GovCloud Compliance Analyst

Software Guidance & Assistance, Inc., (SGA), is searching for a GovCloud Compliance Analyst for a CONTRACT assignment with one of our premier Insurance Services clients. This position is fully remote, with onsite visits expected periodically for audits and triage.

The GovCloud Compliance Analyst supports regulatory compliance and audit readiness for our GovCloud environments. This role implements and validates controls, manages evidence in AuditBoard (system of record), and coordinates ATO/SA&A activities mapped to federal and state frameworks (NIST SP 800-53 Rev 5 - Moderate, FedRAMP, StateRAMP, MARS-E where applicable) and internal Canon Protocol mapping (ARC-AMPE). This is a hybrid/remote-eligible role reporting to the Director of Regulatory Compliance Environments.

Responsibilities :

• Own assigned control families and maintain control evidence in AuditBoard; achieve and sustain 65% evidence attachment completeness for assigned controls.
• Execute control assessment activities and perform internal validations at defined cadence (quarterly or as required by framework).
• Map inherited and system-specific controls to canonical mappings and update control mapping artifacts within AuditBoard.
• Partner with engineering, platform, and risk teams to track ATO/SA&A milestones (maintain ATO readiness dashboard; escalate blockers within 48 hours).
• Prepare documentation packets and evidence bundles for external audits and customer assessments; support 100% on-time audit deliverables.
• Identify compliance gaps, propose prioritized remediation plans, and track remediation closure (target: close high/critical findings within 30 days or per SLA).
• Contribute to Power BI dashboards that visualize control health, evidence SLAs, and audit cycles; support monthly compliance reporting.
• Maintain procedures and update policies tied to assigned controls; document changes in the governance repository.

Required Skills :

• Minimum 3 years of compliance, IT risk, or audit experience in regulated cloud environments (AWS GovCloud, Azure Government, or equivalent).
• Working knowledge of NIST SP 800-53 Rev 5, FedRAMP, StateRAMP; experience mapping to MARS-E/ ARC-AMPE is a plus.
• Practical experience with GRC platforms (AuditBoard preferred) and evidence management processes.
• Strong technical writing and stakeholder communication skills; able to explain control status to technical and non-technical audiences.
• Bachelors degree in Information Security, Computer Science, Risk Management, or equivalent experience.

Preferred Skills :

• Experience supporting ATO or SA&A efforts and coordinating external assessors.
• Certifications: CISA, CISSP, CRISC, or Security+.
• Experience with Power BI or advanced Excel for KPI tracking and reporting.
• Familiarity with ADO/IT ticketing or change management processes.

SGA is a technology and resource solutions provider driven to stand out. We are a women-owned business. Our mission: to solve big IT problems with a more personal, boutique approach. Each year, we match consultants like you to more than 1,000 engagements. When we say let's work better together, we mean it. You'll join a diverse team built on these core values: customer service, employee development, and quality and integrity in everything we do. Be yourself, love what you do and find your passion at work. Please find us at .

SGA is an Equal Opportunity Employer and does not discriminate on the basis of Race, Color, Sex, Sexual Orientation, Gender Identity, Religion, National Origin, Disability, Veteran Status, Age, Marital Status, Pregnancy, Genetic Information, or Other Legally Protected Status. We are committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, and our services, programs, and activities. Please visit our company to request an accommodation or assistance regarding our policy.