Enterprise Cybersecurity Specialist 2 (GRC) (GTA)

Start your career in public service – JOIN OUR TEAM

Georgia Technology Authority (GTA) a Great Place to Work® certified!

The Georgia Technology Authority (GTA) is currently seeking a Enterprise Cybersecurity Specialist 2 – in the Office of Information Security.

The Georgia Technology Authority (GTA) currently manages the delivery of IT infrastructure services to 89 Executive Branch agencies and managed network services to more than 1,200 state and local government entities. IT infrastructure services encompass mainframes, servers, service desk, end user computing, disaster recovery and security. Managed network services include the state’s wide and local area networks, voice, cable and wiring, and conferencing services.

Want to know more about our AWARD-WINNING Authority visit: https://gta.georgia.gov/

Job Summary

The Enterprise Cybersecurity Specialist 2 supports enterprise-wide cybersecurity governance, risk, and compliance (GRC) initiatives under the direction of the Enterprise Security GRC Director within the Office of Information Security (OIS). This role contributes to the development, implementation, and oversight of security policies, procedures, and programs to ensure alignment with organizational security objectives and regulatory requirements.

The position involves coordinating cross-functional activities to protect organizational assets and support compliance efforts across multiple agencies and locations. It requires collaboration with internal teams, state agencies, managed service providers, and other stakeholders involved in enterprise security functions, including operations, business units, and the Georgia Enterprise Technology Services (GETS) Security Program Office.

The Enterprise Cybersecurity Specialist 2 uses sound judgment to support strategic goals, monitor security risks, and help maintain a strong security posture across the organization.

Responsibilities:

·       Serves as a subject matter expert in enterprise security governance, risk, compliance, cybersecurity, and risk mitigation.

·       Supports the development, implementation, and enforcement of enterprise security policies, procedures, standards, and plans in alignment with federal and Georgia state regulations.

·       Communicates cyber risk issues to all levels of management, agency security personnel, and business stakeholders.

·       Supports security initiatives and compliance efforts across multiple locations and agencies.

·       Ensures security-related goals are met within set priorities, timelines, and resource constraints.

·       Reports directly to the Enterprise Security GRC Director and provides strategic support in aligning enterprise-wide security initiatives.

·       Manages assigned resources to support IT and cybersecurity goals that reduce organizational risk.

·       Conducts and coordinates risk and compliance assessments, continuous monitoring, and reviews to protect information systems and assets.

·       Provides expertise in audit and compliance, security training, vulnerability and risk assessments, network and endpoint security, product evaluations, and implementation of security solutions.

·       Assists in managing complex security initiatives across diverse technical and business areas.

·       Delivers regular status updates and reports to management and stakeholders on cybersecurity projects, risk posture, and compliance using dashboards and other tools.

·       Supports third-party risk management by overseeing security compliance of external service providers.

·       Maintains working knowledge of cybersecurity contracts and fosters collaboration with IT and security partners.

·       Perform other duties as assigned.

      Core Competencies:

·       Skilled in identifying, evaluating, and mitigating cybersecurity risks through comprehensive assessments, continuous monitoring, and remediation strategies.

·       Ability in developing, implementing, and enforcing enterprise security policies and programs aligned with regulatory requirements and industry standards (e.g., NIST, ISO, HIPAA, PCI-DSS).

·       Knowledge of GRC platforms (e.g., ServiceNow), cloud security tools (AWS, Azure, Google Cloud), and applying frameworks such as NIST CSF, FIPS, and CIS Controls.

·       Effectively communicates cybersecurity risks and initiatives to diverse audiences, including executive leadership, technical teams, and business stakeholders.

·       Ability to work across departments, agencies, and with external partners to align cybersecurity practices and ensure enterprise-wide security compliance.

·       Knowledgeable in vulnerability management, incident response, SIEM systems, and SOC practices to support a resilient security posture.

·       Apply critical thinking and independent judgment to develop solutions that align with strategic objectives and minimize organizational risk.

·       Maintains up-to-date knowledge of applicable laws, regulations, and industry best practices affecting enterprise cybersecurity programs.

·       Ability to manage time, priorities, and resources effectively to meet security-related goals and support organizational initiatives.

AGENCY SPECIFIC QUALIFICATIONS:

Minimum Qualifications: 

·       Bachelor’s degree in Computer Science, Information Technology, Information Security, or a related field, or equivalent experience AND three (3) years of demonstrated success in information security and data governance.

·       Possesses or obtains within 12 months of employment an intermediate-level cybersecurity certification in accordance with state guidelines (e.g., CISSP, CRISC, CISA, CISM, SecurityX, GCIH, GCED).

·       Eligible for or currently holds a U.S. Department of Homeland Security (DHS) security clearance.

Preferred Qualifications

(in addition to meeting the qualifications to perform responsibilities and minimum qualifications preference will be given to candidates who demonstrate some or all of the following skills/experience):

·       Experience in governance, risk management, or compliance roles, ideally within enterprise and federated environments.

·       Proficiency with Enterprise GRC platforms (e.g., ServiceNow) and ability to adapt risk methodologies and frameworks to business needs.

·       Strong understanding of regulatory frameworks and industry standards, including NIST (SP 800-30, 800-37, 800-50, 800-53A, 800-53, 800-60, 800-61, and 800-64), NIST FIPS (FIPS-199, 200, 140-2), FedRAMP, GovRAMP, Cloud Security, IT Security frameworks - (NIST Special Pubs 800 Series, NIST Cybersecurity Framework, ISO 27000 Series), CIS CSC, and regulations (IRS1075, HIPAA, CJIS, SSA, PCI-DSS, AI-RMF).

·       Experience monitoring regulatory changes and managing vendor/supply chain risk to ensure third-party compliance.

·       Skilled in conducting security, compliance, and risk assessments.

·       Experience developing and improving governance processes to reduce risk and enhance efficiency.

·       Working knowledge of cloud security (AWS, Azure, Google), including monitoring, reporting, implementing controls, and ensuring compliance in cloud environments.

·       Familiarity with Identity and Privileged Access Management (IAM/PAM), and security practices for AI technologies.

·       Experience creating and delivering role-based security training and awareness programs.

·       Understanding of vulnerability management, incident response, Security Operations Center (SOC) operations, Security Information and Event Management (SIEM) systems, and automation tools.

·       Project management experience is a plus.

COMPENSATION/WORKER TYPE/ADDITIONAL DETAILS:

Hiring Salary Range: $70,800 - $84,760.00

Worker Type: Hybrid – State of Georgia Remote Work Option

*Current Georgia state government employees will be subject to SPB rule provisions.

EARN MORE THAN A SALARY! In addition to a competitive salary, the Georgia Technology Authority offers a generous benefits package, which includes employee retirement plan; paid holidays annually; vacation and sick leave; health, dental, vision, legal, disability, accidental death and dismemberment, health and childcare spending account; in addition to telework opportunities depending upon position. More information on Benefits: https://team.georgia.gov/my-benefits/

Due to the volume of applications received, we are unable to provide information on application status by phone or e-mail. All qualified applicants will be considered but may not necessarily receive an interview. Selected applicants will be contacted by the hiring agency for next steps in the selection process. Applicants who are not selected will not receive notification.

Georgia Technology Authority does not discriminate in employment on the basis of race, color, religion, sex (including pregnancy and gender identity), national origin, political affiliation, sexual orientation, marital status, disability, genetic information, age, membership in an employee organization, retaliation, parental status, military service, or other non-merit factor.