Information Security Analyst (GRC)

Based in Southern California with locations in Malibu, Calabasas and Camarillo; HRL has been on the leading edge of technology, conducting pioneering research and advancing the state of the art. 
GENERAL DESCRIPTION
This position will provide cybersecurity regulatory compliance support for the applicable business group(s) within HRL Laboratories and the Information Systems departments that support the business. This individual will be a member of the team responsible for managing and enhancing the technical security platforms and services that support various projects and programs. Specifically, the candidate should be knowledgeable regarding NIST 800-171 (NIST) and Cybersecurity Maturity Model Certification (CMMC) regulations. The successful candidate will be part of the Information Assurance Team and will directly report to the Information Assurance Manager. The position will closely interface on an ongoing basis with members of other business support functions (e.g., Security, Export Compliance, Service Desk, IT, HR, Contracts, Legal)
ESSENTIAL JOB FUNCTIONS
•Regulatory compliance support to the business for regulatory agency compliance and required audits•Serve as the subject matter expert and point of contact for NIST and CMMC questions•Coordinate necessary meetings with various HRL teams (e.g., Security, Export Compliance, Service Desk, and Regional and Local IT teams)•Manage the NIST Framework projects and initiatives from initiation to deployment•Support the process for tracking system gaps and weaknesses to closure including a Plan of Action and Milestones process for NIST compliance•Lead the continual maintenance and improvement of NIST/CMMC compliance•Coordinate with various stakeholders on a periodic basis regarding policies, processes, and compliance with NIST/CMMC controls•Build and review System Security Plans•Review and draft corporate Policies and Processes for compliance with regulatory controls•Create compliance reports and provide the business with questionnaire evidence when required•Develop, implement, and monitor risk mitigation plans as defined by the CMMC andown and continually develop the NIST/CMMC Governance Policy•Collaborate with peers across the organization to share solutions and best practices•Maintain of a comprehensive education and awareness program•Review contracts to ensure appropriate data safeguards are included•Partner with IT to remediate/improve effectiveness of the control environment•Partner with various program management stakeholders and technology execution teams to ensure alignment with strategy and vision•Ensure the deployment and operation of security infrastructure, including, but not limited to, monitoring compliance, security audit management, security awareness, and communications
REQUIRED QUALIFICATIONS
•Minimum of 3 years’ experience in a related role•Solid organizational skills, including attention to detail•Clear verbal and written communication among clients and team members•Ability to multitask with prioritization•Excellent written documentation development•Ability to create and maintain relationships•Ability to be self-starter and take initiative to learn and act•Team player mindset (respectful, non-reactive, empathetic)•Knowledge and understanding of basic business technology and resources•Experience in developing and maintaining information security policy, standards, and guidelines•Hands-on experience with governance and compliance standards (ISO 27001, NIST Cybersecurity Framework, CMMC, NIST 800-53, NIST 800-171)•Project management experience (planning, organizing, coordinating consulting resources)•Must have experience managing compliance efforts and experience with business risk management with the ability to communicate balance between strong security and enabling business•A demonstrated understanding of information security systems (Oracle, Linux, Windows)•Basic understanding of common technologies/platforms such as SIEM, IDS/IPS, Cisco, Palo Alto, and WAFs.
PREFFERED QUALIFICATIONS
•Prior experience in other cybersecurity fields (e.g., Application Security, Cloud Security)•CISSP, CISM, or CCSP certifications•Previous experience building or managing an information security program•Previous experience maintaining an Enterprise Information System in compliance with the Risk Management Framework as outlined in NIST•In-depth knowledge of architecture, engineering, and operations of at least one enterprise SIEM platform (e.g., Sentinel, Nitro/McAfee Enterprise Security Manager, ArcSight, QRadar, Log Logic, Splunk)•Experience developing and deploying signatures (e.g., YARA, Snort, Suricata, HIPS)•Understanding of mobile technology and OS (e.g., Android, iOS, Windows), VMware technology, and Unix, and basic Unix commands•Advanced certifications such as SANS GIAC/GCIA/GCIH, CISSP, or CASP and/or SIEM-specific training and certification
EDUCATION
•Bachelor’s Degree (B.A. or B.S.) in IT, Computer Science, Government Regulations, or other Curriculum with related experience (or two-year degree and equivalent experience)•CISA or Sec+ required
SPECIAL REQUIREMENTS This position is 100% on-site. Responsibilities sometimes require working evenings and weekends, and in some cases, with little to no advance notice. This position requires that the applicant selected be a U.S. citizen and be able to obtain and maintain a security clearance.
Compensation:The base salary range for this full-time position is $86,000 - $140,000 + bonus + benefits. Our salary ranges are determined by role, level, and location. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. Your recruiter can share more about the specific salary range during the hiring process. Please note that the compensation details listed reflect the base salary only, and do not include potential bonus or benefits.

This position must meet Export Control compliance requirements, therefore a "U.S. Person" as defined by 22 C.F.R. § 120.15 is required. "U.S. Person" includes U.S. Citizen, lawful permanent resident, refugee, or asylee.
HRL offers a very competitive compensation and benefits package. Our Regular/Full Time benefits include medical, dental, vision, life insurance, 401K match, gym facilities, PTO, growth potential, and an exciting and challenging work environment.
HRL Laboratories is an Equal Employment Opportunity employer and does not discriminate in recruiting, hiring, training or promoting, on the basis of race, ethnicity, color, creed, religion, sex, sexual orientation, gender, gender identity, genetic information, national origin, physical or mental disability, pregnancy, medical condition, age, U.S. military or protected veteran status, union membership, or political affiliation. We maintain a drug-free workplace and perform pre-employment substance abuse testing.
For our privacy policy please visit : www.hrl.com/privacy