Cybersecurity Audit & Compliance Analyst

About the position TSC is seeking a Cybersecurity Audit & Compliance Analys t to lead the sustainment and programmatic maturation of enterprise security frameworks. This position is responsible for the management of comprehensive cybersecurity policies and the technical validation of security controls to ensure mission-critical systems remain aligned with federal regulatory mandates. The ideal candidate would be located in the Huntsville, AL, Bloomington, IN or DC metro area with the ability to work on a hybrid basis. The successful candidate will maintain a state of continuous audit-readiness and serve as a key member of the cybersecurity team, helping ensure TSC meets its compliance and audit objectives across a broad set of enterprise systems and applications. They will also contribute to secure rollout of emerging technologies such as AI tools and capabilities. This role provides a unique opportunity to bridge traditional federal compliance with the future of AI-driven defense operations.

Responsibilities

• Help formalize, implement, and maintain enterprise-level cybersecurity and data handling policies.
• Lead the review and socialization of security mandates to ensure cross-functional alignment with federal standards.
• Develop and maintain the System Security Plan (SSP), Security Assessment Reports (SAR), and associated artifacts to provide a rigorous, defensible account of the security control environment.
• Support the execution of formal gap analyses and risk assessments across federal regulatory frameworks.
• Provide data-driven insights to mitigate vulnerabilities.
• Serve as a technical contributor for external federal audits and third-party assessments.
• Manage the end-to-end evidence lifecycle, ensuring all technical artifacts are verified, organized, and available for regulatory review.
• Serve as a functional representative within the Incident Response (IR) team to document event timelines and post-incident reporting, ensuring all federal reporting obligations are met.
• Oversee management of audit artifacts to ensure they meet requirements and are readily accessible on demand.
• Design and deliver technical cybersecurity training programs, ensuring that the technical workforce understands their specific roles in maintaining our security authorizations.
• Support the cybersecurity team in the administration of security tools, including Microsoft 365 Security and Purview, to monitor data sensitivity, review audit telemetry, and validate that technical configurations consistently mirror established policy.

Requirements

• Bachelor’s degree in Cybersecurity, Information Systems, or a related field plus 2-4 years of experience in GRC, Information Assurance, or Technical Compliance within a federal-regulated environment.
• US Citizenship with the ability to obtain and maintain a US security clearance.
• Demonstrated experience in authoring formal cybersecurity policies, procedural documentation, and System Security Plan (SSP).
• Hands-on experience navigating security portals to pull telemetry and verify control status.
• Deep understanding of federal data protection standards and regulatory frameworks.

Nice-to-haves

• Experience supporting the implementation or administration of advanced security tools such as Microsoft Defender for Endpoint (Plan 2) or Microsoft Sentinel.
• Relevant industry certifications such as Security+, CySA+, Microsoft SC-200, CISA, CCP, CCA, or CISSP.
• Familiarity with the NIST AI Risk Management Framework or general interest in the security governance of Generative AI.

Benefits

• TSC offers a stable work environment, a competitive salary, and a comprehensive benefit package; including ESOP participation, 401K Plan, Flexible Work Schedules, Tuition Reimbursement, Co-Sponsored Health Plan, Paid Leave, and much more.

Apply tot his job Apply To this Job