Security & Compliance Specialist

About The Position

Requirements

• Proven experience in IT security operations, incident response, or security program management
• Strong understanding of security frameworks and controls (CIS, SOC, CMMC, etc.)
• Experience working across multiple client environments (MSP or similar)
• Ability to translate technical risk into clear, practical guidance for clients and internal teams
• Comfortable delivering informed opinions, leading discussions, and driving decisions without direct authority
• Strong analytical, organizational, and communication skills
• Proficient in Microsoft Office
• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or equivalent experience
• 3+ years of experience in IT security or compliance within an MSP or multiclient environment (preferred)

Nice To Haves

• Industry certifications (CISSP, CISM, CEH, CompTIA Security+) are a plus

Responsibilities

• Security Standards & Baseline Enforcement Define, document, and evolve Spinen’s baseline security standards (CIS IG1 as the minimum for all clients)
• Ensure CIS IG1 is implemented and sustained across 100% of client environments , with no permanent exceptions
• Design and maintain layered security and compliance standards (e.g., SOC 2, CMMC) for Compliance and Service clients
• Conduct research and evaluation of security tools and approaches, selecting and standardizing solutions in close collaboration with Pod leadership
• Work with Pods to ensure standards are implemented consistently and efficiently across environments
• Client Environment Oversight & Remediation Proactively assess client environments to identify security gaps, risks, and drift from established standards
• Actively drive remediation plans with Pods and clients to close identified gaps
• Engage directly with clients as a peer advisor to explain security risks, required controls, and necessary changes
• Support Pods during client pushback by clearly articulating risk, necessity, and tradeoffs
• Incident Response Leadership Lead security incident response efforts during active compromises or material security events
• Coordinate Pods and internal teams during investigation, containment, and recovery
• Ensure incidents result in meaningful improvements to standards, controls, and processes
• Maintain accurate incident documentation and reporting for internal leadership and clients
• Measurement, Evidence & Reporting Define what “done” means for security controls: implemented, automated where possible, and measurable
• Share responsibility with Pods for evidence and measurement, while remaining accountable for unresolved gaps
• Continuously assess security posture and control effectiveness
• Provide formal quarterly reporting to leadership focused on: Risk reduction Gap closure Drift prevention Prioritization of security work
• Automation Partnership Act as the product owner and internal client for security and compliance automation
• Define automation requirements and success criteria
• Partner with Spinen’s automation team to ensure automation meaningfully reduces risk and operational effort
• Collaboration & Advisory Work closely with Pods, vendors, and internal teams to ensure secure and compliant solutions
• Communicate Spinen’s security standards, expectations, and best practices clearly and consistently
• Support Tier 2/3 escalations related to security specific issues