Business Analyst

Custom Software Systems, Inc. (CSS) is seeking a mid-level Business Analyst to anchor compliance work and to bring the same analytical discipline to application development support. On the governance side, this means owning the documentation and coordination work that keeps clients’ system portfolio compliant: system security plans, ATO cycles, PIA reviews, data classification, and records obligations. On the application side, it means working alongside the development team to determine what applications should do — translating what program staff describes into structured requirements that developers can build against.

 

This IT section is small. Governance, business analysis, and project coordination are not

separate departments here — they are responsibilities the same small group shares fluidly. This

role will work directly with the economists, bank examiners, policy analysts, and attorneys

whose work both generates the compliance obligations and drives the application backlog. The

governance work and the application work are not as separate as they might appear: a PIA for a

new system and a requirements document for that same system draw on the same conversations.

Responsibilities

IT Governance and Compliance

• Maintain and update FISMA documentation for the client’s IT system portfolio, including

system security plans (SSPs), security categorizations, and related artifacts.

• Coordinate the Authority to Operate (ATO) process for applicable systems, including

working with the clients’ security and privacy offices through assessment and

authorization cycles.

• Draft, review, and maintain Privacy Impact Assessments (PIAs) for client systems that

collect, process, or maintain personally identifiable information.

• Maintain clients' IT system inventory, ensuring records are current and aligned with

agency reporting requirements.

• Support data governance and privacy obligations, including data classification, records

management, and retention schedule compliance.

• Serve as a working-level point of contact with the client's security, privacy, and

compliance functions on matters related to DCCA’s IT systems and application portfolio.

• Identify and escalate compliance gaps or changes in system posture that may require

updated documentation or reassessment.

• Prepare and maintain documentation packages for periodic reviews, assessments, and

audits.

Business Analysis and Requirements

• Work directly with client program staff — economists, policy analysts, bank examiners,

and attorneys — to elicit, refine, and document business requirements for new and

modified applications.

• Translate stakeholder descriptions of workflow and data needs into structured

requirements, process diagrams, and functional specifications that the development

team can act on.

• Develop and maintain process flow diagrams, use cases, and data flow documentation

to support application design and, where applicable, governance activities.

• Help prioritize and scope requirements in coordination with the technical lead and project

manager, surfacing dependencies and tradeoffs early.

• Contribute to user acceptance testing by developing test cases, coordinating with

business users, and documenting outcomes.

• Bridge communication between technical developers and business stakeholders,

reducing friction during discovery, design, and delivery.

 

This role will participate in QA activities — contributing test cases, supporting UAT coordination,

and helping verify that delivered applications meet business requirements — but does not serve

as a dedicated QA resource. Testing support is a component of the BA function here, not a

primary accountability.

Citizenship

·        US Citizenship

Required Qualifications

• Demonstrated experience with FISMA compliance documentation, including system

security plans, security categorizations, and related assessment and authorization

artifacts.

• Experience drafting or maintaining Privacy Impact Assessments for systems that

process personally identifiable information.

• Familiarity with NIST frameworks applicable to federal IT compliance, including NIST SP

800-53 and NIST SP 800-37.

• Experience supporting or coordinating ATO processes, including preparing

documentation for security assessments.

• Experience with IT system inventory maintenance and data governance or records

management obligations.

• Demonstrated experience in business requirements gathering and documentation,

including process flow diagrams, use cases, or functional specifications.

• Ability to work directly with senior subject matter experts — economists, policy analysts,

attorneys, and program staff — to develop requirements and designs; skill at uncovering

underlying business needs, which may require significant effort to surface.

• Strong written communication skills: compliance and governance work here is documentation-intensive.

Preferred Qualifications

• Prior experience in a U.S. federal government environment, particularly in a regulatory,

supervisory, or policy-adjacent context.

• Familiarity with the Board’s or similar agency’s privacy and information security

frameworks.

• Experience with process modeling tools such as Visio, Lucidchart, or similar.
• Familiarity with Microsoft Power Platform applications or SharePoint Online in a

business context (not development).

• Experience coordinating UAT efforts with non-technical business users.
• Coursework or certification in information security, privacy, or records management

(e.g., CIPP, CISSP, CRM, or equivalent) is a plus but not required.

Work Environment & Schedule

• Full-time position.
• On-site presence is required during the initial onboarding and ramp-up period

(approximately 6–8 weeks).

• Transition to full-time teleworking following successful onboarding.
• Collaborative, delivery-focused team environment.

This job description reflects current program needs and may evolve as modernization efforts

progress.

Compensation & Benefits[1][2]

• Wage Range: Negotiable
• General Benefits: Custom Software Systems, Inc. offers our employees a competitive benefits package that may include:

 

• Health insurance plans
• Health Savings Account (HSA)
• Dental
• Vision
• Long-term disability
• Short-term disability
• Basic term life insurance
• Supplemental term life insurance for employees, spouses, and dependents
• Simple IRA
• Parking/Commuting expense reimbursement
• Training/Education

[1] Compensation range must be coordinated with and approved by the CSS Chief Operating Officer (COO).

[2] Compensation & Benefits information is required for all Maryland Employers effective October 1, 2024.