Lead ATO Subject Matter Expert – Cybersecurity Analyst III
Washington, District of Columbia, United States of America
Full Time
4 hours ago
No Visa Sponsorship
Key skills
CloudCyber SecurityAgileLeadershipProject Management
About this role
Role Overview
- Lead enterprise RMF and ATO activities for federal information systems
- Develop and maintain SSPs, SARs, POA&Ms, RTMs, ISCPs, CMPs, and related security documentation
- Conduct system categorization, control selection, implementation validation, and control assessments
- Support rapid ATO initiatives and ongoing authorization activities
- Perform security assessments for cloud, hybrid, on-premises, and classified systems
- Coordinate directly with Authorizing Officials (AOs), ISSOs, engineers, and program leadership
- Utilize JCAM and related DOJ cybersecurity tools to manage authorization packages
- Conduct risk analysis and provide remediation recommendations
- Support FISMA, FISCAM, and continuous monitoring initiatives
- Provide technical leadership for vulnerability remediation and security compliance activities
Requirements
- 10 years of experience in IT Project Management in both Waterfall and Agile environments.
- 10 years of experience performing systems security assessments, preparing system security documentation, and/or performing security upgrades for live networks, desktop systems, servers, and enterprise data bases leading to successful certification and accreditation or security authorization of such systems.
- 10 years of experience assessing and enhancing IT systems security policies and procedures in response to the regulatory requirements associated with Federal and International standards.
- 10 years of IT Security experience with extensive knowledge in security regulations and security assessments having developed numerous security A&A and ATO on a range of systems including classified systems.
- Strong working knowledge with NIST Special Publications, NIST 800-53 for security control selection.
- Bachelor’s degree required.
- Minimum of TWO of the following (NO EXCEPTIONS) : Certified Information Systems Auditor (CISA)
- Certified in Risk and Information Systems Control (CRISC)
- Certified Information Security Manager (CISM)
- Certified in Governance of Enterprise IT (CGEIT)
- Certified Information Systems Security Professional (CISSP)
- Certified Authorization Professional (CAP)
- Active Top Secret Clearance required.
Tech Stack
- Cloud
- Cyber Security