CCS Global Tech is a rapidly growing Information Technology company with a diverse portfolio of technology products and services and a large network of industry partnerships. With over 22 years of being a successful business with a global talent pool and presence, CCS is a certified Microsoft Gold Partner and specializes in delivering expert Microsoft based solutions for technical and business needs. We have been recognized by Inc. 500 Magazine as one of the fastest growing small companies in the Unites States.
we are a Tier 1 vendor for the City and County of San Francisco for Cloud Services, Staffing Services and Training Services. For this multi-year opportunity with a diverse set of needs to address, we are currently focusing on establishing partnerships with individuals as well as companies who can help us enhance our overall service portfolio, cut lead times, and ultimately help us deliver successfully. We currently hold sizable Government accounts in the San Francisco bay area including City and County of San Francisco, San Mateo County, and Santa Clara County.
We take great pride in our global reach and local influence. Your experience alongside our highly skilled and talented internal team who guide you along the way, offers key insights into what helps you stand out in a competitive job market.
If you are a partner company, please submit resumes with contact information of your own W2 Consultants only. Submitted consultants are expected to have excellent communication skills.
Project Scope:
This position supports the agency's cybersecurity and data protection operations, with a focus on DLP, Insider Risk Management, Copilot/AI data security, auditing, vendor security reviews, and device patching.
This position supports the agency's cybersecurity and data protection operations, with a focus on DLP, Insider Risk Management, Copilot/AI data security, auditing, vendor security reviews, and device patching. The analyst will review and triage security alerts, investigate access and movement of sensitive information, perform system and vendor audits, document findings, assist with incident escalation, and work with technical and business teams to strengthen the agency's overall security and data governance posture.
Roles/Responsibilities:
- Data Protection & Data Governance
- Monitor and administer Data Loss Prevention (DLP) policies and controls.
- Investigate potential data loss, data exposure, and unauthorized access incidents.
- Support Data Security Posture Management (DSPM) initiatives related to AI and Copilot.
- Review the movement, storage, and sharing of sensitive information.
- Assist in implementation of data classification and data handling requirements.
- Participate in data governance initiatives and support data owners and stewards.
- Security Monitoring & Incident Response
- Review and triage security alerts from DLP, Insider Risk Management, DSPM, and other security platforms.
- Investigate suspicious activity involving sensitive information.
- Document findings and maintain investigation records.
- Escalate incidents according to agency incident response procedures.
- Assist with containment, recovery, and post-incident activities.
- Insider Risk Management
- Monitor Insider Risk Management alerts and cases.
- Analyze user activity associated with potential policy violations.
- Conduct investigations while maintaining confidentiality and proper chain of evidence.
- Recommend corrective actions and risk mitigation strategies.
- Vendor Security Management
- Participate in third-party and vendor security assessments.
- Review vendor security documentation, audit reports, and questionnaires.
- Identify cybersecurity risks associated with third-party services.
- Assist in tracking remediation efforts and risk acceptance decisions.
- Security Auditing & Compliance
- Support cybersecurity audits and compliance reviews.
- Collect and analyze evidence for regulatory and policy requirements.
- Assist with risk assessments and control validation activities.
- Maintain documentation supporting compliance efforts.
- Collaboration & Reporting
- Work with technical and non-technical staff to address security concerns.
- Prepare reports, metrics, and presentations regarding security risks and trends.
- Participate in cybersecurity awareness and training initiatives.
- Recommend improvements to security policies, procedures, and controls.
Mandatory Skill:
- Bachelor's degree in cybersecurity, information technology, computer science, or a related field is required; equivalent experience may be considered.
- Security certification such as CompTIA Security+ or GIAC Security Essentials (GSEC) is required.
- 3+ years of experience supporting enterprise cybersecurity operations, including threat monitoring, incident response, and risk analysis.
- 3+ years of hands-on experience working with data protection technologies such as data loss prevention (DLP), insider risk management tools, and data security posture management for AI (DSPM for AI).
- 3+ years of experience reviewing and triaging data related security alerts, analyzing access and movement of sensitive information, documenting findings, and escalating incidents according to established procedures.
- 3+ years of collaborating with technical and nontechnical teams to resolve security issues and supporting continuous improvement in the agency's data security
- posture.
Desirable Skills:
- Experience working with AI driven security tools, Cortex, particularly DSPM platforms designed to manage sensitive data used by AI systems
- Certifications: Microsoft SC100, SC200, CEH, or an Associate level CISSP.
- Experience finetuning DLP policies, refining insider risk alerts, or supporting data governance programs
- Familiarity with Azure security, identity-based access controls, conditional access, and security automation or scripting