Cybersecurity Specialist 2 (GETS)

State of Georgia-posted 2 months ago
Full-time • Entry Level
Hybrid • Atlanta, GA
5,001-10,000 employees
Executive, Legislative, and Other General Government Support
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

The GETS Cybersecurity Specialist 2 serves within the Georgia Enterprise Technology Services (GETS) Program, reporting to the Office of Information Security (OIS) and working under the direction of the GETS Security Program Office Director. This role is responsible for supporting statewide security, risk, and compliance initiatives across the GETS environment in close collaboration with service tower providers, agencies, and the Multi-Sourcing Service Integrator (MSI). The specialist will assist in coordinating and implementing cybersecurity policies, procedures, and risk management standards, ensuring alignment with operational service delivery. This includes supporting governance functions and cross-functional security efforts related to system operations within the GETS framework.

  • Assists with overseeing the security, risk, and compliance services with Service Tower Providers in the development and implementation of programs, initiatives, security standards and practices to meet strategic risk management and security goals and objectives.
  • Assists with the management of all enterprise security related projects/issues of high complexity that requires in-depth knowledge across multiple technical areas and business functions.
  • Assists with the ensuring efficient service delivery of security services of GTA and GTA Customers technical environments, including assistance with oversight responsibility for the managed services being delivered by service providers and to ensure efficient execution of all IT processes and meeting of service level requirements for the technical environment.
  • Assists with evaluation and recommendation of risk and security mitigation strategies, techniques, and practices.
  • Assist with the development of work methods and procedures to strengthen security measures and improve effectiveness and increase efficiency of the overall processes.
  • Assist with ensuring that our Service Tower Providers serves as a security subject matter expert in the areas of strategic risk management, cybersecurity, and risk mitigation.
  • Assist with continuous monitoring, assessing, and reviews of the environment to safeguard resources and information assets across the GETS security program.
  • Advises GETS security management on technology, information system policy matters, and maintains continuous lines of communication by keeping the GETS Security program Director, Office of Information Security leadership, and agency ISOs informed of all critical information security issues.
  • Serves as the Enterprise Security Expert in the areas of strategic risk management, Cyber security, and risk mitigation.
  • Responsible for privilege access management process and activities regarding PAM for the GETS security program.
  • Serve as the main point of contact for all Firewall governance reviews and tasks.
  • Responsible for review of monthly security reports provided to GETS Security Director by the Service tower providers.
  • Assists with the EGRC functionality and process improvement around risk management for the GETS Security program.
  • Assists in the development and adoption of the principles, policies, standards and procedures of an enterprise information security governance and compliance strategy for GETS.
  • Assist the GETS Security Office Director in the oversight activities of vendor security management for GETS vendors according to prescribed GTA standards.
  • Monitors and maintains GETS Security Messaging queues for the necessary security approvals.
  • Provide updates and/or escalations to GETS Security Director regarding audit performance and findings.
  • Assists with driving remediation efforts with the Service Tower Providers risk mitigation efforts.
  • Assess Service Tower Providers and agencies to help measure and monitor compliance with policies and procedures.
  • Assists in internal and external client audits as it relates to IT security and compliance.
  • Assists with third-party IT assessments.
  • Assists in the development and implementation of information security programs relating to risk mitigation, security awareness and education, incident response, network and computer forensics, policy development, risk assessment, vulnerability scanning, trend analysis, certification and accreditation.
  • Reviews and provides improvements to existing processes, standards, risk, and security strategies related to information security management for GETS.
  • Provides guidance to project teams to help them comply with enterprise and IT security policies, industry regulations and best practices.
  • Identifies risk areas and implements methods for auditing and resolving non-compliance to information security standards.
  • Analyzes business impact and exposure based on emerging security threats, vulnerabilities, and risks.
  • Assists in the management of complex security issues, techniques, and implications across multiple environments.
  • Supports GETS Security Program Director in all activities related to the planning of information security management strategies, goals, and objectives.
  • Analyzes current trends and developments in the statewide environment to recommend strategies, actions and technologies to maintain a competitive advantage for an effective, efficient security posture.
  • Assists the GETS Security Office Director in the planning and implementation of security management initiatives for the GETS security program.
  • Acts as point of contact to agency customers to provide guidance on information security management issues.
  • Maintains relationships with agency information security and IT personnel, communicates office goals and objectives to internal and external stakeholders, and solicits feedback.
  • Performs other duties as assigned.
  • Bachelor's degree in Information Security, Information Assurance, Computer Science, Information Systems, Information Technology, or a related field.
  • Three (3) years' experience in information/cybersecurity, cybersecurity regulatory compliance, risk management which includes third party risk management, and cybersecurity program management.
  • Currently holds an entry level cyber certification per state guidelines or achieves within 12 months of start date: ((ISC)² Certified in Cybersecurity (CC), Security+, Network+, Microsoft SC-900 (Security, Compliance, and Identity Fundamentals), GISF*).
  • An equivalent combination of education and job-specific experience that provided the knowledge, experience, and competencies required to successfully perform the job at the level listed may be substituted on a year-over-year basis.
  • Understanding of vulnerability management, incident response, Security Operations Center (SOC) operations, Security Information and Event Management (SIEM) systems, and automation tools.
  • Proficiency with Enterprise GRC platforms (e.g., ServiceNow) and ability to adapt risk methodologies and frameworks to business needs.
  • Knowledge with various cybersecurity best practices, frameworks, and regulations such as: NIST Special Publications documents (SP 800-30, 800-37, 800-50, 800-53A, 800-53, 800-60, 800-61, 800-63, 800-64, 800-88, and 800-171), NIST FIPS (FIPS-199, 200, 140-2, 140-3), FedRAMP, IT Security frameworks - (NIST Special Pubs 800 Series, NIST Cybersecurity Framework, ISO 27000 Series), CIS CSC, and regulations (FISMA, HIPAA, CJIS, SSA, PCI-DSS, and FTI).
  • Understanding of Governance, Risk, and Compliance (GRC); Security Operations Center (SOC); Security Information and Event Management (SIEM) systems and automation platforms.
  • Experience in project management a plus.
  • Knowledge of identity management platforms (Okta, MSAAD, SailPoint, etc.).
  • Working knowledge of cloud platforms (i.e. AWS, Azure, Google) and enterprise network solutions, delivery technologies, and engineered network security solutions.
  • Familiarity with Identity and Privileged Access Management (IAM/PAM), and security practices for AI technologies.
  • Professional Certification in one or more: CISSP, CISM, GSEC, CISA, CRISC, CGEIT, CAP, CASP+. A master's degree in Information Security, Information Assurance, Computer Science, Information Systems, or Information Technology will substitute for one certification.
  • Employee retirement plan
  • Paid holidays annually
  • Vacation and sick leave
  • Health, dental, vision, legal, disability, accidental death and dismemberment, health and childcare spending account
  • Telework opportunities depending upon position
Track Jobs with Teal

Job Search Resources

AI Resume Builder
Cybersecurity Consultant Resume Examples
Cybersecurity Consultant Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service