Security and Compliance Lead

Overview:

Wage:

$110k-$120k DOE

Benefits:

• 100% employer-paid medical, dental and vision for employees
• Annual review with raise option
• 22 days Paid Time Off accrued annually, and 4 holidays
  • After 3 years, PTO increases to 29 days. Employees transition to flexible time off after 5 years with the company—not accrued, not capped, take time off when you want
  • The 4 holidays are: New Year’s Day, Fourth of July, Thanksgiving, and Christmas Day
• Paid Maternity and Paternity Leave
• Up to 6% company matching 401(k) with no vesting period
• Quarterly allowance
  • Use to make your remote work set up more comfortable, for continuing education classes, a plant for your desk, coffee for your coworker, a massage for yourself... really, whatever
• Open concept office with friendly coworkers
• Creative environment where you can make a difference
• No dumb benefits like free dog walking on the weekends that snobby hipster places have to make you feel cool, but mathematically won't cost the company much money because you won't use it
• Trail Mix Bar --- oh yeah

Responsibilities:

• Develop and maintain security policies, standards, and baseline configurations for the data center.
• Enhance layered physical security systems, including CCTV, badge readers, biometrics, and intrusion alarms.
• Manage 24/7 access controls, including visitor management, staff clearances, badge systems, and vendor accreditation.
• Lead risk assessments (e.g., FMEA, threat modeling), identify vulnerabilities, and recommend remediation.
• Ensure compliance with standards like SOC 2, ISO 27001, and PCI DSS; coordinate audits and maintain audit-ready documentation.
• Serve as Incident Commander or key responder for physical breaches, alarms, or policy violations; lead investigations and reporting.
• Maintain and improve incident response playbooks; train staff on protocols and best practices.
• Deploy and manage security monitoring tools (e.g., SIEM, physical access logs) and define KPIs for access attempts and compliance health.
• Deliver regular security reports to leadership and key stakeholders.
• Run training and awareness programs for staff and contractors on physical security and compliance.
• Oversee vendor and third-party compliance through assessments, audits, and contractual reviews.
• Continuously improve security posture by applying industry best practices and staying current on emerging threats and technologies.

Requirements:

• Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or equivalent experience in security and compliance.
• 5+ years in security, compliance, or audit roles within IT infrastructure or data centers.
• Demonstrable experience managing SOC 2, ISO 27001, PCI DSS, HIPAA, or GDPR compliance.
• Hands‑on familiarity with physical security systems like CCTV, badge control, biometric access, and alarms.
• Deep knowledge of SIEM systems, incident response frameworks, and risk assessment methodologies.
• Comfortable with networking/physical infrastructure concepts: VLANs, firewalls, environmental sensors, racks.
• A great human
• Strong leadership and interpersonal skills
• A person who gets things done themselves with or without a team