IT Security Program Analyst

Breakforth Solutions, Inc.

$90K — $130K *
Information Technology
11 - 15 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's in Cybersecurity, IT, Computer Science, or related field.
  • Minimum 11 years' experience in federal cybersecurity programs and governance.
  • Public Trust Clearance eligibility required.
  • Experience with ISSOs, AOs, and application development teams in a federal context.
  • Strong knowledge of FISMA, NIST RMF, and NIST SP 800-53 security controls.
  • Proficient with JIRA or similar project management software.

Responsibilities

  • Support the IT security program across multiple applications and systems throughout their lifecycle.
  • Coordinate security authorization activities among all relevant stakeholders.
  • Monitor security program milestones and deliverables using project management tools.
  • Develop reports and dashboards to communicate security posture and risks.
  • Maintain and organize security documentation for efficient review and reuse.
  • Engage with application teams for alignment on security and business requirements.

Benefits

  • Collaborative work environment with cross-functional teams.
  • Opportunities for professional development and growth.
  • Access to cutting-edge IT security tools and methodologies.
  • Supportive management that values transparency and communication.
  • Participation in federal cybersecurity initiatives.
Full Job Description
Position Information:

BreakForth Solutions is seeking an experienced IT Security Program Analyst to support the Office of the Chief Information Officer (OCIO), within the IT application organization for our federal customer. The IT Security Program Analyst serves as the primary liaison between the IT application organization, application development teams, operations staff, business stakeholders, and the Office of the Chief Information Officer (OCIO) Information System Security Officers (ISSOs) to ensure security authorization activities are effectively coordinated, documented, and completed in accordance with federal cybersecurity requirements.

This role is responsible for supporting the organization's IT security program across a portfolio of applications and systems by coordinating security authorization activities, maintaining security documentation and artifacts, monitoring compliance milestones, communicating risks, and providing leadership visibility into the overall health of the security program.

The ideal candidate will possess a strong understanding of the federal Risk Management Framework (RMF), security authorization processes, cybersecurity governance, and security documentation, while also demonstrating the ability to understand the business and functional requirements of enterprise applications. The successful candidate will serve as the bridge between application owners and the OCIO ISSO organization, ensuring security requirements are integrated throughout the application lifecycle while supporting mission and operational objectives.

Essential Functions

This role will be responsible for performing tasks such as, but not limited to:

IT Security Program Support
  • Support the organization's IT security program across multiple applications and information systems throughout their lifecycle.
  • Coordinate security authorization activities across application development teams, operations staff, business stakeholders, and the OCIO ISSO organization.
  • Partner with application owners, business stakeholders, and development teams to understand application business and functional requirements, ensuring security controls, authorization activities, and risk management efforts align with mission and operational objectives.
  • Monitor security program milestones, deliverables, dependencies, and compliance activities using JIRA and other project management tools.
  • Develop dashboards, executive reports, and status updates illustrating security program accomplishments, security posture, risks, and outstanding actions.
  • Ensure security program activities remain aligned with organizational priorities, application development efforts, and operational objectives.

Security Authorization & Compliance Coordination
  • Coordinate the preparation, collection, review, and maintenance of security authorization artifacts supporting ATT, ATO, ongoing authorization, and annual security reviews.
  • Ensure required security documentation is complete, current, and maintained within organized repositories to support efficient review and long-term reuse.
  • Work with application teams to establish repeatable processes that reduce redundant effort and eliminate unnecessary recreation of authorization artifacts.
  • Coordinate with OCIO ISSOs regarding authorization package requirements, review schedules, findings, and corrective actions.
  • Track remediation activities associated with POA&Ms, security assessments, and continuous monitoring activities.

Risk Management
  1. Identify, assess, document, and communicate security risks affecting organizational applications and systems.
  2. Analyze application business and functional requirements to identify potential security impacts, risks, and compliance considerations throughout the system lifecycle, coordinating with application teams and OCIO ISSOs to support informed risk management decisions.
  3. Coordinate mitigation activities between application teams and OCIO ISSOs.
  4. Escalate security issues requiring leadership attention and facilitate resolution.
  5. Monitor compliance with FISMA, NIST Risk Management Framework (RMF), NIST SP 800-53 security controls, System Security Plan (SSP) requirements, and organizational security policies.
  6. Support continuous monitoring activities and ongoing authorization efforts.

Stakeholder Engagement & Communication
  • Serve as the primary liaison between the IT application organization and the OCIO ISSO organization.
  • Partner with business owners, product managers, development teams, operations staff, and ISSOs to ensure security requirements align with application functionality, operational priorities, and mission objectives.
  • Translate business and functional requirements into security planning considerations while communicating security impacts, compliance requirements, and risks to technical and non-technical stakeholders.
  • Coordinate meetings, reviews, action items, and communications among internal and external stakeholders.
  • Prepare executive briefings, dashboards, and status reports that provide leadership with visibility into security program performance, compliance activities, and emerging risks.

Documentation & Continuous Improvement
  • Ensure security documentation and artifacts are organized, accessible, and maintained in accordance with organizational standards.
  • Improve documentation management processes supporting authorization activities and annual security reviews.
  • Develop repeatable workflows and governance processes that improve efficiency, strengthen compliance readiness, and reduce redundant effort.
  • Identify opportunities to improve IT security program execution, stakeholder collaboration, documentation quality, and overall program effectiveness.

Education/Skills/Experience Requirements:

  • Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Information Systems, Engineering, or a related field.
  • Minimum of eleven (11) years of experience supporting federal cybersecurity programs, information security governance, Risk Management Framework (RMF), system authorization, or related IT security program activities.
  • Ability to Obtain Public Trust Clearance
  • Education/Experience Equivalent: Associate's degree + 13 years relevant experience, OR High School Diploma + 15 years relevant experience.
  • Experience working with Information System Security Officers (ISSOs), Authorizing Officials (AOs), application development teams, business stakeholders, and system owners supporting federal applications.
  • Strong understanding of FISMA, NIST RMF, NIST SP 800-53 security controls, System Security Plans (SSPs), ATOs, POA&Ms, and continuous monitoring.
  • Experience supporting cloud-hosted federal applications (AWS, Azure, or similar environments).
  • Experience supporting Agile software development environments.
  • Experience coordinating security authorization packages, accreditation documentation, and compliance artifacts.
  • Experience using JIRA or similar project management tools to manage milestones, issues, risks, and program activities.
  • Experience preparing executive dashboards, metrics, and IT security program reporting for senior leadership.
  • Experience working with application owners and business stakeholders to understand application functionality and incorporate business requirements into security planning, risk management, and authorization activities.
  • Ability to communicate effectively with technical and non-technical stakeholders and translate complex security requirements into actionable business guidance.
  • Strong analytical, organizational, problem-solving, and written/verbal communication skills.
  • Ability to manage multiple priorities and support high-visibility initiatives within a fast-paced federal environment.

Desired Knowledge/Skills
  • CISSP, Certified in Governance, Risk and Compliance (CGRC), Security+, PMP, or equivalent industry certifications.
  • Experience supporting federal OCIO organizations.
  • Familiarity with ISO 20000 and ISO 27001 standards

Similar Jobs

  • The PNC Financial Services Group, Inc
    LOB Risk Lead
    $100K — $130K *
    The PNC Financial Services Group, Inc
    Pittsburgh, PA 15237 (Allegheny County)
  • CapTech Consulting
    GRC Team Lead
    $100K — $130K *
    CapTech Consulting
    Richmond, VA 23223 (Richmond City County)
  • Freddie Mac
    IT Risk Senior
    $111K — $167K *
    Freddie Mac
    Mclean, VA 22101 (Fairfax County)
  • MACOM Technology Solutions Holdings, Inc.
    GRC Analyst
    $78K — $125K *
    MACOM Technology Solutions Holdings, Inc.
    York, NY 14592 (Livingston County)
  • PSCU Financial Services
    GRC Program Manager - Remote
    $110K — $143K *
    PSCU Financial Services
    Remote
  • Scale AI
    Technical Assurance Lead
    $120K — $150K *
    Scale AI
    Washington, DC 20011 (District Of Columbia County)

More Jobs at Breakforth Solutions, Inc.

  • IT Security Program Analyst
    $90K — $130K *
    Washington, DC 20011 (District Of Columbia County)
    Information Technology
    In-Person
  • NSI/SCI Analyst (FSO/EA)
    $75K — $95K *
    Fort Washington, MD 20744 (Prince Georges County)
    Aerospace & Defense
    In-Person
  • NSI/SCI Analyst (FSO/EA)
    $75K — $95K *
    Washington, DC 20011 (District Of Columbia County)
    Aerospace & Defense
    In-Person

More Information Technology Jobs

Find similar IT Security Program Analyst jobs: