Data Privacy and Compliance Analyst (Mid-Level) - ICD - Open Rank (Hybrid)

Georgia Institute of Technology - Atlanta, GA

posted 3 months ago

Full-time - Mid Level
Atlanta, GA
1,001-5,000 employees
Educational Services

About the position

The Data Privacy and Compliance Analyst at the Georgia Tech Research Institute (GTRI) plays a crucial role in ensuring that the organization adheres to privacy requirements and government regulations concerning the protection of sensitive information. This position is part of the Information and Cybersecurity Department (ICD) and reports directly to the Governance, Risk and Compliance (GRC) Manager. The analyst will be responsible for assessing business policies, procedures, and operations to manage legal and operational risks associated with sensitive information assets. This includes developing policies, procedures, and user training to meet or exceed privacy requirements. The ideal candidate will have a strong background in cybersecurity best practices and frameworks related to vulnerability and risk management. They will assist with complex cybersecurity inquiries from GTRI customers and engage directly with sponsors to review current and planned requirements for secure infrastructures that require compliance. The analyst will lead the validation of security control configurations on systems, ensuring compliance with necessary controls such as NIST, DFARS 252.204-7012, and CMMC. In addition to these responsibilities, the analyst will conduct privacy impact analyses, identify areas needing improvement, and recommend enhancements to achieve privacy goals. They will also review modifications to critical information systems and direct the implementation of configuration changes. Mentoring lower-level cybersecurity and IT professionals will be part of their role, ensuring knowledge transfer and skill development within the team. The position is hybrid, requiring work to be performed in the Atlanta, GA metropolitan area, and involves collaboration with various GTRI labs and business units to address plans of action and milestones related to vulnerability management. The analyst will monitor and track the progress of risk remediation activities, providing regular briefings to senior management on vulnerabilities and mitigation activities, thereby playing a key role in the organization's cybersecurity strategy.

Responsibilities

  • Assists with difficult cybersecurity questions and requests from GTRI customers.
  • Direct sponsor engagement to review current and planned requirements for secure infrastructures that require compliance.
  • Guide requirements gathering and analysis.
  • Leads validation of security control configuration on systems, ensuring compliance with necessary controls such as NIST, DFARS 252.204-7012, and CMMC.
  • Articulates privacy requirements into product life-cycle including definition, requirements analysis, synthesis, cyber engineering analysis, and implementation.
  • Conducts privacy impact analyses and identifies areas needing improvement, recommending necessary enhancements to achieve privacy goals.
  • Reviews modifications to critical information systems and directs implementation of configuration changes.
  • Mentors lower-level cybersecurity and IT professionals across the enterprise.
  • Reviews new vulnerabilities identified from threat analysis sources and identifies and prioritizes new, high impact vulnerabilities.
  • Identifies the impacted assets and/or application(s) at risk.
  • Coordinates with different GTRI labs and business units in addressing plans of action and milestones.
  • Calculates and responds to key performance indicators, tracking mitigations to improve performance metrics.
  • Monitors and tracks the progress of risk remediation activities, collaborating with stakeholders to ensure timely and effective remediation of identified risks and issues.
  • Reviews and analyzes vulnerability reports, liaising with business units to track, monitor for compliance, and ensure closure.
  • Acts as backup to the Vulnerability Manager to run scheduled or ad-hoc reports and compile reports related to new critical vulnerabilities.
  • Assists in the analysis and remediation of findings from scheduled internal and third-party vulnerability scans and penetration tests.
  • Provides strategic direction to ensure alignment with the organization's overarching cybersecurity strategies and policies.
  • Ensures continuous improvement of the vulnerability management lifecycle.

Requirements

  • Experience in vulnerability management.
  • Ability to obtain a secret security clearance.
  • Practical knowledge of security applications and technologies, as well as operating system platforms including Windows, Mac, Linux, and Networking technologies.
  • Previous experience with vulnerability scanning, reporting, and management processes or tools.
  • Hands-on knowledge of application and infrastructure vulnerability scanning tools (e.g., Rapid7, Nessus, Qualys, Fortify) in complex or large organizations.
  • Technical background to understand the characteristics and exploitation vectors for vulnerabilities being reported.
  • Strong knowledge of Splunk, Tenable Nessus, API's, Excel, and Power BI Platform for data analytics.
  • Experience with advanced Excel data manipulation and analysis including pivot tables, light macros, intermediate formulas.
  • Previous experience in analyzing data to present relevant metrics to remediation stakeholders and leadership.
  • Sound knowledge of common infrastructure vulnerability categorizations such as CVE, CVSS, and/or CWE.
  • Deep understanding of cybersecurity best practices and frameworks such as NIST 800-53/171, CMMC, RMF, MITRE, ATT&CK Framework, and OWASP top 10.
  • Risk management expertise with the ability to translate technical risks for business leaders.
  • Experience judging the priority of a vulnerability based on risk and impact.
  • Excellent written and verbal communication skills.
  • One or more basic cybersecurity certifications such as: Security+, CEH, CND, CySA+, CCNA-Security or equivalent.

Nice-to-haves

  • Active Secret clearance.
  • 9 years of experience in vulnerability management.
  • Master's degree.
  • Experience leading or managing a Vulnerability Management program.
  • One or more advanced cybersecurity certifications such as: CISSP, CISM, CISA, CASP, GEVA, CCNP-Security or equivalent.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service