Data Privacy & Compliance Analyst
Comtech LLC
- Atlanta, GA
- $123,000-145,000 per year
- Permanent
- Full-time
- Assist with difficult cybersecurity questions and requests from customers.
- Direct sponsor engagement as required to review current and planned requirements for secure infrastructures that require compliance.
- Guide requirements gathering and analysis.
- Lead validation of security control configuration on systems, ensure all systems are configured to necessary controls, such as NIST, DFARS 252.204-7012, CMMC, and other similar requirements.
- Articulate privacy requirements into product life-cycle (definition, requirements analysis, synthesis, cyber engineering analysis and implementation).
- Conduct privacy impact analyses, identify areas needing improvement, and recommend necessary enhancements to achieve privacy goals.
- Review modifications to critical information systems and direct implementation of configuration changes.
- Mentor lower-level cybersecurity and IT professionals across the enterprise.
- Bachelors degree in Information Technology, Cybersecurity, or related field.
- CompTIA Advanced Security Practitioner (CASP), Certification Authorization Professional (CAP), GIAC Security Leadership Certificate (GSLC), Health Care Information Security and Privacy Practitioner (HCISPP), or equivalent certification.
- Experience in cyber-Governance, Risk, and Compliance (GRC).
- Experience in a cyber assessment or inspection-related role, ideally with experience in cybersecurity incident response.
- Solid technical understanding of cybersecurity concepts, standards, guidelines, and principles.
- Experience with industry-recognized security compliance frameworks (NIST, PCI-DSS, HIPAA, etc.).
- Experience with data aggregation/analytics and/or SIEM tools.
- Experience with Endpoint Detection and Response (EDR) solutions.
- Experience with Vulnerability Management tools.
- Ability to work at a technical level to assessments of IT environments, capable of identifying vectors of threats, vulnerabilities, and areas on non-compliance.
- Ability to communicate and present at various levels of technical detail depending on audience, ranging from cybersecurity deep dives to non-technical stakeholders.
- Excellent interpersonal skills and ability to create collaborative relationships with colleagues across various groups and levels, and influence without authority.
- Demonstrates leadership skills with ability to communicate effectively and work independently, both as part of and leading a team.