Data Privacy and Compliance Analyst

Comtech International Limited - Atlanta, GA

posted 2 months ago

Full-time
Atlanta, GA
Professional, Scientific, and Technical Services

About the position

The Data Privacy and Compliance Analyst plays a crucial role in ensuring that the organization adheres to privacy requirements and government regulations concerning the protection of sensitive information. This position involves a comprehensive assessment of business policies, procedures, and operations to identify and mitigate legal and operational risks associated with critical information assets. The analyst will continuously evaluate business unit operations and develop necessary policies, procedures, and user training to meet or exceed privacy standards. In this role, the analyst will assist with complex cybersecurity inquiries and requests from clients, engaging directly with sponsors to review current and planned requirements for secure infrastructures that necessitate compliance. The analyst will guide the requirements gathering and analysis process, leading the validation of security control configurations on systems to ensure compliance with necessary controls such as NIST, DFARS, CMMC, and other relevant frameworks. Additionally, the analyst will articulate privacy requirements throughout the product life-cycle, which includes defining, analyzing requirements, synthesizing information, conducting cyber engineering analysis, and overseeing implementation. Conducting privacy impact analyses to identify areas for improvement and recommending enhancements to achieve privacy goals will also be a key responsibility. The analyst will review modifications to critical information systems and direct the implementation of configuration changes, while also mentoring lower-level cybersecurity and IT professionals across the organization.

Responsibilities

  • Assists with difficult cybersecurity questions and requests from Client.
  • Direct sponsor engagement as required to review current and planned requirements for secure infrastructures that require compliance.
  • Guide requirements gathering and analysis.
  • Leads validation of security control configuration on systems, ensuring all systems are configured to necessary controls, such as NIST, DFARS, CMMC, and other similar requirements.
  • Articulates privacy requirements into product life-cycle including definition, requirements analysis, synthesis, cyber engineering analysis and implementation.
  • Conducts privacy impact analyses and identifies areas needing improvement and recommends necessary enhancements to achieve privacy goals.
  • Reviews modifications to critical information systems and directs implementation of configuration changes.
  • Mentors lower-level cybersecurity and IT professionals across the enterprise.

Requirements

  • Experience in cyber-Governance, Risk, and Compliance (GRC).
  • Experience in a cyber assessment or inspection related role, ideally with experience in cybersecurity incident response.
  • Solid technical understanding of cybersecurity concepts, standards, guidelines, and principles.
  • Experience with industry-recognized security compliance frameworks (NIST, PCI-DSS, HIPAA, etc.).
  • Experience with data aggregation/analytics and/or SIEM tools.
  • Experience with Endpoint Detection and Response (EDR) solutions.
  • Experience with Vulnerability Management tools.
  • Ability to handle time-sensitive situations with a calm and professional attitude while maintaining an appropriate sense of urgency.
  • Ability to work at a technical level to assess IT environments, capable of identifying vectors of threats, vulnerabilities, and areas of non-compliance.
  • Ability to communicate and present at various levels of technical detail depending on audience, ranging from cybersecurity deep dives to non-technical stakeholders.
  • Effective project management and organizational skills, including managing multiple, concurrent tasks and meeting deadlines.
  • Excellent interpersonal skills and ability to create collaborative relationships with colleagues across various groups and levels, and influence without authority.
  • Demonstrates leadership skills with ability to communicate effectively and work independently, both as part of and leading a team.
  • Ability to mentor team members at all levels, develop training plans, and foster personal and professional growth within the team.
  • CompTIA Advanced Security Practitioner (CASP), Certification Authorization Professional (CAP), GIAC Security Leadership Certificate (GSLC), Health Care Information Security and Privacy Practitioner (HCISPP), or equivalent certification.

Nice-to-haves

  • Active Secret Clearance.
  • Master's degree in cybersecurity, information technology, engineering, or a related field.
  • Experience as an incident manager, commander, or leader.
  • 10+ years of progressive work-related experience in information security, public accounting or internal audit, with a focus on IT controls audits and assessments and/or controls readiness assessments.
  • Excellent knowledge of technology infrastructure environments including Windows, Mac, Linux, virtual, and cloud.
  • Experience in an incident response-related role, or a participant in an incident response team.
  • Experience with the following cybersecurity tools: Splunk, CrowdStrike, Tenable.io, Axonious.
  • Detail oriented; Exceptional oral and written communication and presentation skills.
  • Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) or equivalent certification.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service