We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
New
Phia LLC jobs

[Contingent] Cybersecurity Risk & Compliance Analyst (SCA)

Phia LLC
medical insurance, dental insurance, life insurance, vision insurance, paid time off, paid holidays, long term disability, 401(k)
United States, Virginia, Fairfax
11166 Fairfax Boulevard (Show on map)
May 15, 2026

DISCLAIMER: This position is in support of a current government proposal. Employment is contingent upon contract award to phia, LLC.

Status: Proposal - Contingent upon Award

Location: Hybrid - Washington, DC Metro Area
Schedule: Full-time | Core hours 0730-1600 EST, Monday-Friday
Focus Areas: Security Control Assessment, NIST SP 800-53A, SAR, POA&M, National Security Systems, FISMA
OVERVIEW
phia is seeking an experienced Cybersecurity Risk & Compliance Analyst (SCA) to perform independent security and privacy control assessments for a federal client's information systems. This role requires specialized expertise in NIST SP 800-53A assessment procedures and experience with both classified and unclassified National Security Systems (NSS).
You will independently assess security and privacy controls for federal information systems, develop Security Assessment Test Plans (SATP), produce Security Assessment Reports (SAR), and create Plans of Action and Milestones (POA&M) - maintaining strict assessor independence throughout.
WHAT YOU'LL DO
  • Develop comprehensive Security Assessment Test Plans (SATP) defining assessment procedures, scope, methodology, and evidence requirements per NIST SP 800-53A.
  • Conduct independent assessments of security and privacy controls - including system-specific, hybrid, and common controls - using examination, interview, and testing assessment methods.
  • Collect and analyze control performance evidence using SIEM platforms, vulnerability management tools, and compliance scanning tools.
  • Produce Security and Privacy Assessment Reports (SAR) documenting assessment findings, control effectiveness determinations, and remediation recommendations.
  • Assess both classified and unclassified information systems, including National Security Systems (NSS), in accordance with applicable NIST and federal standards.
  • Review identified weaknesses and deficiencies: determine severity and criticality, assess potential adverse impacts, and identify findings requiring immediate remediation versus POA&M tracking.
  • Develop Plans of Action and Milestones (POA&M) for all identified control weaknesses; ensure POA&Ms are technically accurate, risk-prioritized, and compliant with applicable legal requirements.
  • Update SSPP and SAR documentation based on remediation actions and subsequent system changes.
  • Support ongoing assessment activities during continuous monitoring: assess the designated subset of controls on the applicable annual assessment schedule.
  • Maintain strict assessor independence: do not assess systems for which implementation or ISSO activities were performed during the same assessment cycle.
WHO YOU ARE
  • Independent Assessor: You take the independence requirement seriously and understand why objective assessment is critical to the integrity of the authorization process.
  • NIST 800-53A Expert: You develop assessment procedures from NIST SP 800-53A, select appropriate assessment methods for each control type, and document findings with precision and rigor.
  • Classified Systems Experienced: You have assessed classified or National Security System programs and understand the additional requirements and sensitivities involved.
  • Evidence-Driven: You back assessment findings with concrete evidence. Your SARs stand up to rigorous government review.
  • Tool-Proficient: You use SIEM platforms, vulnerability scanners, and compliance tools to gather real-time control performance data rather than relying solely on documentation review.
  • Clear Writer: Your SARs and POA&Ms are readable, technically accurate, and useful.
PREFERRED SKILLS
  • Prior SCA experience for federal agency information systems
  • Experience assessing cloud-hosted systems for FedRAMP compliance (SaaS, PaaS, IaaS)
  • Experience using federal authorization management platforms for assessment documentation and SAR generation
  • Experience with SCAP-compliant scanning tools and automated control evidence collection
  • CNSS Instruction 1253 experience for National Security Systems assessment
  • Hands-on experience with tools such as Splunk, Nessus/Tenable, and Crowdstrike for assessment evidence gathering
REQUIRED EDUCATION + EXPERIENCE
Education: Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field
Experience: 8+ years of cybersecurity expertise; 5+ years specialized in assessing classified and unclassified programs, National Security Systems, and applying NIST SP 800-53A control assessment procedures
Certifications: Minimum one (1) of the following: CISA (ISACA), CRISC (ISACA), CISSP (ISC2), CGRC (ISC2)
Clearance: Public Trust / Suitability clearance required
GENERAL PROGRAM REQUIREMENTS
Citizenship: Must be a U.S. Citizen. No exception.
Work Hours: Full-time; Monday-Friday core hours 0730-1600 EST
Work Location: Hybrid - Washington, DC Metro Area; on-site presence required.
Travel: Occasional travel may be required in support of this program.

Who We Are

phia LLC ("phia") is a Northern Virginia based, small business established in 2011 with focus in Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis & Incident Response, Cyber Architecture & Capability Analysis, Cyber Policy & Strategy, Information Assurance/Security, Compliance, Certification & Accreditation, Communications Security, Traditional Security, and Facilities Security. phia also provides cyber operations support functions such as: Program and Process Management, Engineering, Development, and Systems Administration that allows for Cyber Operations to efficiently integrate our customer's missions and objectives. phia supports various agencies and offices within the Department of Defense (DoD), Federal government, and private/commercial entities.

phia offers excellent benefits to enhance work-life balance, including the following:

  • Medical Insurance
  • Dental Insurance
  • Vision Insurance
  • Life Insurance
  • Short Term & Long Term Disability
  • 401k Retirement Savings Plan with Company Match
  • Paid Holidays
  • Paid Time Off (PTO)
  • Tuition and Professional Development Assistance

phia does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity, or any other reason prohibited by law in the provision of employment opportunities and benefits.

Applied = 0
MORE JOBS LIKE THIS

(web-bd9584865-ftqzq)