ESRhealthcare
GovCloud Compliance Analyst (Cloud Controls & Audit) (14011-1) Boston, MA
ESRhealthcare, Boston, Massachusetts, us, 02298
GovCloud Compliance Analyst (Cloud Controls & Audit) (14011-1) Boston, MA
Pay rate: $32 per hour | Job function: Information Technology | Industry: Insurance | Experience level: Mid-senior | Education level: Bachelors degree | Visa sponsorship eligibility: No
Position Summary The GovCloud Compliance Analyst supports regulatory compliance and audit readiness for our GovCloud environments. This role implements and validates controls, manages evidence in Audit Board, and coordinates ATO/SA&A activities mapped to federal and state frameworks (NIST SP 800-53 Rev 5 Moderate, FedRAMP, State RAMP, MARS-E where applicable) and internal Canon Protocol mapping (ARC-AMPE). This is a hybrid/100% remote-eligible role reporting to the Director of Regulatory Compliance Environments.
Key Responsibilities
Own assigned control families and maintain control evidence in Audit Board; achieve and sustain 65% evidence attachment completeness for assigned controls.
Execute control assessment activities and perform internal validations at defined cadence (quarterly or as required by framework).
Map inherited and system-specific controls to canonical mappings and update control mapping artifacts within Audit Board.
Partner with engineering, platform, and risk teams to track ATO/SA&A milestones (maintain ATO readiness dashboard; elevate blockers within 48 hours).
Prepare documentation packets and evidence bundles for external audits and customer assessments; support 100% on-time audit deliverables.
Identify compliance gaps, propose prioritized remediation plans, and track remediation closure (target: close high/critical findings within 30 days or per SLA).
Contribute to Power BI dashboards that visualize control health, evidence SLAs, and audit cycles; support monthly compliance reporting.
Maintain procedures and update policies tied to assigned controls; document changes in the governance repository.
Required Qualifications
Minimum 3 years of compliance, IT risk, or audit experience in regulated cloud environments (AWS GovCloud, Azure Government, or equivalent).
Working knowledge of NIST SP 800-53 Rev 5, FedRAMP, StateRAMP; experience mapping to MARS-E/ARC-AMPE is a plus.
Practical experience with GRC platforms (Audit Board preferred) and evidence management processes.
Strong technical writing and stakeholder communication skills; able to explain control status to technical and non-technical audiences.
Bachelors degree in information security, Computer Science, Risk Management, or equivalent experience.
Preferred Qualifications
Experience supporting ATO or SA&A efforts and coordinating external assessors.
Certifications: CISA, CISSP, CRISC, or Security+.
Experience with Power BI or advanced Excel for KPI tracking and reporting.
Familiarity with ADO/IT ticketing or change management processes.
#J-18808-Ljbffr
Pay rate: $32 per hour | Job function: Information Technology | Industry: Insurance | Experience level: Mid-senior | Education level: Bachelors degree | Visa sponsorship eligibility: No
Position Summary The GovCloud Compliance Analyst supports regulatory compliance and audit readiness for our GovCloud environments. This role implements and validates controls, manages evidence in Audit Board, and coordinates ATO/SA&A activities mapped to federal and state frameworks (NIST SP 800-53 Rev 5 Moderate, FedRAMP, State RAMP, MARS-E where applicable) and internal Canon Protocol mapping (ARC-AMPE). This is a hybrid/100% remote-eligible role reporting to the Director of Regulatory Compliance Environments.
Key Responsibilities
Own assigned control families and maintain control evidence in Audit Board; achieve and sustain 65% evidence attachment completeness for assigned controls.
Execute control assessment activities and perform internal validations at defined cadence (quarterly or as required by framework).
Map inherited and system-specific controls to canonical mappings and update control mapping artifacts within Audit Board.
Partner with engineering, platform, and risk teams to track ATO/SA&A milestones (maintain ATO readiness dashboard; elevate blockers within 48 hours).
Prepare documentation packets and evidence bundles for external audits and customer assessments; support 100% on-time audit deliverables.
Identify compliance gaps, propose prioritized remediation plans, and track remediation closure (target: close high/critical findings within 30 days or per SLA).
Contribute to Power BI dashboards that visualize control health, evidence SLAs, and audit cycles; support monthly compliance reporting.
Maintain procedures and update policies tied to assigned controls; document changes in the governance repository.
Required Qualifications
Minimum 3 years of compliance, IT risk, or audit experience in regulated cloud environments (AWS GovCloud, Azure Government, or equivalent).
Working knowledge of NIST SP 800-53 Rev 5, FedRAMP, StateRAMP; experience mapping to MARS-E/ARC-AMPE is a plus.
Practical experience with GRC platforms (Audit Board preferred) and evidence management processes.
Strong technical writing and stakeholder communication skills; able to explain control status to technical and non-technical audiences.
Bachelors degree in information security, Computer Science, Risk Management, or equivalent experience.
Preferred Qualifications
Experience supporting ATO or SA&A efforts and coordinating external assessors.
Certifications: CISA, CISSP, CRISC, or Security+.
Experience with Power BI or advanced Excel for KPI tracking and reporting.
Familiarity with ADO/IT ticketing or change management processes.
#J-18808-Ljbffr