Security & Compliance Specialist

The Security & Compliance Specialistis responsible forreducing security risk and incidents across Spinen and all client environments by defining enforcing and sustaining strong baseline security standards.

This role focuses on closing remaining gaps inSpinenssecurity posture (with CIS IG1 as the baseline standard) preventing drift over time and driving real remediation in client environments. The Specialistoperatesas an opinionated senior individual contributor who works closely with Pods clients vendors and internal teams to ensure security controls are implemented automated where possible and measurable.

This is ahands-onclient facingrole with authority to lead incident response define standards and drive remediation without management responsibilities.

Supervisory Duties

• None

Core Responsibilities

Security Standards & Baseline Enforcement

• Define document and evolveSpinensbaseline security standards (CIS IG1 as the minimum for all clients)

• Ensure CIS IG1 is implemented and sustained across100% of client environments with no permanent exceptions

• Design andmaintainlayered security and compliance standards (e.g. SOC 2 CMMC) for ComplianceandService clients

• Conduct research and evaluation of security tools and approachesselectingand standardizing solutions in close collaboration with Pod leadership

• Work with Pods to ensure standards are implemented consistently and efficiently across environments

Client Environment Oversight & Remediation

• Proactively assess client environments toidentifysecurity gaps risks and drift from established standards

• Actively drive remediation plans with Pods and clients to closeidentifiedgaps

• Engage directly with clients as a peer advisor to explain security risksrequiredcontrols and necessary changes

• Support Pods during client pushback by clearly articulating risk necessity and tradeoffs

Incident Response Leadership

• Lead security incident response efforts during active compromises or material security events

• Coordinate Pods and internal teams during investigation containment and recovery

• Ensure incidents result in meaningful improvements to standards controls and processes

• Maintainaccurateincident documentation and reporting for internal leadership and clients

Measurement Evidence & Reporting

• Define what done means for security controls: implemented automated where possible and measurable

• Share responsibility with Pods for evidence and measurement whileremainingaccountable for unresolved gaps

• Continuously assess security posture and control effectiveness

• Provide formal quarterly reporting to leadership focused on:

• Risk reduction

• Gap closure

• Drift prevention

• Prioritization of security work

Automation Partnership

• Act as the product owner and internal client for security and compliance automation

• Define automation requirements and success criteria

• Partner withSpinensautomation team to ensure automation meaningfully reduces risk and operational effort

Collaboration & Advisory

• Work closely with Pods vendors and internal teams to ensure secure and compliant solutions

• CommunicateSpinenssecurity standards expectations and best practices clearly and consistently

• Support Tier 2/3 escalations related tosecurity specificissues

Required Skills & Abilities

• Proven experience in IT security operations incident response or security program management

• Strong understanding of security frameworks and controls (CIS SOC CMMC etc.)

• Experience working across multiple client environments (MSP or similar)

• Ability to translate technical risk into clear practical guidance for clients and internal teams

• Comfortabledelivering informedopinions leading discussions anddrivingdecisions without direct authority

• Strong analytical organizational and communication skills

• Proficientin Microsoft Office

Education & Experience

• Bachelors degree in Cybersecurity Computer Science Information Technology or equivalent experience

• 3 years of experience in IT security or compliance within an MSP or multiclient environment (preferred)

• Industry certifications (CISSP CISM CEH CompTIA Security) are a plus

Physical Requirements

• Prolonged periods of sitting and working on a computer

• Ability tolift upto 50lbsas needed

• May berequiredto work outside normal business hours during security incidents