FISMA Program Analyst

We are seeking a highly organized and proactive FISMA Program Analyst to lead the execution and ongoing compliance of the Federal Information Security Modernization Act (FISMA) program for a federal client. This role ensures that the organization's information security and risk management practices meet all applicable federal requirements, including OMB memoranda, DHS directives, and NIST guidance.

The ideal candidate will have strong experience in federal cybersecurity frameworks, compliance programs, and risk management, along with excellent communication and stakeholder engagement skills.

Key Responsibilities:

FISMA Compliance & Program Management

• Oversee and support the development, implementation, and ongoing management of a FISMA compliance program.
• Ensure alignment with federal cybersecurity regulations, including NIST SP 800-53, SP 800-37, FIPS 199, and others.
• Coordinate with internal and external auditors to evaluate system security postures and support audit engagements.
• Prepare and maintain FISMA-required documentation, including System Security Plans (SSPs), Security Authorization Packages (SAPs), and Continuous Monitoring (ConMon) reports.

Security Risk Management

• Maintain visibility into organizational risk assessments for High Value Assets (HVAs) and other critical systems.
• Review, document, and track selected security controls for effectiveness and completeness.
• Monitor and report on remediation efforts tied to identified system vulnerabilities and risks.

Incident Response & Continuous Monitoring

• Manage the organization's continuous monitoring activities to ensure FISMA compliance across systems.
• Support and oversee incident response planning, coordination, and reporting in accordance with federal guidelines.
• Validate execution of incident response plans and related documentation updates.

Policy Development & Stakeholder Collaboration

• Develop, update, and maintain FISMA-related policies, procedures, and internal guidance documentation.
• Serve as a liaison between the organization and federal oversight entities on all FISMA-related matters.
• Collaborate across departments (IT, compliance, risk, and policy) to align security operations with compliance goals.
• Provide subject matter expertise in meetings, reviews, and compliance briefings.

Audit & Reporting

• Ensure timely execution of annual FISMA assessments and deliverables as mandated by OMB and DHS.
• Compile and deliver reports to senior leadership summarizing compliance status, risks, and program performance metrics.

Required Qualifications:

Education:

• Bachelor's degree in Computer Science, Cybersecurity, Information Assurance, or a related field.

Experience:

• Minimum of 6 years of experience in cybersecurity, IT governance, or risk management.
• At least 2 years of direct experience managing or supporting FISMA or federal compliance programs.
• Hands-on experience with NIST frameworks (e.g., 800-53, 800-37, 800-171) and FISMA audits.

Skills:

• In-depth knowledge of FISMA, NIST SP 800-series, OMB A-130, and related federal cybersecurity regulations.
• Experience with risk and compliance management tools, continuous monitoring, and vulnerability management systems.
• Strong analytical, project management, and technical writing skills.
• Effective communication skills for interfacing with leadership, stakeholders, and government clients.

Preferred Qualifications:

• Experience working directly with or for federal agencies or government contractors.
• Familiarity with challenges in federal information system security operations and compliance.
• Professional certifications such as:




• CISSP - Certified Information Systems Security Professional
• CISM - Certified Information Security Manager
• CAP - Certified Authorization Professional
• Security+, CySA+, or equivalent




• Experience leading or mentoring small teams or cross-functional working groups.

#LI #DICE