CybersecurityAnalyst

RESPONSIBILITIES:

Under limitedsupervision:

Analyzedata/information from one or multiple sources to conduct preparation of theenvironment, respond to requests for information, and submit intelligencecollection and production requirements in support of planning and operations.

Interact atmultiple levels of the organization to establish and maintain a strong andadaptive security posture that aligns with organizational risk tolerance,information access requirements, business strategies, and compliance requirements.

Integrateoverarching security frameworks across multiple, complex disciplines in supportof the business needs of the Agency to provide customer-focused technologysolutions in a secure, cost-effective, and efficient manner.

Coordinate andoversee the production of evidence to support internal and external audits.

Conductinternal risk, vulnerability, and compliance assessments to:

Identify risks,vulnerabilities, and compliance shortcomings; and recommend/develop securitymeasures, policies, and controls for risk/vulnerability mitigation andremediation of compliance findings.

Prepare and/orupdate incident response plans and perform incident response activities asdirected and in accordance with established Agency procedures and guidelines andthose of the Georgia Technology Authority (GTA).

Ensure periodicmonitoring of audit logs occurs in accordance with requirements, and reportfindings and concerns for further analysis and/or action, including breachnotification and initiation of incident response, in accordance with Agencyprotocols/procedures and CISO direction/guidance.

Work withdevelopers to plan, implement, manage, and coordinate appropriate securitymeasures for information systems/applications that control access to data, andprevent unauthorized modification, destruction, or disclosure of information inaccordance with federal, state, local, and agency requirements, policies, anddirectives.

Prepare and/orupdate Plan of Actions & Milestones (POA&M) that identify securityweaknesses and establish milestones and compensating controls for remediatingthese weaknesses and tracking the progress and effectiveness of theremediation.

Serve as aSubject Matter Expert (SME), advising on current best practice and strategiesfor the protection, auditing, and monitoring of data, data storage, andtransmission paths.

Work withbusiness owners, IT managers, staff, and vendors to provide timely andefficient coordination of information assurance/security services to meetAgency needs.

Prepare andcommunicate status of Agency information security programs and projects tosenior executives through oral and written reports and presentations.

Assist withinformation security awareness training activities and preparation of awarenesstraining materials.

Develop andcommunicate security metrics to assess effectiveness of, and compliance with,the Agency’s InfoSec policies and controls.

Performs otherprofessional responsibilities as assigned.

Requirements