Snowcreek Consulting, LLC.
Assessment & Authorization (A&A) Business Analyst
POSITION SUMMARY:
Snowcreek Consulting is seeking a talented Assessment & Authorization (A&A) Business Analyst to support the DISA A&A Division in evaluating and articulating the cybersecurity risk of more than 575 information technology systems, networks, cloud service providers, and products, considering DoD and Federal laws, policies, and best practices.
The A&A Business Analyst will be a member of a team of Risk Management Framework (RMF) subject matter experts (SMEs). This team provides guidance, direction, and request processing support for customer inquiries related to assessment and authorization activities for IT systems. The candidate’s duties will include, but are not limited to: providing help desk-type guidance to customers on DISA A&A Division services; reviewing authorization-related documents including System Authorization Request Forms (SARFs); and executing authorization-related workflow actions using DISA’s Request Tracking System (RTS) and eMASS, a master repository of authorization-related workflow information. Additionally, the A&A Business Analyst will be responsible for defining and improving A&A Division processes, staying abreast of relevant changes (including the release of NIST SP-800-53 Rev 5), and contributing to reporting data calls.
This position is currently a remote/hybrid position that requires one day of onsite week per week at the Mark Center in Alexandria, VA. The customer has discretion to change the posture of onsite work at any time.
PRIMARY RESPONSIBILITIES:
- Develop an understanding of DISA Risk Management service offerings
- Monitor the A&A Division customer email inbox to respond to customer inquiries such as new system requests; answer customer inquiries and provide guidance.
- Review and process workflows within the DISA Request Tracking System (RTS), ensuring submissions are accurate, complete, and conform with A&A Division business rules for required artifacts, including system change requests, system authorization requests, and system decommission requests.
- Coordinate meetings and communication with stakeholders such as the security Control Assessors (SCA) and SCA Representatives.
- Leverage DISA tools including the Team Lead Resource (TLR) repository and RTS to track and report the status of systems and system approval workflows
- Following cross-training, use Microsoft Project to track and report on the accomplishment and timelines of key A&A milestones, per IT system; aggregate the schedule data into executive-level reports and briefings.
- Contribute to the creation and improvement of processes for the A&A Division that advance DISA Risk Management objectives.
BASIC QUALIFICATIONS:
- Bachelor's Degree and 6+ years' experience; additional experience in lieu of degree
- Experience working on a help desk, supporting retail sales, providing customer service, or other serving other customer-facing roles
- Strong communication skills; demonstrated professionalism and customer service
- Experience utilizing MS Office (Word, PowerPoint, and Excel)
- Proven experience streamlining processes and procedures
- Active Secret security clearance
PREFERRED QUALIFICATIONS:
- Interest in learning more about cybersecurity and the IT system authorization process
- Familiarity with the NIST Risk Management Framework (RMF) and its application to IT systems
- Consulting firm experience
- Experience with MS Project
- Knowledge / familiarity of PowerBI
