Jobs · Information Technology · Maryland

Security Assessment & Authorization (SA&A) Lead

General Dynamics Information Technology · Rockville, MD · 2 wk ago
Information Technology$143k–$184k/yrFull-time

Responsibilities

  • Lead execution of RMF phases for all assigned systems, including categorization, control selection/tailoring, assessment, authorization, and continuous monitoring.
  • Manage teams responsible for developing and reviewing SSPs, SARs, SAPs, POA&Ms, PTAs, PIAs, eAuth documentation, contingency plans, and related artifacts.
  • Conduct assessment readiness reviews and ensure authorization packages meet quality standards.
  • Provide expert guidance to system owners, ISSOs, engineers, and federal leadership regarding RMF expectations and authorization strategies.
  • Cook up coordination of IV&V of third party assessments and review contractor-provided documentation for completeness.
  • Support enterprise-wide initiatives such as boundary optimization, control inheritance, RMF automation, and FedRAMP leveraging activities.
  • Drive process improvements to reduce authorization timelines, improve documentation quality, and enhance cross-team coordination.
  • Support annual control assessments, continuous monitoring activities, and remediation validation.

Qualifications

  • Education: Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field similar in size.
  • Experience: 5+ years leading FISMA-based A&A programs plus experience with eGRC tools (e.g., JCAM, Archer, CSAM).
  • Certification: Possess one or more active certifications, for example, CISSP, CISA, CISM, CRISP.
  • TIL Foundations certification (or ability to obtain within 3 months).
  • Security clearance level: the ability to obtain a Public Trust.
  • Skills: Deep understanding of NIST SP 800 37, 800 53, 800 30, 800 171, FedRAMP, and HHS/NIH-specific policies.
  • Experience: Strong experience managing assessment teams and reviewing security documentation.
  • Experience: Supporting assessment programs for NIH, HHS, or similar scientific/health agencies.
  • Experience: Advising on control inheritance models, enclave ATOs, and enterprise automation.
  • Experience: Supporting cloud A&A, including AWS, GCP, and SaaS providers.
  • Expert knowledge of NIST RMF and security control assessment.
  • Attention to detail and documentation excellence.
  • Analytical thinking and risk-based decision support.
  • Ability to translate technical risks into actionable remediation plans.
  • Strong stakeholder coordination and communication skills.

Similar jobs

Security Assessment Lead

Koniag Government ServicesMelbourne, FL· 1 wk ago
Information Technologyapply on jobs.dayforcehcm.com

Security Lead

KBR CareersLexington Park, MD· 2 wk ago
Information Technologyapply on careers.kbr.com

Security Lead

CarvanaTooele, UT· 1 wk ago
Information Technology$62k/yrapply on carvana.com

Security Lead

Legends GlobalFort Worth, TX· 2 wk ago
Managementapply on asmglobal.wd1.myworkdayjobs.com

Security Lead

CarvanaChesterfield, VA· 1 mo ago
Information Technologyapply on carvana.com