Cybersecurity
Analyst
RESPONSIBILITIES:
Under limited
supervision:
Analyze
data/information from one or multiple sources to conduct preparation of the
environment, respond to requests for information, and submit intelligence
collection and production requirements in support of planning and operations.
Interact at
multiple levels of the organization to establish and maintain a strong and
adaptive security posture that aligns with organizational risk tolerance,
information access requirements, business strategies, and compliance requirements.
Integrate
overarching security frameworks across multiple, complex disciplines in support
of the business needs of the Agency to provide customer-focused technology
solutions in a secure, cost-effective, and efficient manner.
Coordinate and
oversee the production of evidence to support internal and external audits.
Conduct
internal risk, vulnerability, and compliance assessments to:
Identify risks,
vulnerabilities, and compliance shortcomings; and recommend/develop security
measures, policies, and controls for risk/vulnerability mitigation and
remediation of compliance findings.
Prepare and/or
update incident response plans and perform incident response activities as
directed and in accordance with established Agency procedures and guidelines and
those of the Georgia Technology Authority (GTA).
Ensure periodic
monitoring of audit logs occurs in accordance with requirements, and report
findings and concerns for further analysis and/or action, including breach
notification and initiation of incident response, in accordance with Agency
protocols/procedures and CISO direction/guidance.
Work with
developers to plan, implement, manage, and coordinate appropriate security
measures for information systems/applications that control access to data, and
prevent unauthorized modification, destruction, or disclosure of information in
accordance with federal, state, local, and agency requirements, policies, and
directives.
Prepare and/or
update Plan of Actions & Milestones (POA&M) that identify security
weaknesses and establish milestones and compensating controls for remediating
these weaknesses and tracking the progress and effectiveness of the
remediation.
Serve as a
Subject Matter Expert (SME), advising on current best practice and strategies
for the protection, auditing, and monitoring of data, data storage, and
transmission paths.
Work with
business owners, IT managers, staff, and vendors to provide timely and
efficient coordination of information assurance/security services to meet
Agency needs.
Prepare and
communicate status of Agency information security programs and projects to
senior executives through oral and written reports and presentations.
Assist with
information security awareness training activities and preparation of awareness
training materials.
Develop and
communicate security metrics to assess effectiveness of, and compliance with,
the Agency’s InfoSec policies and controls.
Performs other
professional responsibilities as assigned.
Requirements
·Certified Information Systems Security Professional (CISSP)
·Certified Information Security Manager (CISM)
·Certified Information Systems Auditor (CISA)
·Demonstrated professional experience developing and communicating an information security strategy and aligning projects, initiatives, and resources to execute against the strategy