FISMA Program Support Analyst II

Maveris is an IT and cybersecurity services company committed to helping organizations create secure digital solutions to accelerate their mission. Originally founded as a Veteran-owned company, we remain deeply committed to supporting veterans and proudly serving customers across the Federal Government and private sector. We have an opening for a full-time FISMA Program Support Analyst II to join our talented, dynamic team in support of our latest government client.

Veterans are encouraged to apply.

Duties

As a FISMA Program Support Analyst II you will be responsible for overseeing and managing the implementation, compliance, and ongoing execution of the Federal Information Security Modernization Act (FISMA) program for the client team. This role ensures that all aspects of information security and risk management are in alignment with FISMA requirements and applicable federal regulations, including guidance from the National Institute of Standards and Technology (NIST). You will work closely with key stakeholders, including IT teams, risk management, policy, compliance, and audit functions, to ensure that information systems are adequately secured and compliant with FISMA-related Office of Management and Budget (OMB) memorandums and Department of Homeland Security (DHS) directives. The position will oversee risk assessments, security control implementations, continuous monitoring, and incident response protocols. This role is crucial to ensure that an enterprise-level organization remains compliant with FISMA requirements while maintaining a strong cybersecurity posture in line with federal guidelines.

Key Responsibilities:

• Support the development and management of the organization's FISMA program, ensuring compliance with federal regulations and NIST cybersecurity frameworks (NIST SP 800-53, 800-37, FIPS 199, etc.).
• Coordinate with federal and internal auditors to review and analyze the security posture of systems and assist in audits where applicable.
• Support preparation and submission of FISMA-related documentation, including Security Authorization Packages (SAP), System Security Plans (SSPs), and continuous monitoring reports.
• Maintain awareness of organizational risk assessments that identify, evaluate, and mitigate risks to the organization’s High Value Assets (HVAs) and critical information systems.
• Review selected security controls that address identified system risks.
• Track and report remediation efforts for identified vulnerabilities in systems.
• Coordinate and support the implementation of continuous monitoring activities for federal information systems in line with FISMA guidelines.
• Oversee the organization’s incident response and reporting, ensuring adherence to federal incident reporting standards.
• Review the development and execution of the organization's incident response plan, focusing on federal cybersecurity guidelines.
• Serve as a point of contact to the government representative for FISMA compliance.
• Collaborate with cross-functional teams, including IT policy and compliance departments, to develop and implement security policies and practices.
• Develop and maintain FISMA-related security policies, procedures, and guidelines, ensuring alignment with federal requirements.
• Review and update security documentation, ensuring it reflects evolving FISMA standards and regulatory changes.
• Ensure compliance with annual security assessments and reporting requirements as dictated by OMB and DHS.
• Prepare and deliver reports to senior management, highlighting key FISMA compliance metrics, system risk status, and improvement initiatives.

• Bachelor’s degree in Computer Science, Information Security, or related field.
• 6 years of experience in information security, IT governance, or risk management, with at least 2 years focused on managing or leading FISMA or federal policy compliance programs.
• Proven experience with NIST cybersecurity frameworks (NIST 800-53, 800-37, 800-171) and understanding of federal security standards.
• Strong understanding of FISMA, NIST SP 800-series, and other relevant federal cybersecurity regulations.
• Experience with risk management and governance tools, continuous monitoring tools, and vulnerability management systems.
• Excellent project management and leadership skills.
• Strong written and verbal communication skills for developing reports, data visualizations, and communicating with senior leadership.

Preferred Qualifications:

• Knowledge of the specific requirements and challenges involved in managing security for federal government agencies or contractors.

• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Authorization Professional (CAP), Security+, Cybersecurity Analyst+, or similar certifications preferred.
• Experience in managing teams and working with stakeholders across different organizational functions.
• Full-time, on-site in Washington, D.C. with the prospective government organization.
• May involve some travel to client sites or federal agencies, as directed by government client per contract requirements.
• Ability to work independently and lead cross-functional teams in a collaborative, fast-paced environment.

Maveris attracts and retains talent of the highest caliber by offering opportunities to work in exciting and challenging environments surrounded by bright minds. Our employees are our most prized asset and are rewarded with highly competitive compensation and a top-tier benefits package, including:

• 401(k) with company match
• Dental Insurance
• Health Insurance
• Vision Insurance
• Life Insurance
• Paid Time Off

About Maveris

Maveris offers exceptional, mission-focused, solutions to organizations facing highly complex IT, digital, and cybersecurity challenges. Our success is achieved by maintaining an environment of trust where people are encouraged to reach their fullest potential. Every candidate that applies to Maveris brings something unique to the table, and because our team is diverse, we consistently meet our goals and exceed client expectations. If you are a highly-motivated person with a willingness to learn, we invite you to apply today to join our team!

To learn more about employee benefits visit www.maveris.com.
For company updates and the latest job postings check us out on LinkedIn.
If you'd like to read about some of our research and projects head over to Maveris Labs.
Want a more behind the scenes view? Check out our blog Maveris Insights to learn more about the team behind the solutions.

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity or expression, pregnancy, age, national origin, disability status, genetic information, protected veteran status, or any other characteristic protected by law.