1

Fisma Analyst Jobs (NOW HIRING)

Senior Business Analyst Personnel Qualifications * Requires a bachelor's degree in computer science ... Participates in information gathering and tracking efforts to ensure FISMA compliance and assists ...

Scorecard, FISMA, Cybersecurity Workforce (CSWF), etc.). Coordinating with all applicable agencies ... and strong analytical skills. * U.S. Citizenship and an active Top-Secret clearance with the ...

Cybersecurity Analyst LOCATION: Colorado Springs, CO, Peterson SFB REQUIRED SECURITY CLEARANCE ... Conduct and/or report annual FISMA security reviews, contingency test completion dates, and ...

Supports continuous monitoring activities and validates compliance with FISMA, RMF, and ... Analyze cybersecurity risks, vulnerabilities, and compliance gaps and provide recommendations for ...

Supports continuous monitoring activities and validates compliance with FISMA, RMF, and ... Analyze cybersecurity risks, vulnerabilities, and compliance gaps and provide recommendations for ...

Supports continuous monitoring activities and validates compliance with FISMA, RMF, and ... Analyze cybersecurity risks, vulnerabilities, and compliance gaps and provide recommendations for ...

next page

Showing results 1-20

Fisma Analyst information

See salary details

$16

$31

$48

How much do fisma analyst jobs pay per hour?

As of Jul 17, 2026, the average hourly pay for fisma analyst in the United States is $31.53, according to ZipRecruiter salary data. Most workers in this role earn between $25.24 and $35.82 per hour, depending on experience, location, and employer.

What are the key skills and qualifications needed to thrive as a FISMA Analyst, and why are they important?

To thrive as a FISMA Analyst, you need strong knowledge of information security principles, risk assessment, and compliance frameworks, often supported by a degree in cybersecurity or related fields. Familiarity with tools like NIST RMF, vulnerability scanners, and certifications such as CISSP or CISA are typical requirements. Analytical thinking, attention to detail, and effective communication are vital soft skills for interpreting regulations and working with teams. These skills ensure organizations maintain compliance with federal security standards, protecting sensitive information and reducing risk.

What are some common challenges FISMA Analysts face when ensuring compliance across multiple departments?

FISMA Analysts often encounter challenges coordinating with various departments to gather necessary documentation and enforce standardized security practices. Each department may have different systems, risk tolerances, and levels of security awareness, making it crucial for FISMA Analysts to communicate requirements clearly and foster collaboration. Additionally, keeping up with evolving federal regulations and ensuring timely completion of assessments can be demanding. Building strong relationships and maintaining organized tracking systems are key strategies to overcome these hurdles.

What are FISMA Analysts?

FISMA Analysts are professionals who ensure that organizations comply with the Federal Information Security Management Act (FISMA). They assess and monitor the security of information systems, perform risk assessments, and help implement security controls to protect federal data. Their work involves preparing documentation, conducting audits, and coordinating with other stakeholders to ensure continuous compliance. FISMA Analysts play a critical role in safeguarding government information and supporting cybersecurity best practices within federal agencies.

What is the difference between Fisma Analyst vs Security Analyst?

AspectFisma AnalystSecurity Analyst
CertificationsFISMA-related certifications, CISSP, CISACISSP, Security+, CEH
Work EnvironmentGovernment agencies, federal contractorsPrivate sector, corporations, government
Primary FocusFederal compliance, FISMA regulationsCybersecurity threats, network security
Industry UsageHigh in government and defenseBroad across industries

Fisma Analysts primarily focus on federal compliance with FISMA regulations, working within government agencies or contractors. Security Analysts have a broader cybersecurity role, addressing threats and protecting networks across various industries. While both roles require cybersecurity certifications, Fisma Analysts specialize in compliance, whereas Security Analysts focus on threat mitigation.

More about Fisma Analyst jobs
IT - SCDHHS - Security Analyst - Consultant

IT - SCDHHS - Security Analyst - Consultant

SUNSHINE ENTERPRISE USA LLC

Columbia, SC • On-site

$110K/yr

Contractor

Re-posted 3 hours ago


Job description


Job Title: Security Analyst
Location: Columbia, SC Hybrid (4 days in office, 1 days remote).
Position Type: C2C/W2
Years of Experience:08+ years
Duration of the Contract: 12 months
Interview Process: 2 rounds, Virtual & In Person
Candidate Location: Candidate MUST be a SC resident or willing to relocate to SC prior to starting the role at their own expense.

Project Scope:
We are seeking an experienced Senior Information System Security Officer (ISSO) to support enterprise-level cybersecurity and compliance initiatives within a large, complex information systems environment. This role requires hands-on leadership in security governance, risk management, and regulatory compliance aligned with federal and state standards.
The Security Analyst (Senior ISSO) will actively participate in day-to-day security operations, oversee compliance activities, and serve as a trusted cybersecurity advisor to leadership, internal teams, vendors, and business partners.
Key Responsibilities:
Security Program & Compliance Leadership
• Lead and support FISMA Risk Management Framework (RMF) compliant security programs, including CMS MARS-E and similar frameworks.
• Develop, maintain, and validate security documentation such as:
oSystem Security Plans (SSPs)
oPrivacy Impact Assessments (PIAs)
oInterconnection Security Agreements (ISAs)
oComputer Matching Agreements (CMAs)
• Integrate RMF and Assessment & Authorization (A&A) activities into the System Development Life Cycle (SDLC).
• Serve as the primary point of contact for third-party audits and security assessments.
Risk Management & Architecture Reviews
• Perform detailed architectural and risk reviews, including:
oNetwork design and information flow
oSystem and data access models
oFirewall rule requests (ports, protocols, services)
oConfiguration baseline deviation requests
oVulnerability management findings
• Provide sound risk-based recommendations to stakeholders.
Audit, Assessment & Vendor Oversight
• Audit and assess internal systems and external business partner or vendor security controls.
• Conduct security and compliance reviews of:
oContracts
oBusiness Associate Agreements (BAAs)
oData Sharing and Usage Agreements
• Collaborate with vendors and multiple internal teams to ensure compliance with security initiatives.
Tools & Documentation
• Utilize tools such as:
oArcher (eGRC)
oService management/ticketing systems
oMicrosoft Office Suite (Word, Excel, PowerPoint, Visio)
oAtlassian, Bizagi, and other workflow/documentation platforms
• Produce clear, accurate audit and assessment reports aligned with organizational standards.
Required Skills & Experience:
Hands-on experience with the following technologies is highly desirable:
  • Archer orother eGRC platforms
  • IBM System390/zSeries
  • Linux andWindows Servers
  • Relationaland NoSQL databases
  • Networkfirewalls, IPS, routing, and switching infrastructure
  • SIEMsolutions
  • Identity andAccess Management (IAM) systems
  • Cloudsecurity and vendor management environments

Required Qualifications:
5+ years of experience in IT security, infrastructure, or system auditing
Prior experience working within a FISMA-compliant environment
Experience with eGRC tools
Strong working knowledge of:
  • FISMA
  • NIST
  • CMS MARS-E
  • HIPAASecurity & Privacy rules

Ability to work independently and collaboratively in a fast-paced environment
Strong communication skills with both technical and non-technical stakeholders
Intermediate to advanced proficiency in Microsoft Office tools
Certification:
ISC (2), ISACA, SANS GIAC and/or other Information Security Certification is required.