Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

Security Assessment & Authorization (SA&A) Lead

$142.79k - $184k
Full-time

GDIT

Responsibilities for this Position

Location: USA MD Rockville
Full Part/Time: Full time
Job Req: RQ223530

Type of Requisition:
Regular

Clearance Level Must Currently Possess:
None

Clearance Level Must Be Able to Obtain:
None

Public Trust/Other Required:
NACI (T1)

Job Family:
Cyber and IT Risk Management

Job Qualifications:

Skills:
Assessment & Authorization (A&A), CISM, CISSP, FISMA Compliance
Certifications:
None
Experience:
5 + years of related experience
US Citizenship Required:
No

Job Description:

Security Assessment & Authorization (SA&A) Lead

Advance your career while impacting security of our hosting environment as a Security Assessment & Authorization (SA&A) Lead at GDIT. Here, technologists have many paths to grow a meaningful career supporting cyber missions and operations across the federal government.

MEANINGFUL WORK AND PERSONAL IMPACT
As the Security Assessment & Authorization (SA&A) Lead, the work you'll do at GDIT will be impactful to the mission of the customer. The SA&A Lead is responsible for leading NCI's enterprise Assessment & Authorization (A&A) program, ensuring that all information systems comply with NIST RMF, FISMA, HHS, and NIH cybersecurity requirements. This senior SME provides technical leadership for system assessments, continuous monitoring, documentation quality, remediation support, and authorization readiness. This role aligns with A&A leadership positions seen in major federal cybersecurity practices.

Bring your program management expertise along with a drive for innovation to GDIT.

Responsibilities
  • Lead execution of RMF phases for all assigned systems, including categorization, control selection/tailoring, assessment, authorization, and continuous monitoring.
  • Manage teams responsible for developing and reviewing SSPs, SARs, SAPs, POA&Ms, PTAs, PIAs, eAuth documentation, contingency plans, and related artifacts.
  • Conduct assessment readiness reviews and ensure authorization packages meet quality standards.
  • Provide expert guidance to system owners, ISSOs, engineers, and federal leadership regarding RMF expectations and authorization strategies.
  • Coordinate IV&V of third party assessments and review contractor-provided documentation for completeness.
  • Support enterprise-wide initiatives such as boundary optimization, control inheritance, RMF automation, and FedRAMP leveraging activities.
  • Drive process improvements to reduce authorization timelines, improve documentation quality, and enhance cross-team coordination.
  • Support annual control assessments, continuous monitoring activities, and remediation validation.

Qualifications
  • Education: Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field similar in size
  • Experience: 5+ years leading FISMA-based A&A programs plus experience with eGRC tools (e.g., JCAM, Archer, CSAM)
  • Certification: Possess one or more active certifications, for example, CISSP, CISA, CISM, CRISC
  • ITIL Foundations certification (or ability to obtain within 3 months).
  • Security clearance level: the ability to obtain a Public Trust

Skills
  • Deep understanding of NIST SP 800 37, 800 53, 800 30, 800 171, FedRAMP, and HHS/NIH-specific policies
  • Strong experience managing assessment teams and reviewing security documentation
  • Experience supporting assessment programs for NIH, HHS, or similar scientific/health agencies.
  • Experience advising on control inheritance models, enclave ATOs, and enterprise automation.
  • Experience supporting cloud A&A, including AWS, GCP, and SaaS providers.
  • Expert knowledge of NIST RMF and security control assessment
  • Attention to detail and documentation excellence
  • Analytical thinking and risk-based decision support
  • Ability to translate technical risks into actionable remediation plans
  • Strong stakeholder coordination and communication skills

GDIT IS YOUR PLACE
At GDIT, the mission is our purpose, and our people are at the center of everything we do.
  • Growth: AI-powered career tool that identifies career steps and learning opportunities
  • Support: An internal mobility team focused on helping you achieve your career goals
  • Rewards: Full benefits, wellness programs, 401K matching, competitive salary, and paid time off.
  • Community: Award-winning culture of innovation and a military-friendly workplace

OWN YOUR OPPORTUNITY
Explore a career in program management at GDIT and you'll find endless opportunities to grow alongside colleagues who share your passion for the mission and delivering results.

The likely salary range for this position is $142,792 - $184,000. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range.

Scheduled Weekly Hours:
40

Travel Required:
None

Telecommuting Options:
Onsite

Work Location:
USA MD Rockville

Additional Work Locations:

Total Rewards at GDIT:
Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match. To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available. We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most.

Our Identity Verification Process:
As part of the hiring process, we will ask you to complete an identity verification process that leverages advanced biometrics and artificial intelligence to ensure authenticity and protect against identity fraud. You are expected to be on camera during virtual interviews. We reserve the right to take your picture to verify your identity and prevent fraud. By proceeding, you authorize the collection, processing, and use of your biometric data for identity verification and security purposes.

About Our Work:
We are GDIT. A global technology and professional services company that delivers consulting, technology and mission services to every major agency across the U.S. government, defense and intelligence community. Our 26,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across 50 countries worldwide, offering leading capabilities in digital modernization, AI/ML, Cloud, Cyber and application development. Together with our clients, we strive to create a safer, smarter world by harnessing the power of deep expertise and advanced technology.

Join our Talent Community to stay up to date on our career opportunities and events at
gdit.com/tc .

Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans



PI285590717





Security Assessment & Authorization (SA&A) Lead


Advance your career while impacting security of our hosting environment as a Security Assessment & Authorization (SA&A) Lead at GDIT. Here, technologists have many paths to grow a meaningful career supporting cyber missions and operations across the federal government.


MEANINGFUL WORK AND PERSONAL IMPACT
As the Security Assessment & Authorization (SA&A) Lead, the work you'll do at GDIT will be impactful to the mission of the customer. The SA&A Lead is responsible for leading NCI's enterprise Assessment & Authorization (A&A) program, ensuring that all information systems comply with NIST RMF, FISMA, HHS, and NIH cybersecurity requirements. This senior SME provides technical leadership for system assessments, continuous monitoring, documentation quality, remediation support, and authorization readiness. This role aligns with A&A leadership positions seen in major federal cybersecurity practices.


Bring your program management expertise along with a drive for innovation to GDIT.


Responsibilities

  • Lead execution of RMF phases for all assigned systems, including categorization, control selection/tailoring, assessment, authorization, and continuous monitoring.
  • Manage teams responsible for developing and reviewing SSPs, SARs, SAPs, POA&Ms, PTAs, PIAs, eAuth documentation, contingency plans, and related artifacts.
  • Conduct assessment readiness reviews and ensure authorization packages meet quality standards.
  • Provide expert guidance to system owners, ISSOs, engineers, and federal leadership regarding RMF expectations and authorization strategies.
  • Coordinate IV&V of third party assessments and review contractor-provided documentation for completeness.
  • Support enterprise-wide initiatives such as boundary optimization, control inheritance, RMF automation, and FedRAMP leveraging activities.
  • Drive process improvements to reduce authorization timelines, improve documentation quality, and enhance cross-team coordination.
  • Support annual control assessments, continuous monitoring activities, and remediation validation.



Qualifications

  • Education: Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field similar in size
  • Experience: 5+ years leading FISMA-based A&A programs plus experience with eGRC tools (e.g., JCAM, Archer, CSAM)
  • Certification: Possess one or more active certifications, for example, CISSP, CISA, CISM, CRISC
  • ITIL Foundations certification (or ability to obtain within 3 months).
  • Security clearance level: the ability to obtain a Public Trust



Skills

  • Deep understanding of NIST SP 800 37, 800 53, 800 30, 800 171, FedRAMP, and HHS/NIH-specific policies
  • Strong experience managing assessment teams and reviewing security documentation
  • Experience supporting assessment programs for NIH, HHS, or similar scientific/health agencies.
  • Experience advising on control inheritance models, enclave ATOs, and enterprise automation.
  • Experience supporting cloud A&A, including AWS, GCP, and SaaS providers.
  • Expert knowledge of NIST RMF and security control assessment
  • Attention to detail and documentation excellence
  • Analytical thinking and risk-based decision support
  • Ability to translate technical risks into actionable remediation plans
  • Strong stakeholder coordination and communication skills



GDIT IS YOUR PLACE
At GDIT, the mission is our purpose, and our people are at the center of everything we do.

  • Growth: AI-powered career tool that identifies career steps and learning opportunities
  • Support: An internal mobility team focused on helping you achieve your career goals
  • Rewards: Full benefits, wellness programs, 401K matching, competitive salary, and paid time off.
  • Community: Award-winning culture of innovation and a military-friendly workplace



OWN YOUR OPPORTUNITY
Explore a career in program management at GDIT and you'll find endless opportunities to grow alongside colleagues who share your passion for the mission and delivering results.


The likely salary range for this position is $142,792 - $184,000. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range.



Scheduled Weekly Hours:
40



Travel Required:
None



Telecommuting Options:
Onsite



Work Location:
USA MD Rockville



Additional Work Locations:



Total Rewards at GDIT:
Our benefits package for all US-based employees includes a variety of medical plan options, some with Health Savings Accounts, dental plan options, a vision plan, and a 401(k) plan offering the ability to contribute both pre and post-tax dollars up to the IRS annual limits and receive a company match. To encourage work/life balance, GDIT offers employees full flex work weeks where possible and a variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave. To ensure our employees are able to protect their income, other offerings such as short and long-term disability benefits, life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available. We regularly review our Total Rewards package to ensure our offerings are competitive and reflect what our employees have told us they value most.



Our Identity Verification Process:
As part of the hiring process, we will ask you to complete an identity verification process that leverages advanced biometrics and artificial intelligence to ensure authenticity and protect against identity fraud. You are expected to be on camera during virtual interviews. We reserve the right to take your picture to verify your identity and prevent fraud. By proceeding, you authorize the collection, processing, and use of your biometric data for identity verification and security purposes.



About Our Work:
We are GDIT. A global technology and professional services company that delivers consulting, technology and mission services to every major agency across the U.S. government, defense and intelligence community. Our 26,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across 50 countries worldwide, offering leading capabilities in digital modernization, AI/ML, Cloud, Cyber and application development. Together with our clients, we strive to create a safer, smarter world by harnessing the power of deep expertise and advanced technology.


Join our Talent Community to stay up to date on our career opportunities and events at

gdit.com/tc .


Equal Opportunity Employer / Individuals with Disabilities / Protected Veterans







PI285590717

Vacancy posted 6 days ago
Similar jobs that could be interesting for youBased on the Security Assessment & Authorization (SA&A) Lead in Rockville, MD vacancy
  • $142.79k - $184k

     ...Management Job Qualifications: Skills: Assessment & Authorization (A&A), CISM, CISSP, FISMA Compliance...  ...: Certified Information Systems Security Professional (CISSP) | International...  ...Security Assessment & Authorization (SA&A) Lead Advance your career while impacting security... 
    Suggested
    Full time
    Temporary work
    For contractors
    Immediate start
    Remote work
    Worldwide
    Flexible hours

    General Dynamics Information Technology

    Rockville, MD
    1 day ago
  •  ...Duration: Full Time Temporary (Contract) Site: Hybrid Remote Travel:Less than 10% We are seeking an experienced Security Assessment & Authorization (SA&A) Lead to manage and oversee the development, execution, and continuous improvement of security assessment and... 
    Suggested
    Full time
    Temporary work
    Remote work

    Digital Global Connectors

    Mc Lean, VA
    1 day ago
  • Lead Compliance Specialist (Hybrid, Rockville, MD) Ardent supports federal cybersecurity and privacy compliance efforts, focusing on Security Assessment and Authorization (SA&A) activities. The Lead Compliance Specialist will lead initiatives aligned with FISMA, NIST,... 
    Suggested
    Local area
    Flexible hours

    ArdentMC

    Rockville, MD
    2 days ago
  • $110k - $150k

     ...platforms support national security, civil, and commercial missions...  ...and strategic Cost Volume Lead to drive proposal pricing strategy...  ...Perform competitive pricing assessments, affordability analyses, and...  ...to obtain the required authorizations from the U.S. Department of... 
    Suggested
    Permanent employment
    Full time
    For subcontractor

    Quantum Space

    Rockville, MD
    20 hours ago
  • Job description: Cybersecurity Lead Location: Germantown, MD,...  ...primary technical and managerial authority overseeing all cybersecurity...  ...and oversight for the entire Assessment & Authorization and...  ...A Specialists, A&A SMEs, A&A Security Engineers, A&A Architects, Vulnerability... 
    Suggested
    Full time
    Contract work
    Temporary work
    For contractors
    Work at office
    Local area
    Immediate start
    Home office
    Flexible hours
    Shift work

    Management Solutions

    Germantown, MD
    1 day ago
  • Digital Global Connectors in McLean, Virginia is seeking a Security Assessment & Authorization Lead to manage security assessment activities in a hybrid remote setting. The ideal candidate will have over 5 years of experience in FedRAMP processes, a solid understanding... 
    Remote job

    Digital Global Connectors

    Mc Lean, VA
    4 days ago
  • X-Energy, LLC in Rockville, MD, is seeking a Security Manager to support the Physical Protection Program for the Xe-100 plant. Responsibilities...  ...include developing security plans, managing Access Authorization programs, and training security personnel. The ideal... 

    X-Energy, LLC

    Rockville, MD
    2 days ago
  •  ...Description: About Us: Active Security designs, develops, implements, and...  ...Summary: As a senior technician, the Lead Security Systems Technician is responsible...  ...activities comply with design specifications and authority requirements. Team Oversight &... 
    Night shift

    Active Security Consulting

    Garrett Park, MD
    1 day ago
  • $132.96k - $226.04k

     ...candidate will be someone who can lead a team of five to seven...  ...Development and Test Documentation authoring activities including...  ...interfaces. Identify System Test assessment characteristics that can be...  ...critical to our national security. For more than six decades, SSP... 
    Full time
    Contract work
    For contractors
    Local area

    BAE Systems USA

    Rockville, MD
    3 days ago
  • STG International is looking for a part-time Lead Psychologist in Rockville, MD, to support our Federal Occupational Health contract. This position requires navigating psychological assessments within federal regulations, offering a hybrid work model for candidates in... 
    Contract work
    Part time

    STG International

    Rockville, MD
    4 days ago
  • Description The ICAM Lead is responsible for engineering, administering, and...  ...Management environment, ensuring secure authentication, authorization, and identity lifecycle management aligned...  ...based on enterprise security risk assessment and operational readiness validation... 
    Full time
    Flexible hours

    ActioNet, Inc.

    Rockville, MD
    a month ago
  • $127.79k - $212.99k

     ...seeking a Enterprise Hosting Lead to join our team in Rockville...  ...hosting environments are reliable, secure, and efficient, supporting...  .... Proven ability to assess end-to-end solution components...  ...and Security Assessment and Authorization activities. NTT DATA provides... 
    Temporary work
    Work at office
    Remote work
    Flexible hours

    NTT DATA, Inc.

    Rockville, MD
    1 day ago
  • $25 - $50 per hour

     ...Role Overview TSA is accepting applications for Lead and Supervisory Transportation Security Officers at airports in Rockville. These roles are ideal for individuals looking to step into leadership positions within airport security operations. TSA provides training... 
    Shift work
    Night shift
    Weekend work

    Airport Security Careers

    Rockville, MD
    8 hours ago
  •  ...Description The Security Engineering Lead is responsible for engineering, implementing, and maintaining...  ...Lead enterprise security control assessments, audit readiness activities, and...  ...Serve as the enterprise technical authority during cybersecurity incident response... 
    Full time
    Flexible hours

    ActioNet, Inc.

    Rockville, MD
    a month ago
  •  ...Security And Intelligence Career Field Position Lead a patrol team of three or more officers, including Department of Army Civilian Police (DACP), Military...  ...possible civil action due to improper exercises of authority or injudicious use of force in the apprehension or... 
    Shift work
    Rotating shift
    Weekend work
    Afternoon shift

    Navstar

    Silver Spring, MD
    2 days ago
  •  ...RMS is seeking a Senior Cybersecurity Engineer / Offensive Security Lead to support high‑visibility federal and IC programs. This role...  ...operations across federal and IC environments. Conduct full‑scope assessments, exploit development, and hands‑on attack simulations.... 

    Apogee Global RMS

    Highland, MD
    2 days ago
  • The Cloud Implementation Lead is responsible for engineering, deploying, and maintaining enterprise cloud environments, ensuring secure configuration, performance optimization, and alignment with cloud strategy objectives Clearance: Secret or L Clearance Responsibilities... 
    Full time
    Flexible hours

    ActioNet, Inc.

    Rockville, MD
    20 hours ago
  • KellyMitchell Group is seeking a Web Application Security Subject-Matter Expert / Technical Lead in Bethesda, Maryland. This role involves operating web vulnerability assessment tools, securing application platforms, and mentoring team members. Successful candidates will... 

    KellyMitchell Group

    Bethesda, MD
    3 days ago
  • cFocus Software Incorporated is seeking a Vulnerability Assessment Lead to support the National Institutes of Health (NIH) in a fully remote role. Key responsibilities include leading vulnerability management operations, developing strategies for enterprise vulnerabilities... 
    Remote job

    cFocus Software Incorporated

    Bethesda, MD
    1 day ago
  •  ...in McLean, VA is seeking a Senior Manager, Information Security Office (AI) Consultant to lead initiatives for secure AI/ML solutions. The ideal...  ...practices. Responsibilities include threat modeling, risk assessments, and advising senior leadership on AI security risks.... 
    Work at office

    Capital One National Association

    Mc Lean, VA
    4 days ago
  • $197.3k - $225.1k

     ...One is hiring for a cybersecurity role focused on offensive security. The successful candidate will lead analyses and enhance Capital One's defenses against cyber threats. Responsibilities include assessing adversary activities, engineering detection solutions, and collaborating... 

    Capital One

    Mc Lean, VA
    2 days ago
  • $29.72 per hour

    The Maryland Judiciary in Rockville is seeking a Lead Bailiff to maintain safety and security within the courtroom. This role requires law enforcement experience and proper certification, ensuring public safety and courtroom order. Responsibilities include preparing courtrooms... 
    Hourly pay
    Full time

    Maryland Judiciary

    Rockville, MD
    4 days ago
  • $108.9k - $124.3k

    The Security Executive Council is seeking an Executive Protection Specialist in McLean, VA to ensure the safety of the Executive Management...  ...role requires expertise in security management and threat assessment, as well as the ability to work autonomously under pressure.... 

    The Security Executive Council

    Mc Lean, VA
    3 days ago
  • SwiftCruit is seeking a Lead Network Engineer in Rockville, MD to provide technical leadership for Health Resources & Services Administration...  ...a team of network engineers, and ensuring high availability and security of network systems. The ideal candidate has significant... 

    SwiftCruit

    Rockville, MD
    3 days ago
  •  ...looking for a Certified CMMC Assessor (CCA) in McLean, Virginia to support CMMC certification activities. The role involves conducting assessments, documenting findings, and maintaining compliance with C3PAO procedures and professional conduct codes. This position demands U.S... 

    Elea Ecuador

    Mc Lean, VA
    4 days ago
  •  ...The Release and Deployment Management Lead is responsible for coordinating and governing...  ...infrastructure, application, cloud, and security domains, ensuring structured change...  ...rollback planning, and production readiness assessment • Experience conducting technical risk... 
    Full time
    Flexible hours

    ActioNet, Inc.

    Rockville, MD
    a month ago
  • Description The DR/COOP Lead is responsible for planning, coordinating, validating...  ...enterprise governance reviews including risk assessments, remediation plans, and infrastructure...  ...with system administration, network, security, and cloud leads to ensure cross-support... 
    Full time
    Flexible hours

    ActioNet, Inc.

    Rockville, MD
    a month ago
  •  ...Job Description Job Description Lead Fire Sprinkler Technician About the Company Guardian Fire Protection Services, LLC is a leading provider of fire protection, life safety, and security solutions, proudly serving the Mid‑Atlantic, Midwest, and Southeast regions... 
    Hourly pay
    Temporary work
    Local area

    Guardian Fire Protection Services, LLC

    Derwood, MD
    22 days ago
  • $177k - $220k

    A leading technology solutions firm located in Rockville, MD, seeks an experienced ICAM Lead to engineer and manage their Identity, Credential...  ...will implement access controls, conduct audits, and evaluate security risks while ensuring compliance with industry standards. This... 

    ActioNet

    Rockville, MD
    1 day ago
  • Job Summary The Lead IAM Engineer/Architect leads enterprise IAM...  ...workflows and partners with security and compliance teams on governance...  ...tools (configuration assessment, log aggregation, integrity verification...  ...law. #J-18808-Ljbffr Financial Industry Regulatory Authority, Inc.
    Local area

    Financial Industry Regulatory Authority, Inc.

    Rockville, MD
    3 days ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to Security Assessment & Authorization (SA&A) Lead. Be the first to apply!