Security Assessment & Authorization (SA&A) Lead
General Dynamics Information Technology · Rockville, MD · 2 wk ago
Information Technology$143k–$184k/yrFull-time
Responsibilities
- Lead execution of RMF phases for all assigned systems, including categorization, control selection/tailoring, assessment, authorization, and continuous monitoring.
- Manage teams responsible for developing and reviewing SSPs, SARs, SAPs, POA&Ms, PTAs, PIAs, eAuth documentation, contingency plans, and related artifacts.
- Conduct assessment readiness reviews and ensure authorization packages meet quality standards.
- Provide expert guidance to system owners, ISSOs, engineers, and federal leadership regarding RMF expectations and authorization strategies.
- Cook up coordination of IV&V of third party assessments and review contractor-provided documentation for completeness.
- Support enterprise-wide initiatives such as boundary optimization, control inheritance, RMF automation, and FedRAMP leveraging activities.
- Drive process improvements to reduce authorization timelines, improve documentation quality, and enhance cross-team coordination.
- Support annual control assessments, continuous monitoring activities, and remediation validation.
Qualifications
- Education: Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field similar in size.
- Experience: 5+ years leading FISMA-based A&A programs plus experience with eGRC tools (e.g., JCAM, Archer, CSAM).
- Certification: Possess one or more active certifications, for example, CISSP, CISA, CISM, CRISP.
- TIL Foundations certification (or ability to obtain within 3 months).
- Security clearance level: the ability to obtain a Public Trust.
- Skills: Deep understanding of NIST SP 800 37, 800 53, 800 30, 800 171, FedRAMP, and HHS/NIH-specific policies.
- Experience: Strong experience managing assessment teams and reviewing security documentation.
- Experience: Supporting assessment programs for NIH, HHS, or similar scientific/health agencies.
- Experience: Advising on control inheritance models, enclave ATOs, and enterprise automation.
- Experience: Supporting cloud A&A, including AWS, GCP, and SaaS providers.
- Expert knowledge of NIST RMF and security control assessment.
- Attention to detail and documentation excellence.
- Analytical thinking and risk-based decision support.
- Ability to translate technical risks into actionable remediation plans.
- Strong stakeholder coordination and communication skills.