Government Compliance Analyst
Remote – US
Anthology offers the largest EdTech ecosystem on a global scale, supporting over 150 million users in 80 countries. Our mission is to provide dynamic, data-informed experiences to the global education community so that learners and educators can achieve their goals.
We believe in the power of a truly diverse and inclusive workforce. As we expand globally, we are committed to making diversity, inclusion, and belonging a foundational part of not only our hiring practices but who we are as a company.
For more information about Anthology and our career opportunities, please visit www.anthology.com.
The Government Compliance Analyst will work closely with members of our Governance, Risk and Compliance team and internal stakeholders (Dev, DevOps, Corp IT, etc.) on all government compliance audit roles, but will have the opportunity to learn and work on several other compliance and audit related work.
The primary function of this role will be to help maintain and expand Anthology's Federal Risk and Authorization Management Program (FedRAMP). In addition to helping build Anthology's FedRAMP portfolio, this person will also be actively involved in the DISA compliance-related (e.g., RMF, CMMC, DISA IL-4, etc.) workstreams.
This role is a non-supervisory hands-on position that requires someone with prior FedRAMP and/or U.S. Government compliance experience.
Primary responsibilities will include:
- Providing subject matter expertise for FedRAMP, StateRAMP, IL-4, CMMC and NIST 800-53 compliance standards and regulations
- Conducting FedRAMP gap assessment, compliance readiness, and compliance monitoring activities
- Coordinating and leading delivery of audit milestones to ensure audit timelines stay on target by escalating and identifying roadblocks
- Performing continuous monitoring activities, as required by TX-, State-, and FedRAMP standards and ensuring reports are available for review by applicable agencies/clients
- Conducting vendor risk assessments and reviewing process for improvements
- Assisting in the identification of business process improvements and partnering with technology and business stakeholders to identify pragmatic approaches to compliance readiness and testing
- Collaborating cross-functionally with technology and business stakeholders to drive, track, and resolve all aspects of compliance readiness and audit execution
- Conducting various IT Compliance controls validation and implementation activities
- Collaborating with technology and business stakeholders along with other Compliance team members to facilitate remediation and execution of corrective action plans
- Participating in continuous improvement initiatives
- Providing coaching and mentorship to more junior team members
- Effective organization, follow-up, and time management skills
- Hands-on experience in IT audit and/or compliance
- A recent hands-on concentration of work with the FedRAMP Framework (audit and compliance experience)
- A strong background with NIST Risk Management Framework (SP 800-53) and a broad range of skills in the fields of NIST publications, FedRAMP requirements
- Experience with control assessments and coordination of audit activities
- Familiarity with Information Security principles, knowledge of IT processes (e.g., Change Management, Incident Management, Risk Management, Network and System Administration)
- Strong technical, analytical, interpersonal, and communication skills
- Strong writing ability with a focus on communication of technical topics
- Ability to work both independently and within a global team environment
- Self-starter, quick-learner, and pro-active problem-solving skills
- Ability to develop and foster strong relationships with technology and business stakeholders
- Experience and comfortable with a remote working environment
- Previous experience leading a Cloud Service Provider through a FedRAMP ATO process
- At least 3 years hands-on experience in IT audit and/or compliance
- Previous experience at a SaaS company in a similar role
- Previous experience gaining an ATO or P-ATO for a cloud implementation
- Exposure to ISO27001, PCI, HIPAA/HITRUST, SOC 2
- Industry standard certifications (CISSP, CISA, ISO 27001 Lead Implementer/Auditor)
- Bachelor's Degree in Information Technology, Business, or related vocations
This job description is not designed to contain a comprehensive listing of activities, duties, or responsibilities that are required. Nothing in this job description restricts management's right to assign or reassign duties and responsibilities at any time.
Anthology is an equal employment opportunity/affirmative action employer and considers qualified applicants for employment without regard to race, gender, age, color, religion, national origin, marital status, disability, sexual orientation, gender identity/expression, protected military/veteran status, or any other legally protected factor.
This position is not available for candidates residing in the following locations: CO, CA, WA, NYC