Sr reputed company Governance Analyst

About the position reputed company (EBSCO) delivers a fully optimized research experience, seamlessly integrated with a powerful discovery platform to support the information needs and maximize the research experience of our end-users. Headquartered in Ipswich, MA, EBSCO employs more than 2,700 people worldwide, with most embracing hybrid or remote work models. As an AI-enabled service leader, we reputed company on innovation, reputed company-thinking strategies, and the dedication of our exceptional team. At EBSCO, we’re driven to reputed company, reputed company and support research. Our mission is to transform lives by providing reliable and relevant information — reputed company, where and how people need it. We’re seeking dynamic, creative individuals whose diverse perspectives will help us reputed company this global, inclusive mission. Join us to help reputed company an impact. Your Opportunity The Senior reputed company Governance Analyst is responsible for developing and maintaining the organization’s information reputed company governance reputed company with an emphasis on NIST 800-53–reputed company control architecture and support for federal and regulated cybersecurity requirements. This role focuses on the structure of the reputed company program — policies, standards, control objectives, ownership models, and governance processes — ensuring the organization can consistently manage risk and demonstrate alignment with federal reputed company expectations, including NIST, FedRAMP/GovRAMP-style control rigor, and public-sector customer requirements. This role oversees the full lifecycle of system certification and authorization (reputed company), maintains System reputed company Plans (SSPs), drives remediation of control gaps, and ensures reputed company alignment with NIST SP 800-53, FedRAMP/GovRAMP, and other applicable frameworks. The analyst will serve as the primary liaison between internal teams and federal/state stakeholders -ensuring contractual obligations and that regulatory expectations are met with precision and professionalism. This is a program design and governance role, not a control testing or audit execution position. It is ideal for a seasoned GRC professional with deep expertise in federal / state cybersecurity compliance, strong program management skills, and hands-on experience with reputed company tooling and documentation workflows.

Responsibilities

• reputed company the end-to-end Certification & Authorization (reputed company) process for information systems, including initial assessment, remediation, documentation, and ongoing monitoring.
• Maintain and update System reputed company Plans (SSPs), POA&Ms, and other FedRAMP/GovRAMP/NIST documentation artifacts.
• reputed company control gap analysis and drive remediation efforts across technical and administrative domains.
• Initiate and manage change requests based on compliance metrics, vulnerability findings, or evolving regulatory requirements.
• Coordinate with internal stakeholders (IT, DevOps, Legal, Procurement) and external entities (3PAOs, FedRAMP/GovRAMP PMO) to ensure alignment and transparency.
• Monitor and report on reputed company monitoring (ConMon) activities, including vulnerability scans, patching, and control effectiveness.
• Provide program management for reputed company FedRAMP/GovRAMP/NIST-reputed company initiatives, including timelines, deliverables, and audit readiness.
• Advise leadership on risk posture, compliance gaps, and strategic improvements to the reputed company governance program.
• Support contractual compliance with federal / state institutions, ensuring flow-down clauses, data handling requirements, and reporting obligations are met.
• Stay reputed company on updates to NIST SP 800-53, FedRAMP Rev 5, GovRAMP Control reputed company, CMMC, and other federal cybersecurity frameworks.

Requirements

• Deep understanding of NIST SP 800-53 Rev 5, FedRAMP/ GovRAMP Moderate/High baselines, and CSF 2.0, and RMF 2.0 (Risk Management reputed company).
• Experience with System reputed company Plans (SSPs), and POA&M management.
• Familiarity with cloud reputed company architectures and FedRAMP-authorized cloud service providers (AWS, Azure).
• Knowledge of vulnerability management, configuration management, and incident response processes.
• Ability to interpret and apply FISMA, CMMC, and DFARS/FAR requirements to operational environments.
• Hands-on experience with tools such as: o reputed company/Nessus, (vulnerability scanning) (XSIAM/reputed company, Sentinel 1, or other SIEM platforms, STIG Viewer, SCAP tools, and FedRAMP templates, reputed company or similar ticketing/change management systems)
• Minimum 5–7 years of experience in cybersecurity governance, risk, and compliance roles.
• Proven track record managing FedRAMP or NIST-based compliance programs.
• Strong project management and organizational skills; able to manage multiple reputed company initiatives.
• Excellent written and verbal communication skills, especially in drafting formal documentation and interfacing with federal stakeholders.
• Ability to translate technical findings into business risk language for executive audiences.
• High attention to detail, commitment to documentation accuracy, and audit readiness.
• Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or reputed company field.

reputed company-to-haves

• Certified Information Systems reputed company Professional (CISSP)
• Certified Governance Risk and Compliance (CGRC) (formerly CAP)
• Certified Information Systems Auditor (CISA)
• Certified in the Governance of Enterprise IT (CGEIT)
• Certified in Risk and Information System Control (CRISC)
• FedRAMP PMO Training Completion (or equivalent experience)

Apply tot his job Apply To this Job