Government Careers
  • Security Assessment & Authorization (SA&A) Lead

  • General Dynamics Information Technology
  • Rockville, Maryland 20849 United States View Map

Job Description Security Assessment & Authorization (SA&A) Lead. Advance your career while impacting security of our hosting environment as a Security Assessment & Authorization (SA&A) Lead. Here, technologists have many paths to grow a meaningful career supporting cyber missions and operations across the federal government.MEANINGFUL WORK AND PERSONAL IMPACTAs the SA&A Lead, you will help lead NCI's enterprise Assessment & Authorization program, ensuring that all information systems comply with NIST RMF, FISMA, HHS, and NIH cybersecurity requirements. This senior SME provides technical leadership for system assessments, continuous monitoring, documentation quality, remediation support, and authorization readiness. This role aligns with A&A leadership positions seen in major federal cybersecurity practices.Bring your program management expertise along with a drive for innovation to GDIT.Responsibilities Lead execution of RMF phases for all assigned systems, including categorization, control selection/tailoring, assessment, authorization, and continuous monitoring.Manage teams responsible for developing and reviewing SSPs, SARs, SAPs, POA&Ms, PTAs, PIAs, eAuth documentation, contingency plans, and related artifacts.Conduct assessment readiness reviews and ensure authorization packages meet quality standards.Provide expert guidance to system owners, ISSOs, engineers, and federal leadership regarding RMF expectations and authorization strategies.Coordinate IV&V of third party assessments and review contractor-provided documentation for completeness.Support enterprise-wide initiatives such as boundary optimization, control inheritance, RMF automation, and FedRAMP leveraging activities.Drive process improvements to reduce authorization timelines, improve documentation quality, and enhance cross-team coordination.Support annual control assessments, continuous monitoring activities, and remediation validation.Qualifications Education: Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field.Experience: 5+ years leading FISMA-based A&A programs plus experience with eGRC tools (e.g., JCAM, Archer, CSAM).Certification: Possess one or more active certifications, for example, CISSP, CISA, CISM, CRISC.ITIL Foundations certification (or ability to obtain within 3 months).Security clearance level: ability to obtain a Public Trust.Skills: Deep understanding of NIST SP 800-37, 800-53, 800-30, 800-171, FedRAMP, and HHS/NIH-specific policies.Strong experience managing assessment teams and reviewing security documentation.Experience supporting assessment programs for NIH, HHS, or similar scientific/health agencies.Experience advising on control inheritance models, enclave ATOs, and enterprise automation.Experience supporting cloud A&A, including AWS, GCP, and SaaS providers.Expert knowledge of NIST RMF and security control assessment.Attention to detail and documentation excellence.Analytical thinking and risk-based decision support.Ability to translate technical risks into actionable remediation plans.Strong stakeholder coordination and communication skills.Work Location & Travel Location: USA MD RockvilleTravel: NoneTelecommuting Options: OnsiteTotal Rewards Our benefits package for all US-based employees includes a variety of medical plan options, dental and vision plans, and a 401(k) with company matching. Details vary by location and role.Equal Opportunity Employer Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans#J-18808-Ljbffr

Job Description Security Assessment & Authorization (SA&A) Lead. Advance your career while impacting security of our hosting environment as a Security Assessment & Authorization (SA&A) Lead. Here, technologists have many paths to grow a meaningful career supporting cyber missions and operations across the federal government.MEANINGFUL WORK AND PERSONAL IMPACTAs the SA&A Lead, you will help lead NCI's enterprise Assessment & Authorization program, ensuring that all information systems comply with NIST RMF, FISMA, HHS, and NIH cybersecurity requirements. This senior SME provides technical leadership for system assessments, continuous monitoring, documentation quality, remediation support, and authorization readiness. This role aligns with A&A leadership positions seen in major federal cybersecurity practices.Bring your program management expertise along with a drive for innovation to GDIT.Responsibilities Lead execution of RMF phases for all assigned systems, including categorization, control selection/tailoring, assessment, authorization, and continuous monitoring.Manage teams responsible for developing and reviewing SSPs, SARs, SAPs, POA&Ms, PTAs, PIAs, eAuth documentation, contingency plans, and related artifacts.Conduct assessment readiness reviews and ensure authorization packages meet quality standards.Provide expert guidance to system owners, ISSOs, engineers, and federal leadership regarding RMF expectations and authorization strategies.Coordinate IV&V of third party assessments and review contractor-provided documentation for completeness.Support enterprise-wide initiatives such as boundary optimization, control inheritance, RMF automation, and FedRAMP leveraging activities.Drive process improvements to reduce authorization timelines, improve documentation quality, and enhance cross-team coordination.Support annual control assessments, continuous monitoring activities, and remediation validation.Qualifications Education: Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field.Experience: 5+ years leading FISMA-based A&A programs plus experience with eGRC tools (e.g., JCAM, Archer, CSAM).Certification: Possess one or more active certifications, for example, CISSP, CISA, CISM, CRISC.ITIL Foundations certification (or ability to obtain within 3 months).Security clearance level: ability to obtain a Public Trust.Skills: Deep understanding of NIST SP 800-37, 800-53, 800-30, 800-171, FedRAMP, and HHS/NIH-specific policies.Strong experience managing assessment teams and reviewing security documentation.Experience supporting assessment programs for NIH, HHS, or similar scientific/health agencies.Experience advising on control inheritance models, enclave ATOs, and enterprise automation.Experience supporting cloud A&A, including AWS, GCP, and SaaS providers.Expert knowledge of NIST RMF and security control assessment.Attention to detail and documentation excellence.Analytical thinking and risk-based decision support.Ability to translate technical risks into actionable remediation plans.Strong stakeholder coordination and communication skills.Work Location & Travel Location: USA MD RockvilleTravel: NoneTelecommuting Options: OnsiteTotal Rewards Our benefits package for all US-based employees includes a variety of medical plan options, dental and vision plans, and a 401(k) with company matching. Details vary by location and role.Equal Opportunity Employer Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans#J-18808-Ljbffr

Government Careers

Government Careers

Government jobs offer stability, competitive benefits, and the chance to make a meaningful impact on your community and country.

Whether you’re starting your career or seeking new opportunities, these roles provide pathways for growth, security, and service.

Explore positions across a wide range of fields and take the first step toward a rewarding future in public service.

Show more

MORE JOBS