information Assurance Analyst - GRC

General Description:

This position will provide cybersecurity regulatory compliance support for the applicable business group(s) within HRL Laboratories and the Information Systems departments that support the business. This individual will be a member of the team responsible for managing and enhancing the technical security platforms and services that support various projects and programs. Specifically, the candidate should be knowledgeable regarding NIST 800-171 and Cybersecurity Maturity Model Certification (CMMC) regulations. The successful candidate will be part of the Information Assurance Team and will directly report to the Information Assurance Manager. The position will closely interface on an ongoing basis with members of other business support functions (e.g., Security, Export Compliance, Service Desk, IT, HR, Contracts, Legal). 

Essential Duties:

Regulatory compliance support to the business for regulatory agency compliance and required audits 

Serve as the subject matter expert and point of contact for compliance questions 

Coordinate incident response activities, including collecting evidence and conducting interviews 

Coordinate necessary meetings with various HRL teams (e.g., Security, Export Compliance, Service Desk, IT, HR, Contracts, Legal) 

Manage the information security governance projects and initiatives from initiation to deployment 

Support the process for tracking system gaps and weaknesses to closure, including Plans of Action and Milestones 

Lead the continual maintenance and improvement of compliance information 

Coordinate with various stakeholders on a periodic basis regarding policies, processes, and compliance information 

Build and review System Security Plans 

Review and draft corporate policies and processes for compliance with regulatory controls 

Create compliance reports and provide the business with evidence when required 

Develop, implement, and monitor risk registers and risk mitigation plans 

Collaborate with peers across the organization to share solutions and best practices 

Maintain of a comprehensive training, education, and awareness program 

Review contracts to ensure appropriate data safeguards are included 

Partner with IT to remediate/improve effectiveness of the control environment 

Partner with various program management stakeholders and technology execution teams to ensure alignment with strategy and vision 

Ensure the deployment and operation of security infrastructure, including, but not limited to, monitoring compliance, security audit management, security awareness, and communications 

Required Skills:

Minimum 2 years’ experience in a related role 

Solid organizational skills, including attention to detail 

Clear verbal and written communication among clients and team members 

Ability to multitask with prioritization 

Excellent written documentation development 

Ability to be self-starter and take initiative to learn and act 

Team player mindset (respectful, non-reactive, empathetic) 

Knowledge and understanding of basic business technology and resources 

Experience in developing and maintaining information security policy, standards, and guidelines 

Hands-on experience with one or more governance and compliance standards (i.e., ISO 27001, NIST Cybersecurity Framework, CMMC, NIST 800-53, NIST 800-171) 

Experience managing compliance efforts and experience with business risk management with the ability to communicate balance between strong security and enabling business 

A demonstrated understanding of information security systems (e.g., Linux, Windows) 

Prior experience in other cybersecurity fields (e.g., Application Security, Cloud Security) desired

Experience building or managing an information security program desired

Project management experience (planning, organizing, coordinating consulting resources) desired

Experience maintaining an enterprise information system in compliance with the Risk Management Framework desired

Knowledge of architecture, engineering, and operations of at least one enterprise SIEM platform (e.g., Google Chronicle, Microsoft Sentinel, QRadar, Splunk) desired

Basic understanding of common technologies/platforms (e.g., SIEM, IDS/IPS, EDR/XDR, Firewall, WAF) desired

Required Education:

Bachelor’s degree with 2+ years of experience in an information technology or GRC role 

High School diploma/GED with 4+ years of experience in an information security role OR  

Information Security certifications desired (e.g., CISSP, CISM, CCSP, GIAC, GCIA, GCIH, CISSP, CASP) 

Physical Requirements:

While performing the duties of this job, the employee is occasionally required to stand, climb, stoop, kneel, crouch, or crawl. The employee must regularly lift and/or move up to 30 pounds.  

Special Requirements:

This position is 100% on-site.

Responsibilities sometimes require working evenings and weekends, and in some cases, with little to no advance notice.

This job will also require up to 15% travel. 

This position requires that the applicant selected be a U.S. citizen and be able to obtain and maintain a security clearance. 

This position requires that the applicant obtain a DoD 8570.01-M IAM Level I (or higher) certification (e.g., CompTIA Security+, GSLC, CISM, CISSP) within 12 months of hire. 

As part of your role/function on the program, you will be granted privileged user access, which is subject to greater scrutiny as a direct result of the significant responsibilities. Please be aware that because of these critical duties, you will be subject to additional IT system monitoring and supervisory evaluation to ensure continuous adherence to Privileged User processes and procedures. Privileged Users are subject to a zero-tolerance policy for security violations. 

Compensation:

The base salary range for this full-time position is $99,705 - $124,683 + bonus + benefits.

Our salary ranges are determined by role, level, and location. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. Your recruiter can share more about the specific salary range during the hiring process. Please note that the compensation details listed reflect the base salary only, and do not include potential bonus or benefits.