Business Analyst – IT Governance & Application Support
Job Category: Intermediate Business Analyst
Organization: Federal Reserve Board – Division of Consumer Protection and Community Affairs (DCCA)
Position Overview
The Federal Reserve Board’s Division of Consumer Protection and Community Affairs (DCCA) manages a portfolio of internal applications that support banking supervision, community development initiatives, and consumer protection policy. Many of these systems handle sensitive regulatory data and personally identifiable information (PII) and must comply with federal security and privacy requirements.
DCCA is seeking a mid-level Business Analyst to support both IT governance compliance and application development initiatives. The selected candidate will play a key role in ensuring systems meet FISMA, privacy, and data governance requirements, while also supporting the development lifecycle by translating business needs into technical requirements.
This role operates within a small, highly collaborative IT team where governance, analysis, and project coordination responsibilities intersect. The Business Analyst will work closely with economists, bank examiners, policy analysts, attorneys, and technical staff to ensure that regulatory applications remain compliant while meeting program needs.
Key Responsibilities
IT Governance & Compliance
- Maintain and update FISMA compliance documentation, including System Security Plans (SSPs), security categorizations, and related artifacts.
- Support and coordinate Authority to Operate (ATO) processes, working with agency security and privacy offices through assessment and authorization cycles.
- Draft, review, and maintain Privacy Impact Assessments (PIAs) for systems that collect or process personally identifiable information.
- Maintain the DCCA system inventory, ensuring records remain accurate and aligned with agency reporting requirements.
- Support data governance initiatives, including data classification, records management, and retention schedule compliance.
- Serve as a liaison with information security, privacy, and compliance teams on matters affecting the DCCA application portfolio.
- Identify potential compliance risks or gaps and escalate issues requiring updated documentation or reassessment.
- Prepare documentation packages to support security reviews, audits, and compliance assessments.
Business Analysis & Requirements Management
- Collaborate with program stakeholders (economists, policy analysts, bank examiners, and attorneys) to gather, analyze, and document business requirements.
- Translate stakeholder needs into structured requirements, process flows, and functional specifications for application development.
- Develop process flow diagrams, use cases, and data flow documentation to support system design and implementation.
- Assist project leadership in prioritizing and scoping requirements, identifying dependencies and implementation considerations.
- Support User Acceptance Testing (UAT) by developing test cases, coordinating with business users, and documenting test results.
- Facilitate communication between technical teams and business stakeholders to ensure alignment throughout the development lifecycle.
While this role contributes to testing activities and UAT coordination, it does not function as a dedicated QA resource.
Required Qualifications
- U.S. Citizenship.
- Experience supporting FISMA compliance documentation, including System Security Plans and security categorization artifacts.
- Experience developing or maintaining Privacy Impact Assessments (PIAs).
- Familiarity with federal information security frameworks including NIST SP 800-53 and NIST SP 800-37.
- Experience supporting Authority to Operate (ATO) documentation and security assessment activities.
- Experience maintaining IT system inventories and governance documentation.
- Demonstrated experience in business requirements gathering and documentation, including process models, use cases, or functional specifications.
- Ability to collaborate with senior subject matter experts and non-technical stakeholders to uncover and document underlying business needs.
- Strong written communication and documentation skills.
Preferred Qualifications
- Experience working in a U.S. federal government or regulatory environment.
- Familiarity with federal privacy and information security governance frameworks.
- Experience using process modeling tools such as Visio, Lucidchart, or similar platforms.
- Familiarity with Microsoft Power Platform or SharePoint Online in a business-user context.
- Experience coordinating User Acceptance Testing with non-technical stakeholders.
- Relevant coursework or certifications in information security, privacy, or records management (e.g., CIPP, CISSP, CRM).
Work Environment
- Full-time position
- Initial on-site onboarding period: approximately 6–8 weeks
- Remote/telework eligible following successful onboarding
- Collaborative, mission-focused team environment
Skills Required
- U.S. Citizenship
- Experience supporting FISMA compliance documentation
- Experience developing Privacy Impact Assessments
- Familiarity with NIST SP 800-53 and NIST SP 800-37
- Experience supporting Authority to Operate documentation
- Experience maintaining IT system inventories
- Demonstrated experience in business requirements gathering
- Strong written communication and documentation skills
What We Do
Diverse Agile Solutions delivers constant value to its clients by providing customized solutions to the problems of today with a focus on the challenges of tomorrow. We are a certified Maryland Department of Transportation MBE/DBE firm, as well as a certified SBE. DAS is dedicated to combining the professionalism and expertise of Tech giants with the agility and intimacy that make small businesses so attractive. DAS is dedicated to combining the professionalism and expertise of Tech giants with the agility and intimacy that make small businesses so attractive. We provide value to its clients by providing customized solutions to the problems of today with a focus on the challenges of tomorrow.
.png)
.png){kind=logo}
