Security Assessment & Authorization (SA&A) Lead

General Dynamics Information Technology, Inc.

$142K — $184K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in Cybersecurity, IT, Computer Science, or related field.
  • 5+ years leading FISMA-based A&A programs.
  • Experience with eGRC tools like JCAM, Archer, CSAM.
  • Possess one or more active certifications (CISSP, CISA, CISM, CRISC).
  • ITIL Foundations certification (or ability to obtain within 3 months).

Responsibilities

  • Lead execution of RMF phases for assigned systems.
  • Manage teams developing and reviewing SSPs, SARs, SAPs, and related artifacts.
  • Conduct assessment readiness reviews for authorization packages.
  • Provide expert guidance on RMF expectations and authorization strategies.
  • Coordinate IV&V of third-party assessments and review contractor documentation.
  • Support enterprise-wide initiatives like RMF automation and FedRAMP activities.
  • Drive process improvements in authorization timelines and documentation quality.

Benefits

  • Variety of medical, dental, and vision plan options.
  • 401(k) plan with pre-tax and post-tax contribution options and company match.
  • Full flex work weeks for better work/life balance.
  • Comprehensive paid time off, including vacation, sick, and personal days.
  • Short and long-term disability benefits and life insurance options.
Full Job Description
Type of Requisition:
Regular

Clearance Level Must Currently Possess:
None

Clearance Level Must Be Able to Obtain:
None

Public Trust/Other Required:
NACI (T1)

Job Family:
Cyber and IT Risk Management

Job Qualifications:

Skills:
Assessment & Authorization (A&A), CISM, CISSP, FISMA Compliance
Certifications:
Certified Information Systems Security Professional (CISSP) | International Information System Security Certification Consortium (ISC2) - International Information System Security Certification Consortium (ISC2), ITIL v3 Foundation | PeopleCert - PeopleCert
Experience:
5 + years of related experience
US Citizenship Required:
No

Job Description:

Security Assessment & Authorization (SA&A) Lead

MEANINGFUL WORK AND PERSONAL IMPACT
As the Security Assessment & Authorization (SA&A) Lead, the work you'll do at GDIT will be impactful to the mission of the customer. The SA&A Lead is responsible for leading NCI's enterprise Assessment & Authorization (A&A) program, ensuring that all information systems comply with NIST RMF, FISMA, HHS, and NIH cybersecurity requirements. This senior SME provides technical leadership for system assessments, continuous monitoring, documentation quality, remediation support, and authorization readiness. This role aligns with A&A leadership positions seen in major federal cybersecurity practices.

Bring your program management expertise along with a drive for innovation to GDIT.

Responsibilities
  • Lead execution of RMF phases for all assigned systems, including categorization, control selection/tailoring, assessment, authorization, and continuous monitoring.
  • Manage teams responsible for developing and reviewing SSPs, SARs, SAPs, POA&Ms, PTAs, PIAs, eAuth documentation, contingency plans, and related artifacts.
  • Conduct assessment readiness reviews and ensure authorization packages meet quality standards.
  • Provide expert guidance to system owners, ISSOs, engineers, and federal leadership regarding RMF expectations and authorization strategies.
  • Coordinate IV&V of third party assessments and review contractor-provided documentation for completeness.
  • Support enterprise-wide initiatives such as boundary optimization, control inheritance, RMF automation, and FedRAMP leveraging activities.
  • Drive process improvements to reduce authorization timelines, improve documentation quality, and enhance cross-team coordination.
  • Support annual control assessments, continuous monitoring activities, and remediation validation.


Qualifications
  • Education: Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field similar in size
  • Experience: 5+ years leading FISMA-based A&A programs plus experience with eGRC tools (e.g., JCAM, Archer, CSAM)
  • Certification: Possess one or more active certifications, for example, CISSP, CISA, CISM, CRISC
  • ITIL Foundations certification (or ability to obtain within 3 months).
  • Security clearance level: the ability to obtain a Public Trust


Skills
  • Deep understanding of NIST SP 800 37, 800 53, 800 30, 800 171, FedRAMP, and HHS/NIH-specific policies
  • Strong experience managing assessment teams and reviewing security documentation
  • Experience supporting assessment programs for NIH, HHS, or similar scientific/health agencies.
  • Experience advising on control inheritance models, enclave ATOs, and enterprise automation.
  • Experience supporting cloud A&A, including AWS, GCP, and SaaS providers.
  • Expert knowledge of NIST RMF and security control assessment
  • Attention to detail and documentation excellence
  • Analytical thinking and risk-based decision support
  • Ability to translate technical risks into actionable remediation plans
  • Strong stakeholder coordination and communication skills


The likely salary range for this position is $142,792 - $184,000. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range.

Scheduled Weekly Hours:
40

Travel Required:
None

Telecommuting Options:
Onsite

Work Location:
USA MD Rockville

Additional Work Locations:

Total Rewards at GDIT:
Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match. To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available. We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most.

Our Identity Verification Process:
As part of the hiring process, we will ask you to complete an identity verification process that leverages advanced biometrics and artificial intelligence to ensure authenticity and protect against identity fraud. You are expected to be on camera during virtual interviews. We reserve the right to take your picture to verify your identity and prevent fraud. By proceeding, you authorize the collection, processing, and use of your biometric data for identity verification and security purposes.

Similar Jobs

More Jobs at General Dynamics Information Technology, Inc.

More Information Technology Jobs

Find similar Security Assessment & Authorization (SA&A) Lead jobs: