Senior Data Analyst- CMS Assessment & Authorization (A&A) at Nextstep Technology Inc – Windsor Mill, Maryland

Overview:

We are seeking a Senior Data Analyst with deep expertise in Assessment and Authorization (A&A) processes to support the protection and compliance of Health and Human Services (HHS) and Centers for Medicare & Medicaid Services (CMS) information systems. The successful candidate will lead data-driven security analysis and documentation to ensure systems meet all federal cybersecurity, privacy, and risk management requirements under FISMA, FedRAMP, HIPAA, and NIST standards.

Responsibilities

• Support the full Assessment & Authorization (A&A) lifecycle for HHS/CMS information systems, including Major Applications and General Support Systems.
• Develop, review, and maintain Information System Security Plans (ISSPs), Privacy Impact Assessments (PIAs), and Security Control Assessment Reports.
• Conduct detailed risk analyses, data validation, and security control assessments to support system Authorizations to Operate (ATO).
• Ensure compliance with FISMA, FedRAMP, HIPAA, NIST SP 800-53, NIST RMF, and FIPS requirements.
• Coordinate with system owners, ISSOs, and privacy officials to identify control deficiencies and develop Plans of Action and Milestones (POA&Ms).
• Conduct and interpret vulnerability scans, configuration assessments, and patch management data to support ongoing risk analysis.
• Ensure all contractor-hosted or cloud-based systems comply with Trusted Internet Connections (TIC) architecture and HHS review processes.
• Translate technical compliance data into actionable metrics, reports, and dashboards for leadership and audit readiness.
• Maintain documentation to support continuous monitoring and audits by HHS or other federal entities.

• Bachelor’s degree in Data Analytics, Information Systems, Cybersecurity, or related field (Master’s preferred).
• 7+ years of experience in data analysis, information security, or risk/compliance roles supporting CMS and/or federal IT systems,
• Strong understanding of Assessment & Authorization (A&A) and Authorization to Operate (ATO) processes.
• Experience with FISMA, FedRAMP, HIPAA, NIST SP 800-37, NIST SP 800-53, and FIPS frameworks.
• Hands-on experience with vulnerability management, risk analysis, and POA&M tracking.
• Familiarity with Privacy Impact Assessments (PIA) and Privacy Threshold Analyses (PTA).
• Proficiency in analyzing and visualizing compliance data using tools such as Excel, Power BI, or Tableau.
• Strong written and verbal communication skills with the ability to prepare audit-ready documentation.

Preferred Certifications:

• CISSP, CAP, CISM, Security+, CCSP, or Certified Data Privacy Solutions Engineer (CDPSE)