Cybersecurity Analyst

Overview
Georgia Tech prides itself on its technological resources, collaborations, high-quality student body, and its commitment to building an outstanding and diverse community of learning, discovery, and creation. We strongly encourage applicants whose values align with our institutional values, as outlined in our Strategic Plan. These values include academic excellence, diversity of thought and experience, inquiry and innovation, collaboration and community, and ethical behavior and stewardship. Georgia Tech has policies to promote a healthy work-life balance and is aware that attracting faculty may require meeting the needs of two careers.

About Georgia Tech
Georgia Tech is a top-ranked public research university situated in the heart of Atlanta, a diverse and vibrant city with numerous economic and cultural strengths. The Institute serves more than 45,000 students through top-ranked undergraduate, graduate, and executive programs in engineering, computing, science, business, design, and liberal arts. Georgia Tech's faculty attracted more than $1.4 billion in research awards this past year in fields ranging from biomedical technology to artificial intelligence, energy, sustainability, semiconductors, neuroscience, and national security. Georgia Tech ranks among the nation's top 20 universities for research and development spending and No. 1 among institutions without a medical school.

Georgia Tech's Mission and Values
Georgia Tech's mission is to develop leaders who advance technology and improve the human condition. The Institute has nine key values that are foundational to everything we do:
1. Students are our top priority.
2. We strive for excellence.
3. We thrive on diversity.
4. We celebrate collaboration.
5. We champion innovation.
6. We safeguard freedom of inquiry and expression.
7. We nurture the wellbeing of our community.
8. We act ethically.
9. We are responsible stewards.

Over the next decade, Georgia Tech will become an example of inclusive innovation, a leading technological research university of unmatched scale, relentlessly committed to serving the public good; breaking new ground in addressing the biggest local, national, and global challenges and opportunities of our time; making technology broadly accessible; and developing exceptional, principled leaders from all backgrounds ready to produce novel ideas and create solutions with real human impact.

The Office of Information Technology (OIT) provides information technology leadership and support to the Georgia Institute of Technology, working in partnership with academic and business units to meet the unique needs of a leading research university. OIT serves as the primary source of enterprise-wide information technology and telecommunications services in support of students, faculty, staff, and researchers.

Cybersecurity Analysts are responsible for protecting the institution's information systems and data from cyber threats and vulnerabilities. This role involves monitoring security incidents, conducting risk assessments, and implementing security measures to ensure compliance with regulatory requirements and best practices in cybersecurity.

JOB PURPOSE:

The Senior GRC & Internal Controls Professional position is dedicated to developing and applying an all-encompassing information protection framework that extends across all university departments. This role emphasizes the establishment of IT and information security policies, standards, guidelines, and baselines to ensure the comprehensive protection of information and systems throughout the university. The GRC Specialist will actively contribute to the creation and maintenance of a cybersecurity risk management program, designed to align with and enhance the university's overall Enterprise Risk Management strategy and IT Governance goals. This individual is responsible for implementing information assurance and compliance efforts, aimed at identifying, evaluating, documenting, and mitigating information security risks. Additionally, the GRC Specialist ensures the implementation and adherence to strong and efficient security processes and internal controls, supporting the university's commitment to compliance and the reinforcement of security protocols across the entire institution.

Job Duty 1 -
Monitor the institution's information systems for security incidents and vulnerabilities, responding promptly to mitigate potential threats.

Job Duty 2 -
Conduct regular risk assessments and security audits to identify weaknesses in the institution's cybersecurity posture and recommend remediation measures.

Job Duty 3 -
Develop and implement security policies, procedures, and protocols to protect sensitive data and ensure compliance with regulatory requirements.

Job Duty 4 -
Provide cybersecurity training and awareness programs for faculty, staff, and students to promote a culture of security within the institution.

Job Duty 5 -
Analyze security incidents and breaches to determine their root causes and develop strategies to prevent future occurrences.

Job Duty 6 -
Stay informed about emerging cybersecurity threats and trends, continuously updating security measures to address new challenges.

Job Duty 7 -
Prepare and present reports on the status of cybersecurity efforts, highlighting incidents, vulnerabilities, and progress on remediation activities.

Job Duty 8 -
Serve as a liaison with external agencies and partners on cybersecurity initiatives, collaborating on strategies to enhance the institution's security capabilities.

Job Duty 9 -
Collaborate with IT teams to deploy security technologies, such as firewalls, intrusion detection systems, and encryption tools, to safeguard institutional data.

Job Duty 10 -
Perform other job-related duties as assigned.

KEY RESPONSIBILITIES:

Duties may include but are not limited to:

Strategic GRC Framework Development: Lead the design and enhancement of comprehensive GRC frameworks that encompass information security, risk management, and compliance, aligning them with the university's strategic goals.

Advanced Risk Management: Conduct sophisticated risk assessments and analyses across various university operations to identify potential risks. Develop and implement risk mitigation and management strategies in collaboration with university leadership.

Compliance Oversight: Oversee the university's compliance with all relevant laws, regulations, and standards. This includes managing audits, investigations, and compliance monitoring activities, as well as updating policies and procedures in response to new regulations.

Security Leadership: Provide expert guidance on information security policies, standards, and controls. Lead efforts to strengthen the university's information security posture through technology solutions, employee training, and policy development.

Incident Management and Response: Direct the planning and execution of incident response strategies to manage and mitigate the impact of security breaches or compliance violations. Ensure rapid response and recovery actions.

Stakeholder Collaboration: Act as an advisor to departments on GRC issues. Facilitate communication and collaboration across departments to ensure GRC principles are integrated into all aspects of university operations.

Training and Awareness Programs: Deliver advanced training and awareness programs to educate the university community about risk, compliance, and security best practices, fostering a culture of awareness and preparedness.

Educational Requirements
Bachelor's Degree in related discipline or equivalent, related experience; advanced certification may be preferred or required.

Required Experience
Six or more years of relevant experience.

Additional Preferred Qualifications
Certified Information Systems Security Professional or Certified Information Systems Auditor.
Systems Security Certified Practitioner (SSCP). Rotating shift duty may be required.

Preferred Educational Qualifications
Bachelor's Degree in Business or Technical field

The budget for this position $98,000

SKILLS
This job requires proficient skills in office related computer applications.

KNOWLEDGE, SKILLS, & ABILITIES

Deep understanding of GRC principles, risk assessment methodologies, compliance frameworks, and information security standards. Knowledge of laws and regulations affecting higher education is essential.

Excellent communication, negotiation, and interpersonal skills, capable of working effectively with a wide range of stakeholders, from technical staff to executive leadership.

Strong analytical skills with an ability to identify risks and develop effective solutions. Adept at managing complex projects and navigating challenging situations. Proven leadership skills with the ability to inspire and guide a team of GRC professionals, fostering collaboration and teamwork across the university.

The University System of Georgia is comprised of our 26 institutions of higher education and learning as well as the System Office. Our USG Statement of Core Values are Integrity, Excellence, Accountability, and Respect. These values serve as the foundation for all that we do as an organization, and each USG community member is responsible for demonstrating and upholding these standards. More details on the USG Statement of Core Values and Code of Conduct are available in USG Board Policy 8.2.18.1.2 and can be found on-line at https://www.usg.edu/policymanual/section8/C224/#p8.2.18_personnel_conduct.

Additionally, USG supports Freedom of Expression as stated in Board Policy 6.5 Freedom of Expression and Academic Freedom found on-line at https://www.usg.edu/policymanual/section6/C2653.

The Georgia Institute of Technology (Georgia Tech) is an Equal Employment Opportunity Employer. The University is committed to maintaining a fair and respectful environment for all. To that end, and in accordance with federal and state law, Board of Regents policy, and University policy, Georgia Tech provides equal opportunity to all faculty, staff, students, and all other members of the Georgia Tech community, including applicants for admission and/or employment, contractors, volunteers, and participants in institutional programs, activities, or services. Georgia Tech complies with all applicable laws and regulations governing equal opportunity in the workplace and in educational activities.

Georgia Tech prohibits discrimination, including discriminatory harassment, on the basis of race, ethnicity, ancestry, color, religion, sex (including pregnancy), sexual orientation, gender identity, gender expression, national origin, age, disability, genetics, or veteran status in its programs, activities, employment, and admissions. This prohibition applies to faculty, staff, students, and all other members of the Georgia Tech community, including affiliates, invitees, and guests. Further, Georgia Tech prohibits citizenship status, immigration status, and national origin discrimination in hiring, firing, and recruitment, except where such restrictions are required in order to comply with law, regulation, executive order, or Attorney General directive, or where they are required by Federal, State, or local government contract.

More information on these policies can be found here: https://www.usg.edu/policymanual/section6/c2714 Board of Regents Policy Manual | University System of Georgia (usg.edu).

This is not a supervisory position.
This position does not have any financial responsibilities.
This position will not be required to drive.
This role is not considered a position of trust.
This position does not require a purchasing card (P-Card).
This position will not travel
This position does not require security clearance.

This position may require the candidate of choice to come into the office/campus. For remote, Telework, or Hybrid requests, employees must submit a request and receive approval from their manager, department head, and GT Human Resources. Travel is not an expense at GT / department expense.

Successful candidate must be able to pass a background check. Please visit http://policylibrary.gatech.edu/employment/pre-employment-screening