Georgia Institute of Technology - Atlanta, GA
posted 3 months ago
The Data Privacy and Compliance Analyst at the Georgia Tech Research Institute (GTRI) plays a crucial role in ensuring that the organization adheres to privacy requirements and government regulations concerning the protection of sensitive information. This position is part of the Information and Cybersecurity Department (ICD) and reports directly to the Governance, Risk and Compliance (GRC) Manager. The analyst will be responsible for assessing business policies, procedures, and operations to manage legal and operational risks associated with sensitive information assets. This includes developing policies, procedures, and user training to meet or exceed privacy requirements. The ideal candidate will have a strong background in cybersecurity best practices and frameworks related to vulnerability and risk management. They will assist with complex cybersecurity inquiries from GTRI customers and engage directly with sponsors to review current and planned requirements for secure infrastructures that require compliance. The analyst will lead the validation of security control configurations on systems, ensuring compliance with necessary controls such as NIST, DFARS 252.204-7012, and CMMC. In addition to these responsibilities, the analyst will conduct privacy impact analyses, identify areas needing improvement, and recommend enhancements to achieve privacy goals. They will also review modifications to critical information systems and direct the implementation of configuration changes. Mentoring lower-level cybersecurity and IT professionals will be part of their role, ensuring knowledge transfer and skill development within the team. The position is hybrid, requiring work to be performed in the Atlanta, GA metropolitan area, and involves collaboration with various GTRI labs and business units to address plans of action and milestones related to vulnerability management. The analyst will monitor and track the progress of risk remediation activities, providing regular briefings to senior management on vulnerabilities and mitigation activities, thereby playing a key role in the organization's cybersecurity strategy.