Senior Governance Compliance Security Engineer

Senior Governance Compliance Security Engineer

Remote – United States

The Opportunity:

Anthology delivers education and technology solutions so that students can reach their full potential and learning institutions thrive. Our mission is to empower educators and institutions with meaningful innovation that’s simple and intelligent, inspiring student success and institutional growth.

The Power of Together is built on having a diverse and inclusive workforce. We are committed to making diversity, inclusion, and belonging a foundational part of our hiring practices and who we are as a company.

For more information about Anthology and our career opportunities, please visit www.anthology.com.

The role will work closely with members of our Governance, Risk, and Compliance team and internal stakeholders (Dev, DevOps, Corp IT, etc.) on all government compliance audit roles and provide the opportunity to learn and work on several other compliance and audit-related work efforts.

The primary function of this role will be to help maintain and expand Anthology's Federal Risk and Authorization Management Program (FedRAMP) and StateRAMP program. In addition to helping build Anthology's FedRAMP and StateRAMP portfolio, you will also be actively involved in the DISA compliance-related (e.g., RMF, CMMC, DISA IL-4, etc.) workstreams. 

Primary responsibilities will include:

• Providing subject matter expertise for FedRAMP, StateRAMP, IL-4, CMMC and NIST 800-53 compliance standards and regulations
• Conducting FedRAMP, StateRAMP, and NIST 800-53 gap assessment, compliance readiness, and compliance monitoring activities
• Coordinating and leading delivery of audit milestones to ensure audit timelines stay on target by escalating and identifying roadblocks
• Performing continuous monitoring activities, as required by TX-, State-, and FedRAMP, DISA IL4 standards and ensuring reports are available for review by applicable agencies/clients
• Conducting vendor and supply chain risk assessments 
• Assisting in the identification of business process improvements and partnering with technology and business stakeholders to identify pragmatic approaches to compliance readiness and testing
• Collaborating cross-functionally with technology and business stakeholders to drive, track, and resolve all aspects of compliance readiness and audit execution
• Conducting various IT Compliance controls validation and implementation activities
• Collaborating with technology and business stakeholders along with other Compliance team members to facilitate remediation and execution of corrective action plans
• Participating in continuous improvement initiatives
• Providing coaching and mentorship to more junior team members

The Candidate:

Required skills/qualifications:

• US Citizen
• Effective organizational, follow-up, and time management skills
• 5-8 years of hands-on experience in IT audit and/or compliance
• A strong background with NIST Risk Management Framework (SP 800-53) and a broad range of skills in the fields of NIST publications, StateRAMP, or FedRAMP requirements
• Experience with control assessments and coordination of audit activities
• Familiarity with Information Security principles, knowledge of IT processes (e.g., Change Management, Incident Management, Risk Management, Network and System Administration)
• Strong technical, analytical, interpersonal, and communication skills
• Strong writing ability with a focus on communication of technical topics
• Ability to work both independently and within a global team environment
• Self-starter, quick-learner, and proactive problem-solving skills
• Ability to develop and foster strong relationships with technology and business stakeholders
• Experience with and comfortable with a remote working environment
• Fluency in written and spoken English

Preferred skills/qualifications:

• StateRAMP or FedRAMP knowledge
• Previous experience leading a Cloud Service Provider through a FedRAMP ATO process
• Previous experience at a SaaS company in a similar role
• Previous experience gaining an ATO or P-ATO for a cloud implementation
• Exposure to ISO27001, PCI, HIPAA/HITRUST, SOC 2
• Industry standard certifications (CISSP, CISA, ISO 27001 Lead Implementer/Auditor)
• Bachelor's Degree in Information Technology, Business, or related vocations                               

Pay range is $105,700 - $123,437/year depending upon experience. We use national and industry-specific survey data to assist in determining compensation. Additionally, we consider factors such as external market rate, budget for the role, and the compensation rates of current employees performing the same function. Some roles will have variable pay.

This job description is not designed to contain a comprehensive listing of activities, duties, or responsibilities that are required. Nothing in this job description restricts management's right to assign or reassign duties and responsibilities at any time.   

Anthology is an equal employment opportunity/affirmative action employer and considers qualified applicants for employment without regard to race, gender, age, color, religion, national origin, marital status, disability, sexual orientation, gender identity/expression, protected military/veteran status, or any other legally protected factor.

#LI-Remote #LI-JO1