HRL Laboratories is hiring an

information Assurance Analyst - GRC

Malibu, United States
General Description:
This position will provide cybersecurity regulatory compliance support for the applicable business group(s) within HRL Laboratories and the Information Systems departments that support the business. This individual will be a member of the team responsible for managing and enhancing the technical security platforms and services that support various projects and programs. Specifically, the candidate should be knowledgeable regarding NIST 800-171 and Cybersecurity Maturity Model Certification (CMMC) regulations. The successful candidate will be part of the Information Assurance Team and will directly report to the Information Assurance Manager. The position will closely interface on an ongoing basis with members of other business support functions (e.g., Security, Export Compliance, Service Desk, IT, HR, Contracts, Legal). 

Essential Duties:
Regulatory compliance support to the business for regulatory agency compliance and required audits 
Serve as the subject matter expert and point of contact for compliance questions 
Coordinate incident response activities, including collecting evidence and conducting interviews 
Coordinate necessary meetings with various HRL teams (e.g., Security, Export Compliance, Service Desk, IT, HR, Contracts, Legal) 
Manage the information security governance projects and initiatives from initiation to deployment 
Support the process for tracking system gaps and weaknesses to closure, including Plans of Action and Milestones 
Lead the continual maintenance and improvement of compliance information 
Coordinate with various stakeholders on a periodic basis regarding policies, processes, and compliance information 
Build and review System Security Plans 
Review and draft corporate policies and processes for compliance with regulatory controls 
Create compliance reports and provide the business with evidence when required 
Develop, implement, and monitor risk registers and risk mitigation plans 
Collaborate with peers across the organization to share solutions and best practices 
Maintain of a comprehensive training, education, and awareness program 
Review contracts to ensure appropriate data safeguards are included 
Partner with IT to remediate/improve effectiveness of the control environment 
Partner with various program management stakeholders and technology execution teams to ensure alignment with strategy and vision 
Ensure the deployment and operation of security infrastructure, including, but not limited to, monitoring compliance, security audit management, security awareness, and communications 

Required Skills:
Minimum 2 years’ experience in a related role 
Solid organizational skills, including attention to detail 
Clear verbal and written communication among clients and team members 
Ability to multitask with prioritization 
Excellent written documentation development 
Ability to be self-starter and take initiative to learn and act 
Team player mindset (respectful, non-reactive, empathetic) 
Knowledge and understanding of basic business technology and resources 
Experience in developing and maintaining information security policy, standards, and guidelines 
Hands-on experience with one or more governance and compliance standards (i.e., ISO 27001, NIST Cybersecurity Framework, CMMC, NIST 800-53, NIST 800-171) 
Experience managing compliance efforts and experience with business risk management with the ability to communicate balance between strong security and enabling business 
A demonstrated understanding of information security systems (e.g., Linux, Windows) 
Prior experience in other cybersecurity fields (e.g., Application Security, Cloud Security) desired
Experience building or managing an information security program desired
Project management experience (planning, organizing, coordinating consulting resources) desired
Experience maintaining an enterprise information system in compliance with the Risk Management Framework desired
Knowledge of architecture, engineering, and operations of at least one enterprise SIEM platform (e.g., Google Chronicle, Microsoft Sentinel, QRadar, Splunk) desired
Basic understanding of common technologies/platforms (e.g., SIEM, IDS/IPS, EDR/XDR, Firewall, WAF) desired

Required Education:
Bachelor’s degree with 2+ years of experience in an information technology or GRC role 
High School diploma/GED with 4+ years of experience in an information security role OR  
Information Security certifications desired (e.g., CISSP, CISM, CCSP, GIAC, GCIA, GCIH, CISSP, CASP) 

Physical Requirements:
While performing the duties of this job, the employee is occasionally required to stand, climb, stoop, kneel, crouch, or crawl. The employee must regularly lift and/or move up to 30 pounds.  

Special Requirements:
This position is 100% on-site.
Responsibilities sometimes require working evenings and weekends, and in some cases, with little to no advance notice.
This job will also require up to 15% travel. 
This position requires that the applicant selected be a U.S. citizen and be able to obtain and maintain a security clearance. 
This position requires that the applicant obtain a DoD 8570.01-M IAM Level I (or higher) certification (e.g., CompTIA Security+, GSLC, CISM, CISSP) within 12 months of hire. 

As part of your role/function on the program, you will be granted privileged user access, which is subject to greater scrutiny as a direct result of the significant responsibilities. Please be aware that because of these critical duties, you will be subject to additional IT system monitoring and supervisory evaluation to ensure continuous adherence to Privileged User processes and procedures. Privileged Users are subject to a zero-tolerance policy for security violations. 

Compensation:
The base salary range for this full-time position is $99,705 - $124,683 + bonus + benefits.
Our salary ranges are determined by role, level, and location. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. Your recruiter can share more about the specific salary range during the hiring process. Please note that the compensation details listed reflect the base salary only, and do not include potential bonus or benefits.

Apply for this job

Please mention you found this job on AI Jobs. It helps us get more startups to hire on our site. Thanks and good luck!

Get hired quicker

Be the first to apply. Receive an email whenever similar jobs are posted.

Ace your job interview

Understand the required skills and qualifications, anticipate the questions you may be asked, and study well-prepared answers using our sample responses.

Analyst Q&A's
Report this job
Apply for this job