Georgia Tech

Cybersecurity Analyst - ICD

Georgia Tech$75K — $95K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in cybersecurity or related field, or equivalent experience.
  • 5+ years in governance, risk, compliance, or information security.
  • Strong knowledge of security technologies and operating systems (Windows, macOS, Linux).
  • Experience with vulnerability management processes and tools.
  • Solid understanding of cybersecurity threats and business risk.
  • Advanced data analysis skills in Excel with knowledge of pivot tables and formulas.
  • Excellent written and verbal communication, including policy drafting.

Responsibilities

  • Monitor information systems for security incidents and vulnerabilities.
  • Conduct risk assessments and security audits to identify weaknesses.
  • Develop and implement security policies and procedures for compliance.
  • Provide cybersecurity training and promote a culture of security.
  • Analyze security incidents to determine root causes and prevent recurrence.
  • Stay updated on emerging cybersecurity threats and update measures.
  • Prepare and present reports on cybersecurity status and progress.

Benefits

  • Comprehensive health and welfare options.
  • Retirement plans for financial security.
  • Tuition reimbursement for continued education.
  • Generous time off policies.
  • Opportunities for professional development.
Full Job Description
Location

Atlanta, GA

Project/Unit Description

GTRI created the Information and Cybersecurity Department (ICD) to strengthen the organization's cybersecurity posture and enable secure innovation and research. ICD operates a comprehensive enterprise cybersecurity program to protect GTRI's information assets.

ICD currently comprises two teams:
  • The Governance, Risk, and Compliance (GRC) Team, which focuses on policy and standards development, risk management, compliance oversight, and making cybersecurity more accessible for our customers.
  • The Information Security Operations Center (ISOC), which manages technical cybersecurity functions such as monitoring, alerting, engineering, and analysis.

This position is located within the GRC Team and will serve as a subject-matter expert and for governance, risk, and compliance activities.

Job Purpose

The Governance, Risk, and Compliance (GRC) Cybersecurity Analyst is responsible for leading the assessment and oversight of business policies, procedures, and operations to ensure the organization meets internal requirements and government regulations for the protection of sensitive and critical information. GRC Analysts own complex legal, regulatory, and operational risk areas related to information assets, drive continuous risk assessment across business units, and design and implement policies, procedures, and training needed to meet or exceed internal and external requirements.

Cybersecurity Analysts are responsible for protecting the institution's information systems and data from cyber threats and vulnerabilities. This role involves monitoring security incidents, conducting risk assessments, and implementing security measures to ensure compliance with regulatory requirements and best practices in cybersecurity.

Key Responsibilities
  • Monitor the institution's information systems for security incidents and vulnerabilities, responding promptly to mitigate potential threats.
  • Conduct regular risk assessments and security audits to identify weaknesses in the institution's cybersecurity posture and recommend remediation measures.
  • Develop and implement security policies, procedures, and protocols to protect sensitive data and ensure compliance with regulatory requirements.
  • Provide cybersecurity training and awareness programs for faculty, staff, and students to promote a culture of security within the institution.
  • Analyze security incidents and breaches to determine their root causes and develop strategies to prevent future occurrences.
  • Stay informed about emerging cybersecurity threats and trends, continuously updating security measures to address new challenges.
  • Prepare and present reports on the status of cybersecurity efforts, highlighting incidents, vulnerabilities, and progress on remediation activities.
  • Serve as a liaison with external agencies and partners on cybersecurity initiatives, collaborating on strategies to enhance the institution's security capabilities.
  • Collaborate with IT teams to deploy security technologies, such as firewalls, intrusion detection systems, and encryption tools, to safeguard institutional data.
  • Perform other duties as assigned.

Additional Responsibilities
  • Serve as a primary point of contact for complex or sensitive cybersecurity and compliance inquiries from GTRI customers and leadership.
  • Lead the development, review, and maintenance of:
    • Enterprise-wide security policies, standards, practices, plans, and procedures, ensuring alignment with GTRI baseline cybersecurity requirements and University System of Georgia (USG) guidelines.
    • Information technology risk assessments for systems, software, architectures, and configurations (compute, hardware/virtual, OS, storage, networking, security).
    • Requests for changes to critical information systems and guide implementation of approved configuration changes.
    • Cybersecurity documentation, including system security plans, and disaster recovery plans, and impact analyses (privacy, business, and security), ensuring completeness, accuracy, and currency.
  • Validate security control implementation and configuration on systems to ensure compliance with requirements such as NIST, DFARS, CMMC, and related frameworks.
  • Direct the creation and refinement of cybersecurity training content for GTRI personnel (e.g., security awareness, CUI training), ensuring alignment with current threats and regulatory expectations.
  • Lead the development and ongoing improvement of departmental website content (articles, processes, procedures, FAQs, contacts, organizational charts, and team member information).
  • Provide advanced support to the GRC Team service desk by resolving complex tickets and establishing standards and workflows for ticket triage and resolution.
  • Lead or coordinate activities related to audits, assessments, and regulatory reviews, including evidence collection, policy review, and compliance analysis.
  • Own or significantly contribute to the preparation and presentation of regulatory and compliance reports and dashboards, working with other units to ensure data completeness and accuracy.
  • Mentor junior and mid-level GRC analysts, providing guidance on best practices, work products, and professional development.
  • Actively collaborate with customers and cross-functional teams; derive and refine requirements; and facilitate forums that capture the voice of the customer to improve ICD's people, processes, and services.
  • Serve as a subject-matter expert in governance, risk, and compliance within ICD.
  • Interpret and apply laws, regulations, standards, policies, and industry best practices to complex secure infrastructures and research environments.
  • Lead or co-lead GRC-related projects and initiatives, managing scope, timelines, and deliverables for a range of complex compliance and risk problems.
  • Recommend and drive process improvements to enhance the effectiveness and efficiency of the enterprise cybersecurity and compliance program.

Required Minimum Qualifications
  • Bachelor's degree in cybersecurity, information security, information assurance, or a related field, or an equivalent combination of education and experience.
  • 5+ years of progressively responsible experience in governance, risk, compliance, or information security in a complex environment.
  • Strong practical knowledge of security technologies and controls, as well as operating system platforms including Windows, macOS, Linux, and core networking technologies.
  • Demonstrated experience with vulnerability management processes and tools, including scanning, reporting, prioritization, and remediation tracking.
  • Solid understanding of threats, vulnerabilities, exploitation techniques, and how they map to business risk.
  • Advanced experience with data analysis and reporting in Excel (pivot tables, lookups, intermediate/advanced formulas; scripting or macros a plus).
  • Proven ability to assess and communicate the priority and business impact of vulnerabilities and risks to both technical and non-technical stakeholders.
  • Excellent written and verbal communication skills, including experience drafting policies, standards, and executive-level summaries.
  • One or more intermediate or advanced cybersecurity/GRC certifications such as CISSP, CISM, CISA, SecurityX, CCNP-Security, or equivalent.

Preferred Qualifications
  • Active Secret clearance.
  • Master's degree in cybersecurity, information security, information assurance, business, or a related field.
  • Deep understanding of cybersecurity frameworks and best practices such as NIST 800-53/171, CMMC, RMF, MITRE ATT&CK, and OWASP Top 10.
  • Demonstrated experience leading audit, assessment, or certification efforts (e.g., NIST, CMMC, DFARS, FedRAMP, or similar).
  • Experience developing and tracking security and compliance metrics for remediation stakeholders and leadership.
  • Strong knowledge of common vulnerability categorizations and scoring systems such as CVE, CVSS, and CWE.
  • Proficiency with Atlassian Confluence for documentation and knowledge management.
  • Proficiency with Atlassian Jira for workflow, issue tracking, and project management.

Travel Requirements

U.S. Citizenship Requirements

Due to our research contracts with the U.S. federal government, candidates for this position must be U.S. Citizens.

Clearance Type Required

Candidates must be able to obtain and maintain an active security clearance.

Benefits at GTRI

Comprehensive information on currently offered GTRI benefits, including Health & Welfare, Retirement Plans, Tuition Reimbursement, Time Off, and Professional Development, can be found through this link: https://benefits.hr.gatech.edu/.

About Georgia Tech

The Georgia Institute of Technology, commonly referred to as Georgia Tech or, in the state of Georgia, as Tech, is a public research university and institute of technology in Atlanta, Georgia. It is part of the University System of Georgia and has satellite campuses in Savannah, Georgia; Metz, France; Athlone, Ireland; Shenzhen, China; and Singapore. The school was founded in 1885 as the Georgia School of Technology as part of Reconstruction plans to build an industrial economy in the post-Civil War Southern United States. Initially, it offered only a degree in mechanical engineering. By 1901, its curriculum had expanded to include electrical, civil, and chemical engineering. In 1948, the school changed its name to reflect its evolution from a trade school to a larger and more capable technical institute and research university. Today, Georgia Tech is organized into six colleges and contains about 31 departments/units, with emphasis on science and technology. It is well recognized for its degree programs in computer science, engineering, and business. Student athletics, both organized and intramural, are a part of student and alumni life. The school's intercollegiate competitive sports teams, the four-time football national champion Yellow Jackets, and the nationally recognized fight song "Ramblin' Wreck from Georgia Tech", have helped keep Georgia Tech in the national spotlight. Georgia Tech fields eight men's and seven women's teams that compete in the NCAA Division I athletics and the Football Bowl Subdivision. Georgia Tech is a member of the Coastal Division in the Atlantic Coast Conference.
Learn more about Georgia Tech

Similar Jobs

More Jobs at Georgia Tech

More Information Technology Jobs

Find similar Cybersecurity Analyst - ICD jobs: