Security Assessment & Authorization (SA&A) Lead

Security Assessment & Authorization (SA&A) Lead

General Info:

• Citizenship Required: US Citizenship
• Clearance: Public Trust
• Job Duration: Full Time Temporary (Contract)
• Site: Hybrid Remote
• Travel: Less than 10%

Digital Global Connectors is seeking an experienced Security Assessment & Authorization (SA&A) Lead to manage and oversee the development, execution, and continuous improvement of security assessment and authorization activities. The ideal candidate will have extensive experience in developing Authority to Operate (ATO) packages, implementing the Risk Management Framework (RMF), and ensuring compliance with federal standards, including NIST and FedRAMP. This role requires a deep understanding of cloud security, boundary protection, and automation in security practices, along with the ability to communicate effectively with C-suite stakeholders.

Responsibilities:

• Lead and support Assessment and Authorization (A&A) efforts for various agency systems, including those deployed in cloud environments (AWS, Azure).
• Guide federal clients through the ATO process for new and modernized systems, ensuring compliance with NIST standards and RMF.
• Develop and oversee the preparation of ATO documentation, including:
  • System Security Plans (SSP)
  • Security Assessment Reports (SAR)
  • Risk Assessment Memos for Risk-Based Decisions
  • Continuous Monitoring Plans
  • Plan of Action and Milestones (POA&M) management
• Conduct control implementation assessments and validate statements against NIST SP 800-53 requirements.
• Test and validate security controls, identify gaps, and ensure remediation through POA&M tracking and management.
• Create and maintain a comprehensive Risk Register, updating stakeholders on high-risk areas.
• Facilitate Incident Response (IR) and Contingency Plan (CP) tests, providing timely updates and recommendations.
• Lead stakeholder interviews and exit meetings to review and debrief identified findings.
• Provide pre-submission review of ATO packages for approval by the CISO and CIO.
• Design and implement security controls to enhance the security posture of systems and environments.
• Perform security controls assessments on security boundaries and produce required security documentation.
• Leverage automation and artificial intelligence (AI) technologies to enhance efficiency in A&A processes.

Required Skills & Experience:

• Certifications:
  • Certified Information Systems Security Professional (CISSP)
  • Certified Authorization Professional (CAP)
• Technical Experience:
  • 10 years of experience with A&A and FedRAMP processes, including cloud deployments (SaaS, PaaS, IaaS).
  • 5 years of management/leadership and/or client-facing experience.
  • Experience assessing systems deployed in cloud environments (Microsoft Azure and AWS).
  • Strong expertise with NIST publications, including SP 800-53 R5, SP 800-37 R2, SP 800-137, and related frameworks.
  • Extensive knowledge of IT security policies, processes, and governance.
  • Proficiency with multiple operating systems (Windows, Linux, Solaris).
• Key Competencies:
  • Strong understanding of control testing, control requirements, and supporting artifacts.
  • Familiarity with AI, large language models (LLM), guardrails, and automation.
  • Deep expertise in cloud security, boundary protection, asset management, and vulnerability management
• Other Experience:
  • Prior experience with healthcare sector systems is a plus.
  • Strong oral and written communication skills, with the ability to present findings and recommendations to C-suite executives.

Desired Qualifications:

• Proven experience in the development and submission of ATO packages for enterprise and cloud systems.
• Strong organizational skills and ability to manage multiple A&A initiatives simultaneously.
• Experience with continuous monitoring and proactive security operations.

About Digital Global Connectors:

DGC is a Top-Secret Facilities cleared, Woman-Owned Small Business (WOSB) founded in 2012 that offers cyber security engineering, consulting, training, and operations services. For over 25 years, DGC personnel have served the American public by enabling and supporting the missions of critical U.S. government agencies. DGC integrates cutting-edge security services with commercial best practices to assist government and private sector organizations in understanding and optimizing their cyber security posture.