Information Assurance Analyst - GRC

General Description:

This position will provide cybersecurity regulatory compliance support for the applicable business group(s) within HRL Laboratories and the Information Systems departments that support the business. This individual will be a member of the team responsible for managing and enhancing the technical security platforms and services that support various projects and programs.

Specifically, the candidate should be knowledgeable regarding NIST 800-171 and Cybersecurity Maturity Model Certification (CMMC) regulations. The successful candidate will be part of the Information Assurance Team and will directly report to the Information Assurance Manager. The position will closely interface on an ongoing basis with members of other business support functions (e.g., Security, Export Compliance, Service Desk, IT, HR, Contracts, Legal).

Essential Duties:

Regulatory compliance support to the business for regulatory agency compliance and required audits

Serve as the subject matter expert and point of contact for compliance questions

Coordinate incident response activities, including collecting evidence and conducting interviews

Coordinate necessary meetings with various HRL teams (e.g., Security, Export Compliance, Service Desk, IT, HR, Contracts, Legal)

Manage the information security governance projects and initiatives from initiation to deployment

Support the process for tracking system gaps and weaknesses to closure, including Plans of Action and Milestones

Lead the continual maintenance and improvement of compliance information

Coordinate with various stakeholders on a periodic basis regarding policies, processes, and compliance information

Build and review System Security Plans

Review and draft corporate policies and processes for compliance with regulatory controls

Create compliance reports and provide the business with evidence when required

Develop, implement, and monitor risk registers and risk mitigation plans

Collaborate with peers across the organization to share solutions and best practices

Maintain of a comprehensive training, education, and awareness program

Review contracts to ensure appropriate data safeguards are included

Partner with IT to remediate/improve effectiveness of the control environment

Partner with various program management stakeholders and technology execution teams to ensure alignment with strategy and vision

Ensure the deployment and operation of security infrastructure, including, but not limited to, monitoring compliance, security audit management, security awareness, and communications

Required Skills:

Minimum 2 years' experience in a related role

Solid organizational skills, including attention to detail

Clear verbal and written communication among clients and team members

Ability to multitask with prioritization

Excellent written documentation development

Ability to be self-starter and take initiative to learn and act

Team player mindset (respectful, non-reactive, empathetic)

Knowledge and understanding of basic business technology and resources

Experience in developing and maintaining information security policy, standards, and guidelines

Hands-on experience with one or more governance and compliance standards (i.e., ISO 27001, NIST Cybersecurity Framework, CMMC, NIST 800-53, NIST 800-171)

Experience managing compliance efforts and experience with business risk management with the ability to communicate balance between strong security and enabling business

A demonstrated understanding of information security systems (e.g., Linux, Windows)

Prior experience in other cybersecurity fields (e.g., Application Security, Cloud Security) desired

Experience building or managing an information security program desired

Project management experience (planning, organizing, coordinating consulting resources) desired

Experience maintaining an enterprise information system in compliance with the Risk Management Framework desired

Knowledge of architecture, engineering, and operations of at least one enterprise SIEM platform (e.g., Google Chronicle, Microsoft Sentinel, QRadar, Splunk) desired

Basic understanding of common technologies/platforms (e.g., SIEM, IDS/IPS, EDR/XDR, Firewall, WAF) desired

Required Education:

Bachelor's degree with 2+ years of experience in an information technology or GRC role

High School diploma/GED with 4+ years of experience in an information security role OR

Information Security certifications desired (e.g., CISSP, CISM, CCSP, GIAC, GCIA, GCIH, CISSP, CASP)

Physical Requirements:

While performing the duties of this job, the employee is occasionally required to stand, climb, stoop, kneel, crouch, or crawl. The employee must regularly lift and/or move up to 30 pounds.

Special Requirements:

This position is 100% on-site.

Responsibilities sometimes require working evenings and weekends, and in some cases, with little to no advance notice.

This job will also require up to 15% travel.

This position requires that the applicant selected be a U.S. citizen and be able to obtain and maintain a security clearance.

This position requires that the applicant obtain a DoD 8570.01-M IAM Level I (or higher) certification (e.g., CompTIA Security+, GSLC, CISM, CISSP) within 12 months of hire.

As part of your role/function on the program, you will be granted privileged user access, which is subject to greater scrutiny as a direct result of the significant responsibilities. Please be aware that because of these critical duties, you will be subject to additional IT system monitoring and supervisory evaluation to ensure continuous adherence to Privileged User processes and procedures. Privileged Users are subject to a zero-tolerance policy for security violations.

Compensation:

The base salary range for this full-time position is $99,705 - $124,683 + bonus + benefits.

Our salary ranges are determined by role, level, and location. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position.

Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. Your recruiter can share more about the specific salary range during the hiring process. Please note that the compensation details listed reflect the base salary only, and do not include potential bonus or benefits.