Business Analyst
United States
Full Time
1 day ago
No H1B
Key skills
CRMCommunication
About this role
Custom Software Systems, Inc. (CSS) is seeking a mid-level Business Analyst to anchor compliance work and to bring the same analytical discipline to application development support. This role involves owning documentation and coordination work for compliance and translating program staff descriptions into structured requirements for application development.
Responsibilities:
- Maintain and update FISMA documentation for the client’s IT system portfolio, including system security plans (SSPs), security categorizations, and related artifacts
- Coordinate the Authority to Operate (ATO) process for applicable systems, including working with the clients’ security and privacy offices through assessment and authorization cycles
- Draft, review, and maintain Privacy Impact Assessments (PIAs) for client systems that collect, process, or maintain personally identifiable information
- Maintain clients' IT system inventory, ensuring records are current and aligned with agency reporting requirements
- Support data governance and privacy obligations, including data classification, records management, and retention schedule compliance
- Serve as a working-level point of contact with the client's security, privacy, and compliance functions on matters related to DCCA’s IT systems and application portfolio
- Identify and escalate compliance gaps or changes in system posture that may require updated documentation or reassessment
- Prepare and maintain documentation packages for periodic reviews, assessments, and audits
- Work directly with client program staff — economists, policy analysts, bank examiners, and attorneys — to elicit, refine, and document business requirements for new and modified applications
- Translate stakeholder descriptions of workflow and data needs into structured requirements, process diagrams, and functional specifications that the development team can act on
- Develop and maintain process flow diagrams, use cases, and data flow documentation to support application design and, where applicable, governance activities
- Help prioritize and scope requirements in coordination with the technical lead and project manager, surfacing dependencies and tradeoffs early
- Contribute to user acceptance testing by developing test cases, coordinating with business users, and documenting outcomes
- Bridge communication between technical developers and business stakeholders, reducing friction during discovery, design, and delivery
- This role will participate in QA activities — contributing test cases, supporting UAT coordination, and helping verify that delivered applications meet business requirements — but does not serve as a dedicated QA resource. Testing support is a component of the BA function here, not a primary accountability
Requirements:
- Demonstrated experience with FISMA compliance documentation, including system security plans, security categorizations, and related assessment and authorization artifacts
- Experience drafting or maintaining Privacy Impact Assessments for systems that process personally identifiable information
- Familiarity with NIST frameworks applicable to federal IT compliance, including NIST SP 800-53 and NIST SP 800-37
- Experience supporting or coordinating ATO processes, including preparing documentation for security assessments
- Experience with IT system inventory maintenance and data governance or records management obligations
- Demonstrated experience in business requirements gathering and documentation, including process flow diagrams, use cases, or functional specifications
- Ability to work directly with senior subject matter experts — economists, policy analysts, attorneys, and program staff — to develop requirements and designs; skill at uncovering underlying business needs, which may require significant effort to surface
- Strong written communication skills: compliance and governance work here is documentation-intensive
- US Citizenship
- Prior experience in a U.S. federal government environment, particularly in a regulatory, supervisory, or policy-adjacent context
- Familiarity with the Board's or similar agency's privacy and information security frameworks
- Experience with process modeling tools such as Visio, Lucidchart, or similar
- Familiarity with Microsoft Power Platform applications or SharePoint Online in a business context (not development)
- Experience coordinating UAT efforts with non-technical business users
- Coursework or certification in information security, privacy, or records management (e.g., CIPP, CISSP, CRM, or equivalent) is a plus but not required