and vulnerability management tools to automate compliance evidence collection.
• Experience supporting cloud authorizations in Amazon Web Services, Microsoft Azure, or hybrid environments.
• Excellent written, verbal, organizational, and stakeholder communication skills.

Preferred Qualifications

• Relevant certifications such as:
• ISC2 CISSP
• PMP
• CISM
• CAP
• Security+
• Experience leading ISSO teams or managing cybersecurity portfolios.
• Experience with federal healthcare, scientific, or research environments.

Clearance / Eligibility Requirements

Applicants selected will be subject to a Public Trust background investigation and may need to meet eligibility requirements for access to sensitive information.