information Assurance Analyst - GRC

Dodmg in Malibu, CA

$99,705 - $124,683

General Description:
This position will provide cybersecurity regulatory compliance support for the applicable business group(s) within HRL Laboratories and the Information Systems departments that support the business. This individual will be a member of the team responsible for managing and enhancing the technical security platforms and services that support various projects and programs. Specifically, the candidate should be knowledgeable regarding NIST 800-171 and Cybersecurity Maturity Model Certification (CMMC) regulations. The successful candidate will be part of the Information Assurance Team and will directly report to the Information Assurance Manager. The position will closely interface on an ongoing basis with members of other business support functions (e.g., Security, Export Compliance, Service Desk, IT, HR, Contracts, Legal).

Essential Duties:
Regulatory compliance support to the business for regulatory agency compliance and required audits
Serve as the subject matter expert and point of contact for compliance questions
Coordinate incident response activities, including collecting evidence and conducting interviews
Coordinate necessary meetings with various HRL teams (e.g., Security, Export Compliance, Service Desk, IT, HR, Contracts, Legal)
Manage the information security governance projects and initiatives from initiation to deployment
Support the process for tracking system gaps and weaknesses to closure, including Plans of Action and Milestones
Lead the continual maintenance and improvement of compliance information
Coordinate with various stakeholders on a periodic basis regarding policies, processes, and compliance information
Build and review System Security Plans
Review and draft corporate policies and processes for compliance with regulatory controls
Create compliance reports and provide the business with evidence when required
Develop, implement, and monitor risk registers and risk mitigation plans
Collaborate with peers across the organization to share solutions and best practices
Maintain of a comprehensive training, education, and awareness program
Review contracts to ensure appropriate data safeguards are included
Partner with IT to remediate/improve effectiveness of the control environment
Partner with various program management stakeholders and technology execution teams to ensure alignment with strategy and vision
Ensure the deployment and operation of security infrastructure, including, but not limited to, monitoring compliance, security audit management, security awareness, and communications

Required Skills:
Minimum 2 years’ experience in a related role
Solid organizational skills, including attention to detail
Clear verbal and written communication among clients and team members
Ability to multitask with prioritization
Excellent written documentation development
Ability to be self-starter and take initiative to learn and act
Team player mindset (respectful, non-reactive, empathetic)
Knowledge and understanding of basic business technology and resources
Experience in developing and maintaining information security policy, standards, and guidelines
Hands-on experience with one or more governance and compliance standards (i.e., ISO 27001, NIST Cybersecurity Framework, CMMC, NIST 800-53, NIST 800-171)
Experience managing compliance efforts and experience with business risk management with the ability to communicate balance between strong security and enabling business
A demonstrated understanding of information security systems (e.g., Linux, Windows)
Prior experience in other cybersecurity fields (e.g., Application Security, Cloud Security) desired
Experience building or managing an information security program desired
Project management experience (planning, organizing, coordinating consulting resources) desired
Experience maintaining an enterprise information system in compliance with the Risk Management Framework desired
Knowledge of architecture, engineering, and operations of at least one enterprise SIEM platform (e.g., Google Chronicle, Microsoft Sentinel, QRadar, Splunk) desired
Basic understanding of common technologies/platforms (e.g., SIEM, IDS/IPS, EDR/XDR, Firewall, WAF) desired

Required Education:
Bachelor’s degree with 2+ years of experience in an information technology or GRC role
High School diploma/GED with 4+ years of experience in an information security role OR
Information Security certifications desired (e.g., CISSP, CISM, CCSP, GIAC, GCIA, GCIH, CISSP, CASP)

Physical Requirements:
While performing the duties of this job, the employee is occasionally required to stand, climb, stoop, kneel, crouch, or crawl. The employee must regularly lift and/or move up to 30 pounds.

Special Requirements:
This position is 100% on-site.
Responsibilities sometimes require working evenings and weekends, and in some cases, with little to no advance notice.
This job will also require up to 15% travel.
This position requires that the applicant selected be a U.S. citizen and be able to obtain and maintain a security clearance.
This position requires that the applicant obtain a DoD 8570.01-M IAM Level I (or higher) certification (e.g., CompTIA Security+, GSLC, CISM, CISSP) within 12 months of hire.

As part of your role/function on the program, you will be granted privileged user access, which is subject to greater scrutiny as a direct result of the significant responsibilities. Please be aware that because of these critical duties, you will be subject to additional IT system monitoring and supervisory evaluation to ensure continuous adherence to Privileged User processes and procedures. Privileged Users are subject to a zero-tolerance policy for security violations.

Compensation:
The base salary range for this full-time position is $99,705 - $124,683 + bonus + benefits.
Our salary ranges are determined by role, level, and location. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. Your recruiter can share more about the specific salary range during the hiring process. Please note that the compensation details listed reflect the base salary only, and do not include potential bonus or benefits.
None Apply