SA&A (AI Security) Lead
Digital Global Connectors, Mc Lean, VA, United States
General Info:
Citizenship Required: US Citizenship
Clearance: Public Trust
Job Duration: Full Time Temporary (Contract)
Site: Hybrid Remote
Travel:Less than 10%
We are seeking an experienced Security Assessment & Authorization (SA&A) Lead to manage and oversee the development, execution, and continuous improvement of security assessment and authorization activities. The ideal candidate will have extensive experience in developing Authority to Operate (ATO) packages, implementing the Risk Management Framework (RMF), and ensuring compliance with federal standards, including NIST and FedRAMP. This role requires a deep understanding of cloud security, boundary protection, and automation in security practices, along with the ability to communicate effectively with C-suite stakeholders.
Responsibilities:
Lead and support Assessment and Authorization (A&A) efforts for various agency systems, including those deployed in cloud environments (AWS, Azure).
Guide federal clients through the ATO process for new and modernized systems, ensuring compliance with NIST standards and RMF.
Develop and oversee the preparation of ATO documentation, including:
System Security Plans (SSP)
Security Assessment Reports (SAR)
Risk Assessment Memos for Risk-Based Decisions
Continuous Monitoring Plans
Plan of Action and Milestones (POA&M) management
Conduct control implementation assessments and validate statements against NIST SP 800-53 requirements.
Test and validate security controls, identify gaps, and ensure remediation through POA&M tracking and management.
Create and maintain a comprehensive Risk Register, updating stakeholders on high-risk areas.
Facilitate Incident Response (IR) and Contingency Plan (CP) tests, providing timely updates and recommendations.
Lead stakeholder interviews and exit meetings to review and debrief identified findings.
Provide pre-submission review of ATO packages for approval by the CISO and CIO.
Design and implement security controls to enhance the security posture of systems and environments.
Perform security controls assessments on security boundaries and produce required security documentation.
Leverage automation and artificial intelligence (AI) technologies to enhance efficiency in A&A processes.
Required Skills & Experience:
Certifications:
Certified Information Systems Security Professional (CISSP)
Certified Authorization Professional (CAP)
Technical Experience:
5+ years of experience with A&A and FedRAMP processes, including cloud deployments (SaaS, PaaS, IaaS).
Experience assessing systems deployed in cloud environments (Microsoft Azure and AWS).
Strong expertise with NIST publications, including SP 800-53 R5, SP 800-37 R2, SP 800-137, and related frameworks.
Extensive knowledge of IT security policies, processes, and governance.
Proficiency with multiple operating systems (Windows, Linux, Solaris).
Key Competencies:
Strong understanding of control testing, control requirements, and supporting artifacts.
Familiarity with AI, large language models (LLM), guardrails, and automation.
Deep expertise in cloud security, boundary protection, asset management, and vulnerability management.
Other Experience:
Prior experience with healthcare sector systems is a plus.
Strong oral and written communication skills, with the ability to present findings and recommendations to C-suite executives.
Desired Qualifications:
Proven experience in the development and submission of ATO packages for enterprise and cloud systems.
Strong organizational skills and ability to manage multiple A&A initiatives simultaneously.
Experience with continuous monitoring and proactive security operations.
#J-18808-Ljbffr
Citizenship Required: US Citizenship
Clearance: Public Trust
Job Duration: Full Time Temporary (Contract)
Site: Hybrid Remote
Travel:Less than 10%
We are seeking an experienced Security Assessment & Authorization (SA&A) Lead to manage and oversee the development, execution, and continuous improvement of security assessment and authorization activities. The ideal candidate will have extensive experience in developing Authority to Operate (ATO) packages, implementing the Risk Management Framework (RMF), and ensuring compliance with federal standards, including NIST and FedRAMP. This role requires a deep understanding of cloud security, boundary protection, and automation in security practices, along with the ability to communicate effectively with C-suite stakeholders.
Responsibilities:
Lead and support Assessment and Authorization (A&A) efforts for various agency systems, including those deployed in cloud environments (AWS, Azure).
Guide federal clients through the ATO process for new and modernized systems, ensuring compliance with NIST standards and RMF.
Develop and oversee the preparation of ATO documentation, including:
System Security Plans (SSP)
Security Assessment Reports (SAR)
Risk Assessment Memos for Risk-Based Decisions
Continuous Monitoring Plans
Plan of Action and Milestones (POA&M) management
Conduct control implementation assessments and validate statements against NIST SP 800-53 requirements.
Test and validate security controls, identify gaps, and ensure remediation through POA&M tracking and management.
Create and maintain a comprehensive Risk Register, updating stakeholders on high-risk areas.
Facilitate Incident Response (IR) and Contingency Plan (CP) tests, providing timely updates and recommendations.
Lead stakeholder interviews and exit meetings to review and debrief identified findings.
Provide pre-submission review of ATO packages for approval by the CISO and CIO.
Design and implement security controls to enhance the security posture of systems and environments.
Perform security controls assessments on security boundaries and produce required security documentation.
Leverage automation and artificial intelligence (AI) technologies to enhance efficiency in A&A processes.
Required Skills & Experience:
Certifications:
Certified Information Systems Security Professional (CISSP)
Certified Authorization Professional (CAP)
Technical Experience:
5+ years of experience with A&A and FedRAMP processes, including cloud deployments (SaaS, PaaS, IaaS).
Experience assessing systems deployed in cloud environments (Microsoft Azure and AWS).
Strong expertise with NIST publications, including SP 800-53 R5, SP 800-37 R2, SP 800-137, and related frameworks.
Extensive knowledge of IT security policies, processes, and governance.
Proficiency with multiple operating systems (Windows, Linux, Solaris).
Key Competencies:
Strong understanding of control testing, control requirements, and supporting artifacts.
Familiarity with AI, large language models (LLM), guardrails, and automation.
Deep expertise in cloud security, boundary protection, asset management, and vulnerability management.
Other Experience:
Prior experience with healthcare sector systems is a plus.
Strong oral and written communication skills, with the ability to present findings and recommendations to C-suite executives.
Desired Qualifications:
Proven experience in the development and submission of ATO packages for enterprise and cloud systems.
Strong organizational skills and ability to manage multiple A&A initiatives simultaneously.
Experience with continuous monitoring and proactive security operations.
#J-18808-Ljbffr