Pay Growth
?
out of 5
Not enough data
Not enough info to score pay or growth
[Contingent] Senior Cybersecurity Compliance Analyst (ATO SME)
Job
Phia LLC
Remote
Full-Time
Review key factors to help you decide if the role fits your goals.
Job Security
?
out of 5
Not enough data
Calculating job security score...
Total Score
77
out of 100
Average of individual scores
Skill Insights
Compare your current skills to what this opportunity needs—we'll show you what you already have and what could strengthen your application.
Job Description
[Contingent] Senior Cybersecurity Compliance Analyst (ATO SME) Phia LLC medical insurance, dental insurance, life insurance, vision insurance, paid time off, paid holidays, long term disability, 401(k) United States, Virginia, Fairfax 11166 Fairfax Boulevard (Show on map) May 14, 2026
DISCLAIMER:
This position is in support of a current government proposal. Employment is contingent upon contract award to phia, LLC.Status:
Proposal - Contingent uponAward Location:
Hybrid - Washington, DC Metro AreaSchedule:
Full-time | Core hours 0730-1600 EST, Monday-FridayFocus Areas:
RMF/ATO, FISMA
Compliance, Security Authorization, ISSO Support, Federal CybersecurityOVERVIEW
phia is seeking a Senior Cybersecurity Compliance Analyst (ATO SME) to provide expert-level support for Risk Management Framework (RMF) and Authorization to Operate (ATO) activities in support of a federal client's information technology security program. You will perform hands-on RMF activities across multiple federal information systems - developing and maintaining security authorization documentation, coordinating with system owners to maintain continuous compliance, and supporting ATO achievement across on-premises, cloud, hybrid, and air-gapped environments.WHAT YOU'LL DO
Perform security categorization analysis under FIPS 199 andNIST SP 800-60
analyze data types, determine CIA impact levels, identify PII, and document findings in the applicable authorization management system. Select, tailor, and allocateNIST SP 800-53
Rev. 5 security and privacy controls per applicable federal cybersecurity standards; develop and maintain Requirements Traceability Matrices (RTM). Draft and maintain System Security and Privacy Plans (SSPP), ensuring all implemented and planned controls are documented accurately and reflect the as-implemented state of the system. Support ISSO activities: coordinate with system owners and operations and maintenance (O&M) staff to ensure ongoing compliance with federal security requirements and standards. Develop and maintain RMF supplemental documents: Incident Response Plans (IRP), Contingency Plans (CP), Configuration Management Plans (CMP), Initial Privacy Assessments (IPA), Privacy Impact Assessments (PIA), MOUs, and ISAs. Review assessment findings and support remediation planning; develop and track Plans of Action and Milestones (POA&M) for identified control weaknesses. Support preparation of authorization packages for Authorizing Official (AO) review and signature; maintain authorization status documentation. Support continuous monitoring activities: control assessment scheduling, security and privacy impact analyses, and authorization package updates based on system and environment changes. Coordinate privacy documentation with privacy officials for systems processing PII. Assist with annual FISMA and FISCAM audit activities.WHO YOU ARE
RMF Practitioner:
You have developed A&A packages from scratch and carried systems through to ATO. You know each RMF step and the documentation required at every gate.Detail-Oriented:
You produce SSPP, SAR, and POA&M documentation that is accurate, complete, and ready for government review without requiring extensive rework.Privacy-Aware:
You recognize when a system triggers PII documentation requirements and know how to coordinate IPA and PIA processes with privacy officials under tight timelines.Continuous Monitoring Practitioner:
You understand federal ISCM strategies and can implement system-level monitoring plans that supplement agency-level requirements.Organized:
You manage multiple systems simultaneously, tracking each system's authorization status, POA&M items, and upcoming assessment milestones without missing deadlines.Federal-Fluent:
You understandFISMA, NIST SP
800-53, the Privacy Act, andOMB A-130
in practice.PREFERRED SKILLS
Prior experience with federal agency ATO programs Experience with federal authorization management platforms used in federal environments Familiarity with automated scanning tools used for asset discovery and boundary definition Experience supporting Privacy Impact Assessments (PIA) and coordinating with Senior Component Officials for Privacy (SCOP) Experience managing POA&M lifecycle tracking in a federal environment Experience supporting both on-premises and FedRAMP cloud authorization packagesREQUIRED EDUCATION + EXPERIENCE
Education:
Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related fieldExperience:
7+ years performing systems security assessments, preparing A&A documentation, and supporting security authorizations for federal information systems including classified systems; 7+ years of federal IT security compliance experienceCertifications:
Minimum one (1) of the following: CISA (ISACA), CRISC (ISACA), CISSP (ISC2), CAP/CGRC (ISC2)Clearance:
Public Trust / Suitability clearance requiredGENERAL PROGRAM REQUIREMENTS
Citizenship:
Must be a U.S. Citizen. No exception.Work Hours:
Full-time; Monday-Friday core hours 0730-1600 ESTWork Location:
Hybrid - Washington, DC Metro Area; on-site presence required.Travel:
Occasional travel may be required in support of this program. Who We Are phia LLC ("phia") is a Northern Virginia based, small business established in 2011 with focus in Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis & Incident Response, Cyber Architecture & Capability Analysis, Cyber Policy & Strategy, Information Assurance/Security, Compliance, Certification & Accreditation, Communications Security, Traditional Security, and Facilities Security. phia also provides cyber operations support functions such as: Program and Process Management, Engineering, Development, and Systems Administration that allows for Cyber Operations to efficiently integrate our customer's missions and objectives. phia supports various agencies and offices within the Department of Defense (DoD), Federal government, and private/commercial entities. phia offers excellent benefits to enhance work-life balance, including the following: Medical Insurance Dental Insurance Vision Insurance Life Insurance Short Term & Long Term Disability 401k Retirement Savings Plan with Company Match Paid Holidays Paid Time Off (PTO) Tuition and Professional Development Assistance phia does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity, or any other reason prohibited by law in the provision of employment opportunities and benefits.Similar remote jobs
Hixson Architecture, Engineering and Interiors
Cincinnati, OH
Posted2 days ago
Updated22 hours ago
Cardinal Health
Harrisburg, PA
Posted2 days ago
Updated22 hours ago
Similar jobs in Fairfax, VA
Securitas Security Services USA, Inc.
Fairfax, VA
Posted2 days ago
Updated22 hours ago
HII's Mission Technologies division
Fairfax, VA
Posted2 days ago
Updated22 hours ago
AbbVie
Fairfax, VA
Posted2 days ago
Updated22 hours ago
Nike
Fairfax, VA
Posted2 days ago
Updated22 hours ago
Similar jobs in Virginia
Federal Emergency Management Agency
Round Hill, VA
Posted2 days ago
Updated22 hours ago
Publix Asset Management Company
Suffolk, VA
Posted2 days ago
Updated22 hours ago