Information Systems Security Analyst

Shape Cybersecurity for a Critical Government Agency - Information System Security Analyst (ISSA)

PRISM is seeking a talented and motivated mid-level Information System Security Analyst (ISSA) to contribute to the security posture of a vital U.S. government agency in the heart of Washington, DC. If you are passionate about cybersecurity and eager to deepen your expertise within a mission-driven environment, this is the perfect opportunity.
In this role, you will be instrumental in executing Assessment & Authorization (A&A) activities aligned with the NIST Risk Management Framework (RMF). You will collaborate closely with stakeholders to maintain comprehensive security documentation and ensure systems meet stringent compliance requirements for Authorization to Operate (ATO). This position offers significant opportunities to expand your knowledge of federal cybersecurity practices and make a tangible impact.

Your Responsibilities Will Include:

• Developing and maintaining clear project plans for Assessment & Authorization (A&A) activities.
• Creating, reviewing, and updating Privacy Impact Assessments (PIAs) and Privacy Threshold Assessments (PTAs) to safeguard sensitive information.
• Collaborating effectively with internal teams to support the implementation and enforcement of security policies, procedures, and guidelines.
• Identifying critical system security requirements and providing insightful recommendations for risk mitigation.
• Developing and maintaining robust System Security Plans (SSPs) and associated documentation.
• Reviewing and updating system boundary diagrams and technical architecture descriptions to accurately reflect system environments.
• Preparing and reviewing privacy control implementation statements to ensure adherence to federal privacy standards.
• Maintaining the accuracy of system documentation for parent, child, and subsystem components through timely updates following approved changes.
• Proactively scheduling and leading kickoff meetings with stakeholders to initiate the ATO process for new systems.
• Serving as a key liaison, ensuring clear and accurate communication between A&A staff, system owners, and technical personnel regarding documentation.
• Drafting and maintaining Interconnection Security Agreements (ISAs) for external systems utilizing persistent VPN connections.
• Analyzing Security Impact Analyses (SIAs) for systems undergoing changes or joining the defined system boundary.
• Supporting the crucial processes of system categorization and documentation in accordance with NIST SP 800-60 and FIPS 199.

What You Need to Succeed:

• Bachelor's degree and 5+ years of relevant experience, OR a Master's degree and 3+ years of experience, OR a Ph.D. with 0+ years of experience.
• A strong foundational understanding of the NIST Risk Management Framework (RMF), including SP 800-37, 800-53, 800-60, 800-53A, and FIPS 199/200.
• Demonstrated experience supporting federal Assessment & Authorization (A&A) efforts and maintaining comprehensive system security documentation.
• Excellent organizational, written communication, and stakeholder engagement abilities.
• Proficiency in utilizing Microsoft Office applications, including Word, Excel, PowerPoint, and SharePoint.
• Must be based in the DMV area and able to work onsite in Washington, DC, 3 days per week.

Preferred Skills (Enhance Your Application):

• Hands-on experience with tools such as CSAM, eMASS, or similar systems for POA&M and documentation tracking.
• Familiarity with FedRAMP requirements, continuous monitoring strategies, and cloud-based system authorizations.
• Relevant industry certifications such as CAP, Security+, CISSP, or CISM.
• A solid understanding of privacy controls and federal privacy policy requirements.