Cybersecurity Analyst - ICD
Georgia Tech Research Institute · Atlanta, GA · 2 wk ago
Information TechnologyFull-time
About the role
The Governance, Risk, and Compliance (GRC) Cybersecurity Analyst is responsible for leading the assessment and oversight of business policies, procedures, and operations to ensure the organization meets internal requirements and government regulations for the protection of sensitive and critical information.
Responsibilities
- Monitor the institution's information systems for security incidents and vulnerabilities, responding promptly to mitigate potential threats.
- Conduct regular risk assessments and security audits to identify weaknesses in the institution's cybersecurity posture and recommend remediation measures.
- Develop and implement security policies, procedures, and protocols to protect sensitive data and ensure compliance with regulatory requirements.
- Provide cybersecurity training and awareness programs for faculty, staff, and students to promote a culture of security within the institution.
- Analyze security incidents and breaches to determine their root causes and develop strategies to prevent future occurrences.
- Stay informed about emerging cybersecurity threats and trends, continuously updating security measures to address new challenges.
- Prepare and present reports on the status of cybersecurity efforts, highlighting incidents, vulnerabilities, and progress on remediation activities.
- Serve as a liaison with external agencies and partners on cybersecurity initiatives, collaborating on strategies to enhance the institution's security capabilities.
- Collaborate with IT teams to deploy security technologies, such as firewalls, intrusion detection systems, and encryption tools, to safeguard institutional data.
- Perform other duties as assigned.
Requirements
- Bachelor’s degree in cybersecurity, information security, information assurance, or a related field, or an equivalent combination of education and experience.
- 5+ years of progressively responsible experience in governance, risk, compliance, or information security in a complex environment.
- Strong practical knowledge of security technologies and controls, as well as operating system platforms including Windows, macOS, Linux, and core networking technologies.
- Demonstrated experience with vulnerability management processes and tools, including scanning, reporting, prioritization, and remediation tracking.
- Solid understanding of threats, vulnerabilities, exploitation techniques, and how they map to business risk.
- Advanced experience with data analysis and reporting in Excel (pivot tables, lookups, intermediate/advanced formulas; scripting or macros a plus).
- Proven ability to assess and communicate the priority and business impact of vulnerabilities and risks to both technical and non-technical stakeholders.
- Excellent written and verbal communication skills, including experience drafting policies, standards, and executive-level summaries.
- One or more intermediate or advanced cybersecurity/GRC certifications such as CISSP, CISM, CISA, SecurityX, CCNP-Security, or equivalent.
Qualifications
- Bachelor’s degree in cybersecurity, information security, information assurance, or a related field, or an equivalent combination of education and experience.
- 5+ years of progressively responsible experience in governance, risk, compliance, or information security in a complex environment.
- Strong practical knowledge of security technologies and controls, as well as operating system platforms including Windows, macOS, Linux, and core networking technologies.
- Demonstrated experience with vulnerability management processes and tools, including scanning, reporting, prioritization, and remediation tracking.
- Solid understanding of threats, vulnerabilities, exploitation techniques, and how they map to business risk.
- Advanced experience with data analysis and reporting in Excel (pivot tables, lookups, intermediate/advanced formulas; scripting or macros a plus).
- Proven ability to assess and communicate the priority and business impact of vulnerabilities and risks to both technical and non-technical stakeholders.
- Excellent written and verbal communication skills, including experience drafting policies, standards, and executive-level summaries.
- One or more intermediate or advanced cybersecurity/GRC certifications such as CISSP, CISM, CISA, SecurityX, CCNP-Security, or equivalent.
Skills
- Active Secret clearance.
- Master’s degree in cybersecurity, information security, information assurance, business, or a related field.
- Deep understanding of cybersecurity frameworks and best practices such as NIST 800-53/171, CMMC, RMF, MITRE ATT&CK, and OWASP Top 10.
- Demonstrated experience leading audit, assessment, or certification efforts (e.g., NIST, CMMC, DFARS, FedRAMP, or similar).
- Experience developing and tracking security and compliance metrics for remediation stakeholders and leadership.
- Strong knowledge of common vulnerability categorizations and scoring systems such as CVE, CVSS, and CWE.
- Proficiency with Atlassian Confluence for documentation and knowledge management.
- Proficiency with Atlassian Jira for workflow, issue tracking, and project management.
Benefits
Comprehensive information on currently offered GTRI benefits, including Health & Welfare, Retirement Plans, Tuition Reimbursement, Time Off, and Professional Development, can be found through this link: https://benefits.hr.gatech.edu/.
Pay
Salary is commensurate with experience.
Schedule
Full-time, Monday-Friday, 8:00 AM - 5:00 PM.