[Remote] ICS Authorizations Program Analyst II

Note: The job is a remote job and is open to candidates in USA. Signature Performance, Inc. is dedicated to improving the health of clients' businesses and lowering healthcare administrative costs for federal entities. They are seeking an ICS Authorizations Program Analyst II to manage system Authorization to Operate (ATO) and FedRAMP authorization packages, coordinate with federal agency stakeholders, and ensure compliance with security assessments and audits.

Responsibilities

• Plan, manage, and track system Authorization to Operate (ATO) and FedRAMP authorization packages, including schedules, dependencies, and renewal cycles, ensuring all required documentation is completed by internal owners and submitted to Agency partners on time
• Work directly with federal agency points of contact and internal SaaS product, engineering, and security teams to clarify authorization and evidence requirements, assign actions, and follow up until all requested artifacts are complete and accepted
• For client- or agency-specific packages coordinate with the assigned security analyst to ensure that the SSP is documented, updated, and delivered, tracking status but not authoring the technical content
• Coordinate security assessments and audits through engagement with internal and external stakeholders, including 3PAOs and federal partners, managing evidence collection, organizing responses to questions, and tracking remediation of findings across responsible internal teams
• Oversee submission and maintenance of continuous monitoring evidence for assigned systems, confirming that scan results, inventory updates, POA&M updates, and change records have been prepared by the appropriate internal owners and transmitted per agency or FedRAMP requirements
• Monitor, assess, and report on control effectiveness; develop dashboards and metrics to communicate overall compliance posture to leadership
• Support assessments against NIST-based requirements (e.g., NIST 800-53, NIST CSF) and related programs such as FedRAMP, FISMA, or HIPAA by coordinating tasking and consolidating evidence and status updates
• Translate technical and policy requirements from Agencies and 3PAOs into actionable, trackable plans for internal teams, ensuring timely remediation and risk reduction
• Contribute to the improvement of compliance and authorization workflows, leveraging GRC tools to automate and track activities related to ATOs, FedRAMP, and continuous monitoring
• Serve as a liaison with IT, security operations, privacy, and business units to ensure cohesive governance and communication of audit results and policy updates

Skills

• U.S. citizenship and eligibility for a NACLC DoD Security Clearance
• Bachelor's degree in Information Systems, Cybersecurity, Computer Science, or a related field (or equivalent professional experience)
• 5--10 years of progressively responsible experience supporting cybersecurity, compliance, risk, framework compliance, or audit programs within a federal agency, contractor, or 3PAO environment
• Demonstrated ability to independently manage complex authorization and audit workstreams, schedules, dependencies, documentation control, and deliverable quality
• Advanced working knowledge of NIST-based frameworks, the end-to-end ATO lifecycle (e.g., SSP, RAR/SAR, POA&M, continuous monitoring), and how these are applied in practice to federal or FedRAMP authorized systems
• Proven experience coordinating ATO or FedRAMP authorization activities with federal agencies or as part of a FedRAMP 3PAO, including scheduling, evidence tracking, and coordinating responses from internal technical teams
• Experience interpreting ATO and FedRAMP evidence requests and translating them into clear, trackable tasks for internal subject matter experts
• Working proficiency with GRC platforms and workflows (e.g., Onspring, Archer, ServiceNow), including reporting/metrics to communicate compliance posture and risk
• Strong analytical, writing, and facilitation skills, with the ability to brief leadership, influence outcomes, and translate complex security/compliance topics for varied audiences
• Experience managing system security plans (SSPs), risk assessment reports (RARs), and plans of action and milestones (POA&Ms), including coordinating inputs and updates from multiple contributors
• Six Sigma, ISO, or other quality certifications
• Hands-on exposure to FedRAMP, FISMA, or DoD RMF assessment requirements, ideally in a cloud or SaaS context
• CAP, PMP, or comparable certification in security or project management preferred

Benefits

• Health Insurance for Our Associates
• Fully Paid Life Insurance
• Fully Paid Short- & Long-Term Disability
• Paid Vacation
• Paid Sick Leave
• Paid Holidays
• Professional Development and Tuition Assistance Program
• 401(k) Program with Employer Match

Company Overview