Business Analyst -- IT Governance and Application Support

System One

Washington, DC, USA

Published: 6/14/2022

Full Time

Job Description

Business Analyst — IT Governance and Application Support

Washington DC 20006

Per Federal contract U.S. Citizenship Required

Must be able to pass enhanced background screen (criminal, financial, drug) for Public Trust clearance

W-2 or C2C

Bachelor’s Degree in Computer Science related field and 5 or more years of experience in a similar role is required

Work Environment & Schedule

• Full-time position.

• On-site presence is required during the initial onboarding and ramp-up period (approximately 6–8 weeks).

• Transition to full-time teleworking following successful onboarding.

• Collaborative, delivery-focused team environment.

Position Summary

The Division of Consumer Protection and Community Affairs (DCCA) maintains a portfolio of internal applications supporting banking supervision, community development, and consumer protection work. Many of those systems handle sensitive data, touch regulatory workflows, or process personally identifiable information, and carry compliance obligations. FISMA documentation, Privacy Impact Assessments, Authority to Operate packages, and system inventory maintenance are standing requirements, not periodic events.

We are looking for a mid-level business analyst to anchor that compliance work and to bring the same analytical discipline to application development support. On the governance side, this means owning the documentation and coordination work that keeps DCCA’s system portfolio compliant: system security plans, ATO cycles, PIA reviews, data classification, and records obligations. On the application side, it means working alongside the development team to determine what applications should do — translating what program staff describe into structured requirements that developers can build against.

The DCCA IT section is small. Governance, business analysis, and project coordination are not separate departments here — they are responsibilities the same small group shares fluidly. This role will work directly with the economists, bank examiners, policy analysts, and attorneys whose work both generates the compliance obligations and drives the application backlog. The governance work and the application work are not as separate as they might appear: a PIA for a new system and a requirements document for that same system draw on the same conversations.

Responsibilities

IT Governance and Compliance

• Maintain and update FISMA documentation for DCCA’s IT system portfolio, including system security plans (SSPs), security categorizations, and related artifacts.

• Coordinate the Authority to Operate (ATO) process for applicable systems, including working with the Board’s security and privacy offices through assessment and authorization cycles.

• Draft, review, and maintain Privacy Impact Assessments (PIAs) for DCCA systems that collect, process, or maintain personally identifiable information.

• Maintain DCCA’s IT system inventory, ensuring records are current and aligned with agency reporting requirements.

• Support data governance and privacy obligations, including data classification, records management, and retention schedule compliance.

• Serve as a working-level point of contact with the Board’s security, privacy, and compliance functions on matters related to DCCA’s IT systems and application portfolio

• Identify and escalate compliance gaps or changes in system posture that may require updated documentation or reassessment.

• Prepare and maintain documentation packages for periodic reviews, assessments, and audits.

Business Analysis and Requirements

• Work directly with DCCA program staff — economists, policy analysts, bank examiners, and attorneys — to elicit, refine, and document business requirements for new and modified applications.

• Translate stakeholder descriptions of workflow and data needs into structured requirements, process diagrams, and functional specifications that the development team can act on.

• Develop and maintain process flow diagrams, use cases, and data flow documentation to support application design and, where applicable, governance activities.

• Help prioritize and scope requirements in coordination with the technical lead and project manager, surfacing dependencies and tradeoffs early.

• Contribute to user acceptance testing by developing test cases, coordinating with business users, and documenting outcomes.

• Bridge communication between technical developers and business stakeholders, reducing friction during discovery, design, and delivery.

This role will participate in QA activities — contributing test cases, supporting UAT coordination, and helping verify that delivered applications meet business requirements — but does not serve as a dedicated QA resource. Testing support is a component of the BA function here, not a primary accountability.

Required Qualifications

• US citizenship.

• Demonstrated experience with FISMA compliance documentation, including system security plans, security categorizations, and related assessment and authorization artifacts.

• Experience drafting or maintaining Privacy Impact Assessments for systems that process personally identifiable information.

• Familiarity with NIST frameworks applicable to federal IT compliance, including NIST SP 800-53 and NIST SP 800-37.

• Experience supporting or coordinating ATO processes, including preparing documentation for security assessments.

• Experience with IT system inventory maintenance and data governance or records management obligations.

• Demonstrated experience in business requirements gathering and documentation, including process flow diagrams, use cases, or functional specifications.

• Ability to work directly with senior subject matter experts — economists, policy analysts, attorneys, and program staff — to develop requirements and designs; skill at uncovering underlying business needs, which may require significant effort to surface.

• Strong written communication skills: compliance and governance work here is documentation intensive.

Preferred Qualifications

• Prior experience in a U.S. federal government environment, particularly in a regulatory, supervisory, or policy-adjacent context.

• Familiarity with the Board’s or similar agency’s privacy and information security frameworks.

• Experience with process modeling tools such as Visio, Lucidchart, or similar.

• Familiarity with Microsoft Power Platform applications or SharePoint Online in a business context (not development).

• Experience coordinating UAT efforts with non-technical business users.

• Coursework or certification in information security, privacy, or records management (e.g., CIPP, CISSP, CRM, or equivalent) is a plus but not required.

Company DescriptionSystem One is a leading provider of specialized, highly technical services and solutions to critical infrastructure, technology, life sciences, and government sectors. We partner with large private and public organizations who trust us to execute their complex, mission-critical initiatives through our outsourced services and workforce solutions.

Company Description

System One is a leading provider of specialized, highly technical services and solutions to critical infrastructure, technology, life sciences, and government sectors. We partner with large private and public organizations who trust us to execute their complex, mission-critical initiatives through our outsourced services and workforce solutions.