Data Privacy and Compliance Analyst

Comtech International Limited - Atlanta, GA

posted 4 days ago

Full-time
Atlanta, GA
Professional, Scientific, and Technical Services

About the position

The Data Privacy and Compliance Analyst plays a crucial role in ensuring that the organization adheres to privacy requirements and government regulations regarding the protection of sensitive information. This position involves assessing business policies and operations, managing legal and operational risks, and developing necessary policies and training to meet privacy standards.

Responsibilities

  • Assists with difficult cybersecurity questions and requests from customers.
  • Engages directly with sponsors to review current and planned requirements for secure infrastructures that require compliance.
  • Guides requirements gathering and analysis.
  • Leads validation of security control configuration on systems, ensuring compliance with necessary controls such as NIST, DFARS 252.204-7012, and CMMC.
  • Articulates privacy requirements into the product life-cycle, including definition, requirements analysis, synthesis, cyber engineering analysis, and implementation.
  • Conducts privacy impact analyses, identifying areas needing improvement and recommending enhancements to achieve privacy goals.
  • Reviews modifications to critical information systems and directs implementation of configuration changes.
  • Mentors lower-level cybersecurity and IT professionals across the enterprise.
  • Reviews new vulnerabilities identified from threat analysis sources and prioritizes high impact vulnerabilities.
  • Identifies impacted assets and/or applications at risk.
  • Coordinates with different labs and business units to address plans of action and milestones.
  • Calculates and responds to key performance indicators to track mitigations and improve performance metrics.
  • Monitors and tracks the progress of risk remediation activities, collaborating with stakeholders for timely remediation and providing briefings to senior management.
  • Reviews and analyzes vulnerability reports, liaising with business units to ensure compliance and closure.
  • Acts as backup to the Vulnerability Manager for scheduled or ad-hoc reports and communication related to new critical vulnerabilities.
  • Assists in the analysis and remediation of findings from internal and third-party vulnerability scans and penetration tests.
  • Provides strategic direction to align with the organization's cybersecurity strategies and policies.
  • Ensures continuous improvement of the vulnerability management lifecycle.

Requirements

  • Experience in vulnerability management.
  • Ability to obtain a secret security clearance.
  • Practical knowledge of security applications and technologies, as well as operating system platforms including Windows, Mac, Linux, and Networking technologies.
  • Previous experience with vulnerability scanning, reporting, and management processes or tools.
  • Hands-on knowledge of application and infrastructure vulnerability scanning tools (e.g., Rapid7, Nessus, Qualys, Fortify) in complex organizations.
  • Technical background to understand the characteristics and exploitation vectors for vulnerabilities being reported.
  • Strong knowledge of Splunk, Tenable Nessus, APIs, Excel, and Power BI for data analytics.
  • Experience with advanced Excel data manipulation and analysis including pivot tables, light macros, and intermediate formulas.
  • Previous experience in analyzing data to present relevant metrics to remediation stakeholders and leadership.
  • Sound knowledge of common infrastructure vulnerability categorizations such as CVE, CVSS, and/or CWE.
  • Deep understanding of cybersecurity best practices and frameworks such as NIST 800-53/171, CMMC, RMF, MITRE ATT&CK Framework, and OWASP top 10.
  • Risk management expertise with the ability to translate technical risks for business leaders.
  • Experience judging the priority of a vulnerability based on risk and impact.
  • Excellent written and verbal communication skills.
  • One or more basic cybersecurity certifications such as Security+, CEH, CND, CySA+, CCNA-Security or equivalent.

Nice-to-haves

  • Active Secret clearance.
  • 9 years of experience in vulnerability management.
  • Masters degree.
  • Experience leading or managing a Vulnerability Management program.
  • One or more advanced cybersecurity certifications such as CISSP, CISM, CISA, CASP, GEVA, CCNP-Security or equivalent.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service