Table, Computer Hardware, Screen, Monitor, Adult, Male, Man, Person, Desk, Laptop

Data Privacy and Compliance Analyst (Mid-Level) - ICD - Open Rank (Hybrid)

  • 500223
  • On Site
  • Atlanta, Georgia
  • Cybersecurity
  • Researchers: Contract

Overview:

The Georgia Tech Research Institute (GTRI) is the nonprofit, applied research division of the Georgia Institute of Technology (Georgia Tech). Founded in 1934 as the Engineering Experiment Station, GTRI has grown to more than 2,900 employees, supporting eight laboratories in over 20 locations around the country and performing more than $940 million of problem-solving research annually for government and industry. GTRI's renowned researchers combine science, engineering, economics, policy, and technical expertise to solve complex problems for the U.S. federal government, state, and industry.   

Georgia Tech's Mission and Values

Georgia Tech's mission is to develop leaders who advance technology and improve the human condition. The Institute has nine key values that are foundational to everything we do: 

1. Students are our top priority.
2. We strive for excellence.
3. We thrive on diversity.
4. We celebrate collaboration.
5. We champion innovation.
6. We safeguard freedom of inquiry and expression.
7. We nurture the wellbeing of our community.
8. We act ethically.
9. We are responsible stewards.

Over the next decade, Georgia Tech will become an example of inclusive innovation, a leading technological research university of unmatched scale, relentlessly committed to serving the public good; breaking new ground in addressing the biggest local, national, and global challenges and opportunities of our time; making technology broadly accessible; and developing exceptional, principled leaders from all backgrounds ready to produce novel ideas and create solutions with real human impact.

Location

Atlanta, GA (Hybrid)

Project/Unit Description

The Information and Cybersecurity Department (ICD) provides enterprise cybersecurity services in protection of GTRI's unclassified information assets. ICD consists of two components: The Governance, Risk, and Compliance (GRC) Team and the Information Security Operations Center (ISOC). The GRC Team provides services in cybersecurity policy, risk management, data governance, privacy, awareness and training, and ensuring compliance with Federal, state, and local cybersecurity requirements. The ISOC provides technical cybersecurity expertise via services in continuous monitoring, incident response, and vulnerability management.

Job Purpose

The Data Privacy and Compliance Analyst is responsible for assessing business policies, procedures, and operations to ensure the organization meets privacy requirements and government regulations for the protection of sensitive information. Privacy and Compliance Analysts manage the legal and operational risks related to sensitive and critical information assets, continuously assess business unit operations, and develop policies, procedures and user training necessary to meet or exceed privacy requirements.

Key Responsibilities

  • Assists with difficult cybersecurity questions and requests from GTRI customers.
  • Direct sponsor engagement as required to review current and planned requirements for secure infrastructures that require compliance.
  • Guide requirements gathering and analysis.
  • Leads validation of security control configuration on systems, ensure all systems are configured to necessary controls, such as NIST, DFARS 252.204-7012, CMMC, and other similar requirements.
  • Articulates privacy requirements into product life-cycle including definition, requirements analysis, synthesis, cyber engineering analysis and implementation.
  • Conducts privacy impact analyses and identify areas needing improvement and recommend necessary enhancements to achieve privacy goals.
  • Reviews modifications to critical information systems and directs implementation of configuration changes.
  • Mentors lower-level cybersecurity and IT professionals across the enterprise.

Additional Responsibilities

  • Builds processes and tools to provide the business visibility of cybersecurity risks and drive accountability.
  • Develops and maintains policies, standards, processes, and procedures to assess, monitor, report, escalate and remediate cyber risk while maintaining corporate compliance with mandated security regulations.
  • Assesses and reviews security and controls to ensure sustainable regulatory compliance.
  • Develops processes and monitoring to identify, quantify, analyze, and report risk and compliance status.
  • Coordinates cyber risk management efforts including identification, assessment, tracking and resolution of risk management activities across all levels of the organization.
  • Assists with training, including training material development and deployment to ensure that compliance and risk becomes a sustainable business practice.
  • Gathers and prepares documentation to support audits, self-assessments, data requests, etc.
  • Continuously monitor and evaluate security risks, both internal and external, and develop strategies to mitigate them. This includes conducting risk assessments, threat modeling, and vulnerability management.
  • Experience carrying out risk assessments, creating and managing risk registers and POAMs.
  • Able to identify, select, track, and report on security metrics.

Required Minimum Qualifications

  • Practical knowledge of security applications and technologies, as well as operating system platforms including Windows, Mac, Linux, and Networking technologies.
  • Knowledge of application and infrastructure vulnerability scanning tools (e.g., Rapid7, Nessus, Qualys, Fortify, etc.) in complex or large organizations.
  • Technical background to understand the characteristics and exploitation vectors for vulnerabilities being reported.
  • Knowledge of Splunk, Tenable Nessus, API’s, Excel and Power BI Platform for data analytics.
  • Experience with advanced Excel data manipulation and analysis including pivot tables, light macros, intermediate formulas.
  • Previous experience in analyzing data to present relevant metrics to remediation stakeholders and leadership.
  • Sound knowledge of risk management frameworks and risk scoring.
  • Deep understanding of cybersecurity best practices and frameworks such as NIST 800-53/171, CMMC, and RMF.
  • Risk management expertise with ability to translate technical risks for business leaders.
  • Experience judging the priority of a vulnerability based on risk and impact.
  • Excellent written and verbal communication skills.
  • One or more basic cybersecurity certifications such as: Security+, CEH, CND, CySA+, CCNA-Security or equivalent.

Preferred Qualifications

  • Active Secret Clearance.
  • Master’s degree.
  • 5 years of experience in risk management.
  • Experience leading or managing a Risk Management program.
  • One or more advanced cybersecurity certifications such as: CISSP, CISM, CISA, CRISC, CASP, or equivalent.

Travel Requirements

<10% travel

Education and Length of Experience

Levels 3, 4

This position vacancy is an open-rank announcement. The final job offer will be dependent on candidate qualifications in alignment with Research Faculty Extension Professional ranks as outlined in section 3.2.1 of the Georgia Tech Faculty Handbook

  • 5 years of related experience with a Bachelor’s degree in Cybersecurity, Information Security, Information Assurance, Computer Science, Computer Engineering, or related field.
  • 3 years of related experience with a Masters’ degree in Cybersecurity, Information Security, Information Assurance, Computer Science, Computer Engineering, or related field.
  • 0 years of related experience with a Ph.D. in Cybersecurity, Information Security, Information Assurance, Computer Science, Computer Engineering, or related field.

U.S. Citizenship Requirements

Due to our research contracts with the U.S. federal government, candidates for this position must be U.S. Citizens.

Clearance Type Required

Candidates must be able to obtain and maintain an active security clearance.

Benefits at GTRI

Comprehensive information on currently offered GTRI benefits, including Health & Welfare, Retirement Plans, Tuition Reimbursement, Time Off, and Professional Development, can be found through this link: https://benefits.hr.gatech.edu/.

Equal Employment Opportunity

The Georgia Institute of Technology (Georgia Tech) is an Equal Employment Opportunity Employer. The University is committed to maintaining a fair and respectful environment for all. To that end, and in accordance with federal and state law, Board of Regents policy, and University policy, Georgia Tech provides equal opportunity to all faculty, staff, students, and all other members of the Georgia Tech community, including applicants for admission and/or employment, contractors, volunteers, and participants in institutional programs, activities, or services.  Georgia Tech complies with all applicable laws and regulations governing equal opportunity in the workplace and in educational activities.

Georgia Tech prohibits discrimination, including discriminatory harassment, on the basis of race, ethnicity, ancestry, color, religion, sex (including pregnancy), sexual orientation, gender identity, gender expression, national origin, age, disability, genetics, or veteran status in its programs, activities, employment, and admissions.  This prohibition applies to faculty, staff, students, and all other members of the Georgia Tech community, including affiliates, invitees, and guests. Further, Georgia Tech prohibits citizenship status, immigration status, and national origin discrimination in hiring, firing, and recruitment, except where such restrictions are required in order to comply with law, regulation, executive order, or Attorney General directive, or where they are required by Federal, State, or local government contract.

USG Core Values Statement

The University System of Georgia is comprised of our 26 institutions of higher education and learning as well as the System Office. Our USG Statement of Core Values are Integrity, Excellence, Accountability, and Respect. These values serve as the foundation for all that we do as an organization, and each USG community member is responsible for demonstrating and upholding these standards. More details on the USG Statement of Core Values and Code of Conduct are available in USG Board Policy 8.2.18.1.2 and can be found on-line at https://www.usg.edu/policymanual/section8/C224/#p8.2.18_personnel_conduct.

Additionally, USG supports Freedom of Expression as stated in Board Policy 6.5 Freedom of Expression and Academic Freedom found on-line at https://www.usg.edu/policymanual/section6/C2653.

 

Apply Now

Not You?

Thank you

Subscribe to Job Alerts

Not You?

Thank you

Recommended Jobs

Software Engineer - ASL - Open Rank 500220 Atlanta Georgia United States Atlanta, Georgia, United States Cybersecurity, Data Analytics/Science, Software Development/Design The Software Engineer designs, develops, and tests software applications and products. Researchers
Software Engineer - ASL - Open Rank 500203 Huntsville Alabama United States Huntsville, Alabama, United States Data Analytics/Science, Software Development/Design, System Architecture, System Engineering The Software Engineer designs, develops, and tests software applications and products. Additionally, the Software Engineer manages software development teams, provides technical leadership, and establishes software development lifecycle practices ... Researchers
Solutions Architect - GTRI - CIPHER - Open Rank - Hybrid 500165 Atlanta Georgia United States Atlanta, Georgia, United States Cybersecurity The Secure Information Systems (SIS) Division of the CIPHER Laboratory is seeking an individual to serve as a Solutions Architect for the Secure Web Services portfolio within the Agile Special Project Enterprise mission. This position will be resp... Researchers