JobTarget Logo

Senior Data Analyst- CMS Assessment & Authorization (A&A) at Nextstep Technology Inc – Washington, District of Columbia

Nextstep Technology Inc
Washington, District of Columbia, WX47+V7, United States
Posted on
Salary:$130000 - $160000

Explore Related Opportunities

Data Scientists jobs

About This Position

Overview:

We are seeking a Senior Data Analyst with deep expertise in Assessment and Authorization (A&A) processes to support the protection and compliance of Health and Human Services (HHS) and Centers for Medicare & Medicaid Services (CMS) information systems. The successful candidate will lead data-driven security analysis and documentation to ensure systems meet all federal cybersecurity, privacy, and risk management requirements under FISMA, FedRAMP, HIPAA, and NIST standards.

  • Support the full Assessment & Authorization (A&A) lifecycle for HHS/CMS information systems, including Major Applications and General Support Systems.
  • Develop, review, and maintain Information System Security Plans (ISSPs), Privacy Impact Assessments (PIAs), and Security Control Assessment Reports.
  • Conduct detailed risk analyses, data validation, and security control assessments to support system Authorizations to Operate (ATO).
  • Ensure compliance with FISMA, FedRAMP, HIPAA, NIST SP 800-53, NIST RMF, and FIPS requirements.
  • Coordinate with system owners, ISSOs, and privacy officials to identify control deficiencies and develop Plans of Action and Milestones (POA&Ms).
  • Conduct and interpret vulnerability scans, configuration assessments, and patch management data to support ongoing risk analysis.
  • Ensure all contractor-hosted or cloud-based systems comply with Trusted Internet Connections (TIC) architecture and HHS review processes.
  • Translate technical compliance data into actionable metrics, reports, and dashboards for leadership and audit readiness.
  • Maintain documentation to support continuous monitoring and audits by HHS or other federal entities.
  • Bachelor’s degree in Data Analytics, Information Systems, Cybersecurity, or related field (Master’s preferred).
  • 7+ years of experience in data analysis, information security, or risk/compliance roles supporting CMS and/or federal IT systems.
  • Strong understanding of Assessment & Authorization (A&A) and Authorization to Operate (ATO) processes.
  • Experience with FISMA, FedRAMP, HIPAA, NIST SP 800-37, NIST SP 800-53, and FIPS frameworks.
  • Hands-on experience with vulnerability management, risk analysis, and POA&M tracking.
  • Familiarity with Privacy Impact Assessments (PIA) and Privacy Threshold Analyses (PTA).
  • Proficiency in analyzing and visualizing compliance data using tools such as Excel, Power BI, or Tableau.
  • Strong written and verbal communication skills with the ability to prepare audit-ready documentation.

Preferred Certifications:

  • CISSP, CAP, CISM, Security+, CCSP, or Certified Data Privacy Solutions Engineer (CDPSE)

Job Location

Washington, District of Columbia, WX47+V7, United States
Loading interactive map for Washington, District of Columbia, WX47+V7, United States

Job Location

This job is located in the Washington, District of Columbia, WX47+V7, United States region.

Frequently asked questions about this position

Latest Job Openings in District of Columbia

Sr. Program Manager, International Student Recruitment, NYU Abu Dhabi (Hybrid)

Institute of International Education
Washington, DC

Multi-Unit General Manager

Fresh Baguette
Washington, DC

Assistant General Manager

Fresh Baguette
Washington, DC

Licensed Insurance Sales Agent/ Staff Producer

Mike Jones - State Farm Agency
WASHINGTON, DC

Registered Nurse

Planned Parenthood of Metropolitan Washington DC
Washington, DC
Apply For This Position