HHS - A&A Subject Matter Expert (SME)

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Information Technology, or related field.
• Minimum 8–10 years of experience supporting federal RMF and A&A programs.
• Expert knowledge of NIST SP 800-37, NIST SP 800-53, NIST SP 800-53A, and FISMA.
• Extensive experience reviewing and approving ATO and ongoing authorization packages.
• Hands-on experience with eGRC platforms (e.g., RSA Archer).
• Experience briefing senior executives and Authorizing Officials.
• Strong written, analytical, and verbal communication skills.

Nice To Haves

• Active CAP, CISSP, or CISM (preferred)

Responsibilities

• Serve as the enterprise SME for Authorization & Accreditation (A&A) and ongoing authorization activities.
• Oversee and coordinate ATO packages across HRSA to ensure consistency, completeness, and compliance.
• Provide expert guidance on NIST SP 800-37 Rev. 2, FISMA, OMB A-130, and HHS authorization policies.
• Review and validate SSPs, SARs, POA&Ms, Continuous Monitoring Plans, and Risk-Based Decisions (RBDs).
• Ensure annual authorization packages and continuous monitoring deliverables meet HRSA timelines.
• Support Authorizing Officials (AOs) and senior leadership during authorization decision-making.
• Develop and maintain A&A guidance, SOPs, templates, and standard operating procedures.
• Coordinate with ISSOs, SCAs, GRC staff, and system owners to resolve authorization issues.
• Support enterprise-level ATO tracking, dashboards, and reporting metrics.
• Prepare executive briefings and reports on authorization posture, trends, and risks.
• Support audits, OIG reviews, and external data calls related to system authorizations.
• Identify opportunities to streamline authorization processes and improve quality through automation.