|
Overview: The Georgia Tech Research Institute (GTRI) is the nonprofit, applied research division of the Georgia Institute of Technology (Georgia Tech).Founded in 1934 as the Engineering Experiment Station, GTRI has grown to more than 2,900 employees, supporting eight laboratories in over 20 locations around the country and performing more than $940 million of problem-solving research annually for government and industry.GTRI's renowned researchers combine science, engineering, economics, policy, and technical expertise to solve complex problems for the U.S. federal government, state, and industry. Georgia Tech's Mission and Values Georgia Tech's mission is to develop leaders who advance technology and improve the human condition. The Institute has nine key values that are foundational to everything we do: 1. Students are our top priority. 2. We strive for excellence. 3. We thrive on diversity. 4. We celebrate collaboration. 5. We champion innovation. 6. We safeguard freedom of inquiry and expression. 7. We nurture the wellbeing of our community. 8. We act ethically. 9. We are responsible stewards. Over the next decade, Georgia Tech will become an example of inclusive innovation, a leading technological research university of unmatched scale, relentlessly committed to serving the public good; breaking new ground in addressing the biggest local, national, and global challenges and opportunities of our time; making technology broadly accessible; and developing exceptional, principled leaders from all backgrounds ready to produce novel ideas and create solutions with real human impact. Location Atlanta, GA Project/Unit Description GTRI created the Information and Cybersecurity Department (ICD) to strengthen the organization's cybersecurity posture and enable secure innovation and research. ICD operates a comprehensive enterprise cybersecurity program to protect GTRI's information assets. ICD currently comprises two teams:
- The Governance, Risk, and Compliance (GRC) Team, which focuses on policy and standards development, risk management, compliance oversight, and making cybersecurity more accessible for our customers.
- The Information Security Operations Center (ISOC), which manages technical cybersecurity functions such as monitoring, alerting, engineering, and analysis.
This position is located within the GRC Team and will serve as a subject-matter expert and for governance, risk, and compliance activities. Job Purpose The Governance, Risk, and Compliance (GRC) Cybersecurity Analyst is responsible for leading the assessment and oversight of business policies, procedures, and operations to ensure the organization meets internal requirements and government regulations for the protection of sensitive and critical information. GRC Analysts own complex legal, regulatory, and operational risk areas related to information assets, drive continuous risk assessment across business units, and design and implement policies, procedures, and training needed to meet or exceed internal and external requirements. Cybersecurity Analysts are responsible for protecting the institution's information systems and data from cyber threats and vulnerabilities. This role involves monitoring security incidents, conducting risk assessments, and implementing security measures to ensure compliance with regulatory requirements and best practices in cybersecurity. Key Responsibilities
- Monitor the institution's information systems for security incidents and vulnerabilities, responding promptly to mitigate potential threats.
- Conduct regular risk assessments and security audits to identify weaknesses in the institution's cybersecurity posture and recommend remediation measures.
- Develop and implement security policies, procedures, and protocols to protect sensitive data and ensure compliance with regulatory requirements.
- Provide cybersecurity training and awareness programs for faculty, staff, and students to promote a culture of security within the institution.
- Analyze security incidents and breaches to determine their root causes and develop strategies to prevent future occurrences.
- Stay informed about emerging cybersecurity threats and trends, continuously updating security measures to address new challenges.
- Prepare and present reports on the status of cybersecurity efforts, highlighting incidents, vulnerabilities, and progress on remediation activities.
- Serve as a liaison with external agencies and partners on cybersecurity initiatives, collaborating on strategies to enhance the institution's security capabilities.
- Collaborate with IT teams to deploy security technologies, such as firewalls, intrusion detection systems, and encryption tools, to safeguard institutional data.
- Perform other duties as assigned.
Additional Responsibilities
- Serve as a primary point of contact for complex or sensitive cybersecurity and compliance inquiries from GTRI customers and leadership.
- Lead the development, review, and maintenance of:
- Enterprise-wide security policies, standards, practices, plans, and procedures, ensuring alignment with GTRI baseline cybersecurity requirements and University System of Georgia (USG) guidelines.
- Information technology risk assessments for systems, software, architectures, and configurations (compute, hardware/virtual, OS, storage, networking, security).
- Requests for changes to critical information systems and guide implementation of approved configuration changes.
- Cybersecurity documentation, including system security plans, and disaster recovery plans, and impact analyses (privacy, business, and security), ensuring completeness, accuracy, and currency.
- Validate security control implementation and configuration on systems to ensure compliance with requirements such as NIST, DFARS, CMMC, and related frameworks.
- Direct the creation and refinement of cybersecurity training content for GTRI personnel (e.g., security awareness, CUI training), ensuring alignment with current threats and regulatory expectations.
- Lead the development and ongoing improvement of departmental website content (articles, processes, procedures, FAQs, contacts, organizational charts, and team member information).
- Provide advanced support to the GRC Team service desk by resolving complex tickets and establishing standards and workflows for ticket triage and resolution.
- Lead or coordinate activities related to audits, assessments, and regulatory reviews, including evidence collection, policy review, and compliance analysis.
- Own or significantly contribute to the preparation and presentation of regulatory and compliance reports and dashboards, working with other units to ensure data completeness and accuracy.
- Mentor junior and mid-level GRC analysts, providing guidance on best practices, work products, and professional development.
- Actively collaborate with customers and cross-functional teams; derive and refine requirements; and facilitate forums that capture the voice of the customer to improve ICD's people, processes, and services.
- Serve as a subject-matter expert in governance, risk, and compliance within ICD.
- Interpret and apply laws, regulations, standards, policies, and industry best practices to complex secure infrastructures and research environments.
- Lead or co-lead GRC-related projects and initiatives, managing scope, timelines, and deliverables for a range of complex compliance and risk problems.
- Recommend and drive process improvements to enhance the effectiveness and efficiency of the enterprise cybersecurity and compliance program.
Required Minimum Qualifications
- Bachelor's degree in cybersecurity, information security, information assurance, or a related field, or an equivalent combination of education and experience.
- 5+ years of progressively responsible experience in governance, risk, compliance, or information security in a complex environment.
- Strong practical knowledge of security technologies and controls, as well as operating system platforms including Windows, macOS, Linux, and core networking technologies.
- Demonstrated experience with vulnerability management processes and tools, including scanning, reporting, prioritization, and remediation tracking.
- Solid understanding of threats, vulnerabilities, exploitation techniques, and how they map to business risk.
- Advanced experience with data analysis and reporting in Excel (pivot tables, lookups, intermediate/advanced formulas; scripting or macros a plus).
- Proven ability to assess and communicate the priority and business impact of vulnerabilities and risks to both technical and non-technical stakeholders.
- Excellent written and verbal communication skills, including experience drafting policies, standards, and executive-level summaries.
- One or more intermediate or advanced cybersecurity/GRC certifications such as CISSP, CISM, CISA, SecurityX, CCNP-Security, or equivalent.
Preferred Qualifications
- Active Secret clearance.
- Master's degree in cybersecurity, information security, information assurance, business, or a related field.
- Deep understanding of cybersecurity frameworks and best practices such as NIST 800-53/171, CMMC, RMF, MITRE ATT&CK, and OWASP Top 10.
- Demonstrated experience leading audit, assessment, or certification efforts (e.g., NIST, CMMC, DFARS, FedRAMP, or similar).
- Experience developing and tracking security and compliance metrics for remediation stakeholders and leadership.
- Strong knowledge of common vulnerability categorizations and scoring systems such as CVE, CVSS, and CWE.
- Proficiency with Atlassian Confluence for documentation and knowledge management.
- Proficiency with Atlassian Jira for workflow, issue tracking, and project management.
Travel Requirements <10% travel U.S. Citizenship Requirements Due to our research contracts with the U.S. federal government, candidates for this position must be U.S. Citizens. Clearance Type Required Candidates must be able to obtain and maintain an active security clearance. Benefits at GTRI Comprehensive information on currently offered GTRI benefits, including Health & Welfare, Retirement Plans, Tuition Reimbursement, Time Off, and Professional Development, can be found through this link: https://benefits.hr.gatech.edu/. Equal Employment Opportunity The Georgia Institute of Technology (Georgia Tech) is an Equal Employment Opportunity Employer. The Institute is committed to maintaining a fair and respectful environment for all. To that end, and in accordance with federal and state law, Board of Regents policy, and Institute policy, Georgia Tech provides equal opportunity to all faculty, staff, students, and all other members of the Georgia Tech community, including applicants for admission and/or employment, contractors, volunteers, and participants in institutional programs, activities, or services. Georgia Tech complies with all applicable laws and regulations governing equal opportunity in the workplace and in educational activities. Equal opportunity and decisions based on merit are fundamental values of the University System of Georgia ("USG") and Georgia Tech. Georgia Tech prohibits discrimination, including discriminatory harassment, on the basis of an individual's race, ethnicity, ancestry, color, religion, sex (including pregnancy), national origin, age, disability, genetics, or veteran status in its programs, activities, employment, and admissions. Further, Georgia Tech prohibits citizenship status, immigration status, and national origin discrimination in hiring, firing, and recruitment, except where such restrictions are required in order to comply with law, regulation, executive order, or Attorney General directive, or where they are required by Federal, State, or local government contract. USG Core Values Statement The University System of Georgia is comprised of our 26 institutions of higher education and learning as well as the System Office. Our USG Statement of Core Values are Integrity, Excellence, Accountability, and Respect. These values serve as the foundation for all that we do as an organization, and each USG community member is responsible for demonstrating and upholding these standards. More details on the USG Statement of Core Values and Code of Conduct are available in USG Board Policy 8.2.18.1.2 and can be found on-line at https://www.usg.edu/policymanual/section8/C224/#p8.2.18_personnel_conduct. Additionally, USG supports Freedom of Expression as stated in Board Policy 6.5 Freedom of Expression and Academic Freedom found on-line at https://www.usg.edu/policymanual/section6/C2653.
|