Data Privacy and Compliance Analyst (Experienced) - ICD - Open Rank (Hybrid)

Job#: 2043510

Job Description:

Job Title: Data Privacy and Compliance Analyst

Duration: contract to hire

Compensation: competitive

Location: Atlanta, GA (3x a week on-site midtown, 2 days remote)

**you must be authorized to work in the US and eligible to obtain a secret clearance. We cannot provide sponsorship for this position**
please apply directly by emailing [email protected] a word copy of your resume and a brief write up of your relevant experience
 

Job Purpose

The Data Privacy and Compliance Analyst is responsible for assessing business policies, procedures, and operations to ensure the organization meets privacy requirements and government regulations for the protection of sensitive information. Privacy and Compliance Analysts manage the legal and operational risks related to sensitive and critical information assets, continuously assess business unit operations, and develop policies, procedures and user training necessary to meet or exceed privacy requirements.

Key Responsibilities

• Assists with difficult cybersecurity questions and requests from customers.
• Direct sponsor engagement as required to review current and planned requirements for secure infrastructures that require compliance.
• Guide requirements gathering and analysis.
• Leads validation of security control configuration on systems, ensure all systems are configured to necessary controls, such as NIST, DFARS 252.204-7012, CMMC, and other similar requirements.
• Articulates privacy requirements into product life-cycle including definition, requirements analysis, synthesis, cyber engineering analysis and implementation.
• Conducts privacy impact analyses and identify areas needing improvement and recommend necessary enhancements to achieve privacy goals.
• Reviews modifications to critical information systems and directs implementation of configuration changes.
• Mentors lower-level cybersecurity and IT professionals across the enterprise.

Required Minimum Qualifications

• Experience in cyber-Governance, Risk, and Compliance (GRC).
• Experience in a cyber assessment or inspection related role, ideally with experience in cybersecurity incident response.
• Solid technical understanding of cybersecurity concepts, standards, guidelines, and principles.
• Experience with industry-recognized security compliance frameworks (NIST, PCI-DSS, HIPAA, etc.).
• Experience with data aggregation/analytics and/or SIEM tools.
• Experience with Endpoint Detection and Response (EDR) solutions.
• Experience with Vulnerability Management tools.
• Ability to handle time-sensitive situations with a calm and professional attitude while maintaining an appropriate sense of urgency.
• Ability to work at a technical level to assessments of IT environments, capable of identifying vectors of threats, vulnerabilities, and areas on non-compliance.
• Ability to communicate and present at various levels of technical detail depending on audience, ranging from cybersecurity deep dives to non-technical stakeholders.
• Effective project management and organizational skills, including managing multiple, concurrent tasks and meeting deadlines.
• Excellent interpersonal skills and ability to create collaborative relationships with colleagues across various groups and levels, and influence without authority.
• Demonstrates leadership skills with ability to communicate effectively and work independently, both as part of and leading a team.
• Ability to mentor team members at all levels, develop training plans, and foster personal and professional growth within the team.
• CompTIA Advanced Security Practitioner (CASP), Certification Authorization Professional (CAP), GIAC Security Leadership Certificate (GSLC), Health Care Information Security and Privacy Practitioner (HCISPP), or equivalent certification.

Preferred Qualifications

• Active Secret Clearance.
• Master’s degree in cybersecurity, information technology, engineering, or a related field.
• Experience as an incident manager, commander, or leader.
• 10+ years of progressive work-related experience in information security, public accounting or internal audit, with a focus on IT controls audits and assessments and/or controls readiness assessments.
• Excellent knowledge of technology infrastructure environments including Windows, Mac, Linux, virtual, and cloud.
• Experience in an incident response-related role, or a participant in an incident response team.
• Experience with the following cybersecurity tools: Splunk, CrowdStrike, Tenable.io, Axonious.
• Detail oriented; Exceptional oral and written communication and presentation skills.
• Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) or equivalent certification.

EEO Employer

Apex Systems is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at [email protected] or 844-463-6178.