Manager, Information Security Compliance and Risk

About The Position

Requirements

• Ability to lead, mentor, and grow a high-performing team through clear direction, accountability, and alignment with business goals.
• Strong analytical skills to evaluate risks, assess control solutions, and synthesize diverse inputs from cross-functional stakeholders.
• Effective at influencing and advising leadership and cross-functional partners on security risk and compliance, often without direct authority.
• Deep understanding of security risk and compliance standards and practical implementation within complex, regulated environment
• Bachelor’s degree or equivalent professional experience.
• 5-10 years of experience performing or supporting IT audits, compliance initiatives, and/or security risk assessments.
• Hands-on experience implementing and managing GRC platform technology.
• 2-5 years of people leadership experience.
• 6+ years of experience with strong working knowledge in at least three of the following frameworks or standards: HITRUST, SOC1, SOC2, PCI DSS, ISO 27001, ISO 22301, FISMA/NIST 800-53, NIST CSF, CMMC

Nice To Haves

• Holds or is actively pursuing one or more of the following certifications: CISSP
• Holds or is actively pursuing one or more of the following certifications: GIAC Security Essentials (GSEC)
• Holds or is actively pursuing one or more of the following certifications: Certified Information Systems Auditor (CISA)
• Holds or is actively pursuing one or more of the following certifications: Certified in Risk and Information Systems Control (CRISC)
• Holds or is actively pursuing one or more of the following certifications: GIAC Critical Controls Certification (GCCC)

Responsibilities

• Lead and manage the QTS Security Risk & Compliance team, including planning, execution, and reporting on the overall health of QTS security risk and compliance programs.
• Provide executive-level visibility into program maturity, risks, and control effectiveness.
• Support and oversee QTS compliance programs, including but not limited to SOC1 & SOC2, ISO 27001 & ISO 22301, PCI DSS, FISMA / NIST 800-53, CMMC, and HITRUST.
• Monitor, assess, and report on compliance posture and control operating effectiveness.
• Lead implementation of new compliance programs and expansion of existing programs to new sites.
• Coordinate and support internal and external audits, including auditor management and evidence collection.
• Serve as an escalation point for customer security and compliance inquiries, questionnaires, and audits.
• Manage the enterprise security risk management program, including identification, assessment, tracking, and reporting of risks. Ensure alignment with enterprise risk management activities.
• Lead the team managing the QTS GRC platform technology, ensuring the platform supports the needs of the QTS GRC program, and adapting the platform to the needs of QTS businesses that use the GRC platform.

Benefits

• Roth and Traditional 401(k) matching contributions with immediate vesting
• Every employee is bonus or commission eligible
• Generous PTO
• Paid Volunteer Days
• Plus Floating Holidays
• Stock Purchase Plan (SPP)
• 11 paid Holidays Annually/Holiday compensation when worked
• Pet and Legal Insurance
• Q-Rest Sabbatical Program
• Q-Anniversary Service Award Program
• Parental Leave for primary and secondary caregivers
• Military Benefits Package
• QTS Charitable Matching Gift Program
• QTS Scholarship for Employee Dependents
• QTS Crisis Fund
• Wellness Program
• Tuition Reimbursement Program