Georgia Tech Research Institute
Data Privacy and Compliance Analyst (Mid-Level) - ICD - Open Rank (Hybrid)
Georgia Tech Research Institute, Atlanta, Georgia, United States, 30383
Data Privacy and Compliance Analyst (Mid-Level) - ICD - Open Rank (Hybrid)
Overview:The Georgia Tech Research Institute (GTRI) is the nonprofit, applied research division of the Georgia Institute of Technology (Georgia Tech). Founded in 1934 as the Engineering Experiment Station, GTRI has grown to more than 2,900 employees, supporting eight laboratories in over 20 locations around the country and performing more than $940 million of problem-solving research annually for government and industry. GTRI's renowned researchers combine science, engineering, economics, policy, and technical expertise to solve complex problems for the U.S. federal government, state, and industry.LocationAtlanta, GA (Hybrid)Project/Unit DescriptionAs part of the Information and Cybersecurity Department (ICD), the Governance, Risk and Compliance (GRC) Vulnerability Risk Manager will play an integral role in communicating and tracking institutional risk incurred from vulnerabilities to key stakeholders within GTRI. The ideal candidate for this role has knowledge of and experience with the implementation of cybersecurity best practices and frameworks related to vulnerability and risk management. This role reports to the GRC Manager. This position has been designated as hybrid and work will be performed in the Atlanta, GA metropolitan area within Eastern Time (ET) Zone.Job PurposeThe Data Privacy and Compliance Analyst is responsible for assessing business policies, procedures, and operations to ensure the organization meets privacy requirements and government regulations for the protection of sensitive information. Privacy and Compliance Analysts manage the legal and operational risks related to sensitive and critical information assets, continuously assess business unit operations, and develop policies, procedures and user training necessary to meet or exceed privacy requirements.Key ResponsibilitiesAssists with difficult cybersecurity questions and requests from GTRI customers.Direct sponsor engagement as required to review current and planned requirements for secure infrastructures that require compliance.Guide requirements gathering and analysis.Leads validation of security control configuration on systems, ensure all systems are configured to necessary controls, such as NIST, DFARS 252.204-7012, CMMC, and other similar requirements.Articulates privacy requirements into product life-cycle including definition, requirements analysis, synthesis, cyber engineering analysis and implementation.Conducts privacy impact analyses and identify areas needing improvement and recommend necessary enhancements to achieve privacy goals.Reviews modifications to critical information systems and directs implementation of configuration changes.Mentors lower-level cybersecurity and IT professionals across the enterprise.Additional ResponsibilitiesReviewing new vulnerabilities identified from threat analysis sources and identify and prioritize new, high impact vulnerabilities.Identifying the impacted assets and/or application(s) at risk.Coordinate with different GTRI labs and business units in addressing plans of action and milestones.Calculate and respond to key performance indicators – track mitigations to improve performance metrics.Monitor and track the progress of risk remediation activities. Collaborate with stakeholders to ensure timely and effective remediation of identified risks and issues while providing regular briefings to senior management on vulnerabilities and mitigation activities.Review and analyze vulnerability reports and liaison with business units to which they belong to track, monitor for compliance, and ensure closure.Perform as backup to the Vulnerability Manager when need to run scheduled or ad-hoc reports as well as compile reports and distribute communication related to new critical vulnerabilities.Assist in the analysis and remediation of findings discovered during scheduled internal and third-party vulnerability scans and penetration tests.Provide strategic direction to ensure alignment with the organization's overarching cybersecurity strategies and policies.Provide continuous improvement of the vulnerability management lifecycle.Required Minimum QualificationsExperience in vulnerability management.Ability to obtain a secret security clearance.Practical knowledge of security applications and technologies, as well as operating system platforms including Windows, Mac, Linux, and Networking technologies.Previous experience with vulnerability scanning, reporting, and management processes or tools.Hands on knowledge of application and infrastructure vulnerability scanning tools (e.g., Rapid7, Nessus, Qualys, Fortify, etc.) in complex or large organizations.Technical background to understand the characteristics and exploitation vectors for vulnerabilities being reported.Strong knowledge of Splunk, Tenable Nessus, API’s, Excel and Power BI Platform for data analytics.Experience with advanced Excel data manipulation and analysis including pivot tables, light macros, intermediate formulas.Previous experience in analyzing data to present relevant metrics to remediation stakeholders and leadership.Sound knowledge of common infrastructure vulnerability categorizations such as CVE, CVSS, and/or CWE.Deep understanding of cybersecurity best practices and frameworks such as NIST 800-53/171, CMMC, RMF, MITRE, ATT&CK Framework, and OWASP top 10.Risk management expertise with ability to translate technical risks for business leaders.Experience judging the priority of a vulnerability based on risk and impact.Excellent written and verbal communication skills.One or more basic cybersecurity certifications such as: Security+, CEH, CND, CySA+, CCNA-Security or equivalent.Preferred Qualifications9 years of experience in vulnerability managementExperience leading or managing a Vulnerability Management program.One or more advanced cybersecurity certifications such as: CISSP, CISM, CISA, CASP, GEVA, CCNP-Security or equivalent.Travel RequirementsEducation and Length of Experience5 years of related experience with a Bachelor’s degree in Cybersecurity, Computer Engineering, Electrical Engineering, Computer Science, Information Assurance, Information Security, or related field.3 years of related experience with a Masters’ degree in Cybersecurity, Computer Engineering, Electrical Engineering, Computer Science, Information Assurance, Information Security, or related field.0 years of related experience with a Ph.D. in Cybersecurity, Computer Engineering, Electrical Engineering, Computer Science, Information Assurance, Information Security, or related field.Due to our research contracts with the U.S. federal government, candidates for this position must be U.S. Citizens.Clearance Type RequiredCandidates must be able to obtain and maintain an active security clearance.
#J-18808-Ljbffr
Overview:The Georgia Tech Research Institute (GTRI) is the nonprofit, applied research division of the Georgia Institute of Technology (Georgia Tech). Founded in 1934 as the Engineering Experiment Station, GTRI has grown to more than 2,900 employees, supporting eight laboratories in over 20 locations around the country and performing more than $940 million of problem-solving research annually for government and industry. GTRI's renowned researchers combine science, engineering, economics, policy, and technical expertise to solve complex problems for the U.S. federal government, state, and industry.LocationAtlanta, GA (Hybrid)Project/Unit DescriptionAs part of the Information and Cybersecurity Department (ICD), the Governance, Risk and Compliance (GRC) Vulnerability Risk Manager will play an integral role in communicating and tracking institutional risk incurred from vulnerabilities to key stakeholders within GTRI. The ideal candidate for this role has knowledge of and experience with the implementation of cybersecurity best practices and frameworks related to vulnerability and risk management. This role reports to the GRC Manager. This position has been designated as hybrid and work will be performed in the Atlanta, GA metropolitan area within Eastern Time (ET) Zone.Job PurposeThe Data Privacy and Compliance Analyst is responsible for assessing business policies, procedures, and operations to ensure the organization meets privacy requirements and government regulations for the protection of sensitive information. Privacy and Compliance Analysts manage the legal and operational risks related to sensitive and critical information assets, continuously assess business unit operations, and develop policies, procedures and user training necessary to meet or exceed privacy requirements.Key ResponsibilitiesAssists with difficult cybersecurity questions and requests from GTRI customers.Direct sponsor engagement as required to review current and planned requirements for secure infrastructures that require compliance.Guide requirements gathering and analysis.Leads validation of security control configuration on systems, ensure all systems are configured to necessary controls, such as NIST, DFARS 252.204-7012, CMMC, and other similar requirements.Articulates privacy requirements into product life-cycle including definition, requirements analysis, synthesis, cyber engineering analysis and implementation.Conducts privacy impact analyses and identify areas needing improvement and recommend necessary enhancements to achieve privacy goals.Reviews modifications to critical information systems and directs implementation of configuration changes.Mentors lower-level cybersecurity and IT professionals across the enterprise.Additional ResponsibilitiesReviewing new vulnerabilities identified from threat analysis sources and identify and prioritize new, high impact vulnerabilities.Identifying the impacted assets and/or application(s) at risk.Coordinate with different GTRI labs and business units in addressing plans of action and milestones.Calculate and respond to key performance indicators – track mitigations to improve performance metrics.Monitor and track the progress of risk remediation activities. Collaborate with stakeholders to ensure timely and effective remediation of identified risks and issues while providing regular briefings to senior management on vulnerabilities and mitigation activities.Review and analyze vulnerability reports and liaison with business units to which they belong to track, monitor for compliance, and ensure closure.Perform as backup to the Vulnerability Manager when need to run scheduled or ad-hoc reports as well as compile reports and distribute communication related to new critical vulnerabilities.Assist in the analysis and remediation of findings discovered during scheduled internal and third-party vulnerability scans and penetration tests.Provide strategic direction to ensure alignment with the organization's overarching cybersecurity strategies and policies.Provide continuous improvement of the vulnerability management lifecycle.Required Minimum QualificationsExperience in vulnerability management.Ability to obtain a secret security clearance.Practical knowledge of security applications and technologies, as well as operating system platforms including Windows, Mac, Linux, and Networking technologies.Previous experience with vulnerability scanning, reporting, and management processes or tools.Hands on knowledge of application and infrastructure vulnerability scanning tools (e.g., Rapid7, Nessus, Qualys, Fortify, etc.) in complex or large organizations.Technical background to understand the characteristics and exploitation vectors for vulnerabilities being reported.Strong knowledge of Splunk, Tenable Nessus, API’s, Excel and Power BI Platform for data analytics.Experience with advanced Excel data manipulation and analysis including pivot tables, light macros, intermediate formulas.Previous experience in analyzing data to present relevant metrics to remediation stakeholders and leadership.Sound knowledge of common infrastructure vulnerability categorizations such as CVE, CVSS, and/or CWE.Deep understanding of cybersecurity best practices and frameworks such as NIST 800-53/171, CMMC, RMF, MITRE, ATT&CK Framework, and OWASP top 10.Risk management expertise with ability to translate technical risks for business leaders.Experience judging the priority of a vulnerability based on risk and impact.Excellent written and verbal communication skills.One or more basic cybersecurity certifications such as: Security+, CEH, CND, CySA+, CCNA-Security or equivalent.Preferred Qualifications9 years of experience in vulnerability managementExperience leading or managing a Vulnerability Management program.One or more advanced cybersecurity certifications such as: CISSP, CISM, CISA, CASP, GEVA, CCNP-Security or equivalent.Travel RequirementsEducation and Length of Experience5 years of related experience with a Bachelor’s degree in Cybersecurity, Computer Engineering, Electrical Engineering, Computer Science, Information Assurance, Information Security, or related field.3 years of related experience with a Masters’ degree in Cybersecurity, Computer Engineering, Electrical Engineering, Computer Science, Information Assurance, Information Security, or related field.0 years of related experience with a Ph.D. in Cybersecurity, Computer Engineering, Electrical Engineering, Computer Science, Information Assurance, Information Security, or related field.Due to our research contracts with the U.S. federal government, candidates for this position must be U.S. Citizens.Clearance Type RequiredCandidates must be able to obtain and maintain an active security clearance.
#J-18808-Ljbffr