Senior Data Analyst- CMS Assessment & Authorization (A&A)

Nextstep Technology Inc Windsor Mill, Maryland, United States

About this position

  

Overview:

We are seeking a Senior Data Analyst with deep expertise in Assessment and Authorization (A&A) processes to support the protection and compliance of Health and Human Services (HHS) and Centers for Medicare & Medicaid Services (CMS) information systems. The successful candidate will lead data-driven security analysis and documentation to ensure systems meet all federal cybersecurity, privacy, and risk management requirements under FISMA, FedRAMP, HIPAA, and NIST standards.


Responsibilities

  • Support the full Assessment & Authorization (A&A) lifecycle for HHS/CMS information systems, including Major Applications and General Support Systems.
  • Develop, review, and maintain Information System Security Plans (ISSPs), Privacy Impact Assessments (PIAs), and Security Control Assessment Reports.
  • Conduct detailed risk analyses, data validation, and security control assessments to support system Authorizations to Operate (ATO).
  • Ensure compliance with FISMA, FedRAMP, HIPAA, NIST SP 800-53, NIST RMF, and FIPS requirements.
  • Coordinate with system owners, ISSOs, and privacy officials to identify control deficiencies and develop Plans of Action and Milestones (POA&Ms).
  • Conduct and interpret vulnerability scans, configuration assessments, and patch management data to support ongoing risk analysis.
  • Ensure all contractor-hosted or cloud-based systems comply with Trusted Internet Connections (TIC) architecture and HHS review processes.
  • Translate technical compliance data into actionable metrics, reports, and dashboards for leadership and audit readiness.
  • Maintain documentation to support      continuous monitoring and audits by HHS or other federal entities.



Salary Information

$130000 - $160000 Annual Salary

Requirements

  

  • Bachelor’s degree in Data Analytics, Information Systems, Cybersecurity, or related field (Master’s preferred).
  • 7+ years of experience in data      analysis, information security, or risk/compliance roles supporting CMS and/or federal IT systems, 
  • Strong understanding of Assessment & Authorization (A&A) and Authorization to Operate (ATO) processes.
  • Experience with FISMA, FedRAMP, HIPAA, NIST SP 800-37, NIST SP 800-53, and FIPS frameworks.
  • Hands-on experience with vulnerability management, risk analysis, and POA&M tracking.
  • Familiarity with Privacy Impact Assessments (PIA) and Privacy Threshold Analyses (PTA).
  • Proficiency in analyzing and visualizing compliance data using tools such as Excel, Power BI, or Tableau.
  • Strong written and verbal communication skills with the ability to prepare audit-ready documentation.

Preferred Certifications:

  • CISSP, CAP, CISM, Security+, CCSP, or Certified Data Privacy Solutions Engineer (CDPSE)