Job Description
Job Description
BreakForth Solutions is seeking a IT Security Program Analyst to join our team of dynamic professionals. We offer 100% paid medical benefits for the employee and a host of other amazing benefits. Please apply today!
Position Information:
BreakForth Solutions is seeking an experienced IT Security Program Analyst to support the Office of the Chief Information Officer (OCIO), within the IT application organization for our federal customer. The IT Security Program Analyst serves as the primary liaison between the IT application organization, application development teams, operations staff, business stakeholders, and the Office of the Chief Information Officer (OCIO) Information System Security Officers (ISSOs) to ensure security authorization activities are effectively coordinated, documented, and completed in accordance with federal cybersecurity requirements.
This role is responsible for supporting the organization's IT security program across a portfolio of applications and systems by coordinating security authorization activities, maintaining security documentation and artifacts, monitoring compliance milestones, communicating risks, and providing leadership visibility into the overall health of the security program.
The ideal candidate will possess a strong understanding of the federal Risk Management Framework (RMF), security authorization processes, cybersecurity governance, and security documentation, while also demonstrating the ability to understand the business and functional requirements of enterprise applications. The successful candidate will serve as the bridge between application owners and the OCIO ISSO organization, ensuring security requirements are integrated throughout the application lifecycle while supporting mission and operational objectives.
Essential Functions
This role will be responsible for performing tasks such as, but not limited to:
IT Security Program Support
- Support the organization's IT security program across multiple applications and information systems throughout their lifecycle.
- Coordinate security authorization activities across application development teams, operations staff, business stakeholders, and the OCIO ISSO organization.
- Partner with application owners, business stakeholders, and development teams to understand application business and functional requirements, ensuring security controls, authorization activities, and risk management efforts align with mission and operational objectives.
- Monitor security program milestones, deliverables, dependencies, and compliance activities using JIRA and other project management tools.
- Develop dashboards, executive reports, and status updates illustrating security program accomplishments, security posture, risks, and outstanding actions.
- Ensure security program activities remain aligned with organizational priorities, application development efforts, and operational objectives.
Security Authorization & Compliance Coordination
- Coordinate the preparation, collection, review, and maintenance of security authorization artifacts supporting ATT, ATO, ongoing authorization, and annual security reviews.
- Ensure required security documentation is complete, current, and maintained within organized repositories to support efficient review and long-term reuse.
- Work with application teams to establish repeatable processes that reduce redundant effort and eliminate unnecessary recreation of authorization artifacts.
- Coordinate with OCIO ISSOs regarding authorization package requirements, review schedules, findings, and corrective actions.
- Track remediation activities associated with POA&Ms, security assessments, and continuous monitoring activities.
Risk Management
- Identify, assess, document, and communicate security risks affecting organizational applications and systems.
- Analyze application business and functional requirements to identify potential security impacts, risks, and compliance considerations throughout the system lifecycle, coordinating with application teams and OCIO ISSOs to support informed risk management decisions.
- Coordinate mitigation activities between application teams and OCIO ISSOs.
- Escalate security issues requiring leadership attention and facilitate resolution.
- Monitor compliance with FISMA, NIST Risk Management Framework (RMF), NIST SP 800-53 security controls, System Security Plan (SSP) requirements, and organizational security policies.
- Support continuous monitoring activities and ongoing authorization efforts.
Stakeholder Engagement & Communication
- Serve as the primary liaison between the IT application organization and the OCIO ISSO organization.
- Partner with business owners, product managers, development teams, operations staff, and ISSOs to ensure security requirements align with application functionality, operational priorities, and mission objectives.
- Translate business and functional requirements into security planning considerations while communicating security impacts, compliance requirements, and risks to technical and non-technical stakeholders.
- Coordinate meetings, reviews, action items, and communications among internal and external stakeholders.
- Prepare executive briefings, dashboards, and status reports that provide leadership with visibility into security program performance, compliance activities, and emerging risks.
Documentation & Continuous Improvement
- Ensure security documentation and artifacts are organized, accessible, and maintained in accordance with organizational standards.
- Improve documentation management processes supporting authorization activities and annual security reviews.
- Develop repeatable workflows and governance processes that improve efficiency, strengthen compliance readiness, and reduce redundant effort.
- Identify opportunities to improve IT security program execution, stakeholder collaboration, documentation quality, and overall program effectiveness.
Education/Skills/Experience Requirements:
- Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Information Systems, Engineering, or a related field.
- Minimum of eleven (11) years of experience supporting federal cybersecurity programs, information security governance, Risk Management Framework (RMF), system authorization, or related IT security program activities.
- Ability to Obtain Public Trust Clearance
- Education/Experience Equivalent: Associate’s degree + 13 years relevant experience, OR High School Diploma + 15 years relevant experience.
- Experience working with Information System Security Officers (ISSOs), Authorizing Officials (AOs), application development teams, business stakeholders, and system owners supporting federal applications.
- Strong understanding of FISMA, NIST RMF, NIST SP 800-53 security controls, System Security Plans (SSPs), ATOs, POA&Ms, and continuous monitoring.
- Experience supporting cloud-hosted federal applications (AWS, Azure, or similar environments).
- Experience supporting Agile software development environments.
- Experience coordinating security authorization packages, accreditation documentation, and compliance artifacts.
- Experience using JIRA or similar project management tools to manage milestones, issues, risks, and program activities.
- Experience preparing executive dashboards, metrics, and IT security program reporting for senior leadership.
- Experience working with application owners and business stakeholders to understand application functionality and incorporate business requirements into security planning, risk management, and authorization activities.
- Ability to communicate effectively with technical and non-technical stakeholders and translate complex security requirements into actionable business guidance.
- Strong analytical, organizational, problem-solving, and written/verbal communication skills.
- Ability to manage multiple priorities and support high-visibility initiatives within a fast-paced federal environment.
Desired Knowledge/Skills
- CISSP, Certified in Governance, Risk and Compliance (CGRC), Security+, PMP, or equivalent industry certifications.
- Experience supporting federal OCIO organizations.
- Familiarity with ISO 20000 and ISO 27001 standards
BreakForth Solutions Incorporated is an equal opportunity employer and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex (including pregnancy, gender identity, and sexual orientation), national origin, disability status, genetics, protected veteran status, or any other basis covered by applicable law.