Information Security Intern assisting with components of Benjamin Moore's information security program. Responsibilities include documentation, compliance monitoring, and forensic analysis.
About the role
- Cybersecurity Audit & Compliance Analyst leading management of comprehensive cybersecurity policies and validation of security controls. The role focuses on compliance and audit objectives within federal regulations.
Responsibilities
- Help formalize
- implement
- and maintain enterprise-level cybersecurity and data handling policies.
- Lead the review and socialization of security mandates to ensure cross-functional alignment with federal standards.
- Develop and maintain the System Security Plan (SSP)
- Security Assessment Reports (SAR)
- and associated artifacts to provide a rigorous
- defensible account of the security control environment.
- Support the execution of formal gap analyses and risk assessments across federal regulatory frameworks.
- Provide data-driven insights to mitigate vulnerabilities.
- Serve as a technical contributor for external federal audits and third-party assessments.
- Manage the end-to-end evidence lifecycle
- ensuring all technical artifacts are verified
- organized
- and available for regulatory review.
- Serve as a functional representative within the Incident Response (IR) team to document event timelines and post-incident reporting
- ensuring all federal reporting obligations are met.
- Oversee management of audit artifacts to ensure they meet requirements and are readily accessible on demand.
- Design and deliver technical cybersecurity training programs
- ensuring that the technical workforce understands their specific roles in maintaining our security authorizations.
- Support the cybersecurity team in the administration of security tools
- including Microsoft 365 Security and Purview
- to monitor data sensitivity
- review audit telemetry
- and validate that technical configurations consistently mirror established policy.
Requirements
- Bachelor’s degree in Cybersecurity
- Information Systems
- or a related field plus 2-4 years of experience in GRC
- Information Assurance
- or Technical Compliance within a federal-regulated environment.
- US Citizenship with the ability to obtain and maintain a US security clearance.
- Demonstrated experience in authoring formal cybersecurity policies
- procedural documentation
- and System Security Plan (SSP).
- Hands-on experience navigating security portals to pull telemetry and verify control status.
- Deep understanding of federal data protection standards and regulatory frameworks.
- Experience supporting the implementation or administration of advanced security tools such as Microsoft Defender for Endpoint (Plan 2) or Microsoft Sentinel.
- Relevant industry certifications such as Security+
- CySA+
- Microsoft SC-200
- CISA
- CCP
- CCA
- or CISSP.
- Familiarity with the NIST AI Risk Management Framework or general interest in the security governance of Generative AI.
Benefits
- TSC offers a stable work environment
- a competitive salary
- a comprehensive benefit package; including ESOP participation
- 401K Plan
- Flexible Work Schedules
- Tuition Reimbursement
- Co-Sponsored Health Plan
- Paid Leave
- and much more.
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Specialist in Information Security at Lojas Renner responsible for monitoring and addressing security incidents. Collaborating with various teams on data protection strategies and leadership preparation.
Cybersecurity Specialist at Caixa Vida e Previdência ensuring safety in various technology solutions. Collaborating with teams to implement security measures and respond to incidents.
GRC Analyst enhancing governance, risk, and compliance practices within Sword, focusing on cybersecurity standards and configuration management.
Técnico de Segurança do Trabalho at Cia do Treinamento responsible for training clients on safety regulations and conducting safety assessments. Seeking professionals passionate about safety and compliance across Brazil.
Ingénieur en sécurité physique participant à des projets d’envergure au sein de Stantec. Analysant besoins, concevant systèmes de sécurité et préparant documentation technique.
System Security Engineer strengthening cybersecurity posture across on - premise and hybrid environments. Focused on Windows infrastructure security, identity management, and compliance.
Security Testing Lead overseeing application security testing activities at Computer World Services. Ensuring continuous identification and remediation of application security risks through dynamic testing methods.
IS Security Administrator managing all aspects of cyber security and data protection at Avita Health System. Responsible for risk assessments and IT security strategies across various platforms.
Senior Security Engineer strengthening security at fintech startup Flanks, focusing on security initiatives and practices across applications and infrastructure.