Business Analyst

Custom Software Systems, Inc. (CSS) is seeking a mid-level Business Analyst to anchor compliance work and to bring the same analytical discipline to application development support. On the governance side, this means owning the documentation and coordination work that keeps clients' system portfolio compliant: system security plans, ATO cycles, PIA reviews, data classification, and records obligations. On the application side, it means working alongside the development team to determine what applications should do - translating what program staff describes into structured requirements that developers can build against. This IT section is small. Governance, business analysis, and project coordination are not separate departments here - they are responsibilities the same small group shares fluidly. This role will work directly with the economists, bank examiners, policy analysts, and attorneys whose work both generates the compliance obligations and drives the application backlog. The governance work and the application work are not as separate as they might appear: a PIA for a new system and a requirements document for that same system draw on the same conversations. Responsibilities IT Governance and Compliance Maintain and update FISMA documentation for the client's IT system portfolio, including system security plans (SSPs), security categorizations, and related artifacts. Coordinate the Authority to Operate (ATO) process for applicable systems, including working with the clients' security and privacy offices through assessment and authorization cycles. Draft, review, and maintain Privacy Impact Assessments (PIAs) for client systems that collect, process, or maintain personally identifiable information. Maintain clients' IT system inventory, ensuring records are current and aligned with agency reporting requirements. Support data governance and privacy obligations, including data classification, records management, and retention schedule compliance. Serve as a working-level point of contact with the client's security, privacy, and compliance functions on matters related to DCCA's IT systems and application portfolio. Identify and escalate compliance gaps or changes in system posture that may require updated documentation or reassessment. Prepare and maintain documentation packages for periodic reviews, assessments, and audits. Business Analysis and Requirements Work directly with client program staff - economists, policy analysts, bank examiners, and attorneys - to elicit, refine, and document business requirements for new and modified applications. Translate stakeholder descriptions of workflow and data needs into structured requirements, process diagrams, and functional specifications that the development team can act on. Develop and maintain process flow diagrams, use cases, and data flow documentation to support application design and, where applicable, governance activities. Help prioritize and scope requirements in coordination with the technical lead and project manager, surfacing dependencies and tradeoffs early. Contribute to user acceptance testing by developing test cases, coordinating with business users, and documenting outcomes. Bridge communication between technical developers and business stakeholders, reducing friction during discovery, design, and delivery. This role will participate in QA activities - contributing test cases, supporting UAT coordination, and helping verify that delivered applications meet business requirements - but does not serve as a dedicated QA resource. Testing support is a component of the BA function here, not a primary accountability. Citizenship • US Citizenship Required Qualifications Demonstrated experience with FISMA compliance documentation, including system security plans, security categorizations, and related assessment and authorization artifacts. Experience drafting or maintaining Privacy Impact Assessments for systems that process personally identifiable information. Familiarity with NIST frameworks applicable to federal IT compliance, including NIST SP 800-53 and NIST SP 800-37. Experience supporting or coordinating ATO processes, including preparing documentation for security assessments. Experience with IT system inventory maintenance and data governance or records management obligations. Demonstrated experience in business requirements gathering and documentation, including process flow diagrams, use cases, or functional specifications. Ability to work directly with senior subject matter experts - economists, policy analysts, attorneys, and program staff - to develop requirements and designs; skill at uncovering underlying business needs, which may require significant effort to surface. Strong written communication skills: compliance and governance work here is documentation-intensive. Preferred Qualifications Prior experience in a U.S. federal government environment, particularly in a regulatory, supervisory, or policy-adjacent context. Familiarity with the Board's or similar agency's privacy and information security frameworks. Experience with process modeling tools such as Visio, Lucidchart, or similar. Familiarity with Microsoft Power Platform applications or SharePoint Online in a business context (not development). Experience coordinating UAT efforts with non-technical business users. Coursework or certification in information security, privacy, or records management (e.g., CIPP, CISSP, CRM, or equivalent) is a plus but not required. Work Environment & Schedule Full-time position. On-site presence is required during the initial onboarding and ramp-up period (approximately 6-8 weeks). Transition to full-time teleworking following successful onboarding. Collaborative, delivery-focused team environment. This job description reflects current program needs and may evolve as modernization efforts progress. Compensation & Benefits[1][2] Wage Range: Negotiable General Benefits: Custom Software Systems, Inc. offers our employees a competitive benefits package that may include: Health insurance plans Health Savings Account (HSA) Dental Vision Long-term disability Short-term disability Basic term life insurance Supplemental term life insurance for employees, spouses, and dependents Simple IRA Parking/Commuting expense reimbursement Training/Education [1] Compensation range must be coordinated with and approved by the CSS Chief Operating Officer (COO). [2] Compensation & Benefits information is required for all Maryland Employers effective October 1, 2024.

Created: 2026-03-10