We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
New
Phia LLC jobs

[Contingent] Senior Cybersecurity Compliance Analyst (ATO SME)

Phia LLC
medical insurance, dental insurance, life insurance, vision insurance, paid time off, paid holidays, long term disability, 401(k)
United States, Virginia, Fairfax
11166 Fairfax Boulevard (Show on map)
May 14, 2026

DISCLAIMER: This position is in support of a current government proposal. Employment is contingent upon contract award to phia, LLC.

Status: Proposal - Contingent upon Award

Location: Hybrid - Washington, DC Metro Area
Schedule: Full-time | Core hours 0730-1600 EST, Monday-Friday
Focus Areas: RMF/ATO, FISMA Compliance, Security Authorization, ISSO Support, Federal Cybersecurity
OVERVIEW
phia is seeking a Senior Cybersecurity Compliance Analyst (ATO SME) to provide expert-level support for Risk Management Framework (RMF) and Authorization to Operate (ATO) activities in support of a federal client's information technology security program.
You will perform hands-on RMF activities across multiple federal information systems - developing and maintaining security authorization documentation, coordinating with system owners to maintain continuous compliance, and supporting ATO achievement across on-premises, cloud, hybrid, and air-gapped environments.
WHAT YOU'LL DO
  • Perform security categorization analysis under FIPS 199 and NIST SP 800-60: analyze data types, determine CIA impact levels, identify PII, and document findings in the applicable authorization management system.
  • Select, tailor, and allocate NIST SP 800-53 Rev. 5 security and privacy controls per applicable federal cybersecurity standards; develop and maintain Requirements Traceability Matrices (RTM).
  • Draft and maintain System Security and Privacy Plans (SSPP), ensuring all implemented and planned controls are documented accurately and reflect the as-implemented state of the system.
  • Support ISSO activities: coordinate with system owners and operations and maintenance (O&M) staff to ensure ongoing compliance with federal security requirements and standards.
  • Develop and maintain RMF supplemental documents: Incident Response Plans (IRP), Contingency Plans (CP), Configuration Management Plans (CMP), Initial Privacy Assessments (IPA), Privacy Impact Assessments (PIA), MOUs, and ISAs.
  • Review assessment findings and support remediation planning; develop and track Plans of Action and Milestones (POA&M) for identified control weaknesses.
  • Support preparation of authorization packages for Authorizing Official (AO) review and signature; maintain authorization status documentation.
  • Support continuous monitoring activities: control assessment scheduling, security and privacy impact analyses, and authorization package updates based on system and environment changes.
  • Coordinate privacy documentation with privacy officials for systems processing PII.
  • Assist with annual FISMA and FISCAM audit activities.
WHO YOU ARE
  • RMF Practitioner: You have developed A&A packages from scratch and carried systems through to ATO. You know each RMF step and the documentation required at every gate.
  • Detail-Oriented: You produce SSPP, SAR, and POA&M documentation that is accurate, complete, and ready for government review without requiring extensive rework.
  • Privacy-Aware: You recognize when a system triggers PII documentation requirements and know how to coordinate IPA and PIA processes with privacy officials under tight timelines.
  • Continuous Monitoring Practitioner: You understand federal ISCM strategies and can implement system-level monitoring plans that supplement agency-level requirements.
  • Organized: You manage multiple systems simultaneously, tracking each system's authorization status, POA&M items, and upcoming assessment milestones without missing deadlines.
  • Federal-Fluent: You understand FISMA, NIST SP 800-53, the Privacy Act, and OMB A-130 in practice.
PREFERRED SKILLS
  • Prior experience with federal agency ATO programs
  • Experience with federal authorization management platforms used in federal environments
  • Familiarity with automated scanning tools used for asset discovery and boundary definition
  • Experience supporting Privacy Impact Assessments (PIA) and coordinating with Senior Component Officials for Privacy (SCOP)
  • Experience managing POA&M lifecycle tracking in a federal environment
  • Experience supporting both on-premises and FedRAMP cloud authorization packages
REQUIRED EDUCATION + EXPERIENCE
Education: Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field
Experience: 7+ years performing systems security assessments, preparing A&A documentation, and supporting security authorizations for federal information systems including classified systems; 7+ years of federal IT security compliance experience
Certifications: Minimum one (1) of the following: CISA (ISACA), CRISC (ISACA), CISSP (ISC2), CAP/CGRC (ISC2)
Clearance: Public Trust / Suitability clearance required
GENERAL PROGRAM REQUIREMENTS
Citizenship: Must be a U.S. Citizen. No exception.
Work Hours: Full-time; Monday-Friday core hours 0730-1600 EST
Work Location: Hybrid - Washington, DC Metro Area; on-site presence required.
Travel: Occasional travel may be required in support of this program.

Who We Are

phia LLC ("phia") is a Northern Virginia based, small business established in 2011 with focus in Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis & Incident Response, Cyber Architecture & Capability Analysis, Cyber Policy & Strategy, Information Assurance/Security, Compliance, Certification & Accreditation, Communications Security, Traditional Security, and Facilities Security. phia also provides cyber operations support functions such as: Program and Process Management, Engineering, Development, and Systems Administration that allows for Cyber Operations to efficiently integrate our customer's missions and objectives. phia supports various agencies and offices within the Department of Defense (DoD), Federal government, and private/commercial entities.

phia offers excellent benefits to enhance work-life balance, including the following:

  • Medical Insurance
  • Dental Insurance
  • Vision Insurance
  • Life Insurance
  • Short Term & Long Term Disability
  • 401k Retirement Savings Plan with Company Match
  • Paid Holidays
  • Paid Time Off (PTO)
  • Tuition and Professional Development Assistance

phia does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity, or any other reason prohibited by law in the provision of employment opportunities and benefits.

Applied = 0
MORE JOBS LIKE THIS

(web-bd9584865-ngh6r)