Manager, Information Security Compliance and Risk

The Manager Security Risk & Compliance leads the QTS Security Risk & Compliance Team and reports to the QTS Director Compliance & Integrated Risk. QTS has adopted a risk-based approach to security risk and compliance and this role is responsible for building operating and continuously improving QTSs security risk and compliance programs through the enterprise GRC program.

This role may be based in Overland Park KS; Suwanee GA; or Ashburn VA and requires up to 15% travel to QTS data center locations. The ideal candidate brings deep hands-on experience in security risk and compliance along with demonstrated people leadership.

RESPONSIBILITIES

Lead and manage the QTS Security Risk & Compliance team including planning execution and reporting on the overall health of QTS security risk and compliance programs.

Provide executive-level visibility into program maturity risks and control effectiveness.

Support and oversee QTS compliance programs including but not limited to SOC1 & SOC2 ISO 27001 & ISO 22301 PCI DSS FISMA / NIST 800-53 CMMC and HITRUST.

Key Activities include:

Compliance Program Monitoring Monitor assess and report on compliance posture and control operating effectiveness.

Compliance Implementations Lead implementation of new compliance programs and expansion of existing programs to new sites.

Audit Support Coordinate and support internal and external audits including auditor management and evidence collection.

Customer Compliance Support Serve as an escalation point for customer security and compliance inquiries questionnaires and audits.

Security Risk Program Manage the enterprise security risk management program including identification assessment tracking and reporting of risks. Ensure alignment with enterprise risk management activities.

GRC Platform Management Lead the team managing the QTS GRC platform technology ensuring the platform supports the needs of the QTS GRC program and adapting the platform to the needs of QTS businesses that use the GRC platform.

KNOWLEDGE SKILLS AND ABILITIES

In addition to QTS Core Values the successful candidate will demonstrate:

Leadership & People Development Ability to lead mentor and grow a high-performing team through clear direction accountability and alignment with business goals.

Quality Decision Making Strong analytical skills to evaluate risks assess control solutions and synthesize diverse inputs from cross-functional stakeholders.

Consultative Communication Effective at influencing and advising leadership and cross-functional partners on security risk and compliance often without direct authority.

Security Risk & Compliance Expertise Deep understanding of security risk and compliance standards and practical implementation within complex regulated environment

Bachelors degree or equivalent professional experience.

5-10 years of experience performing or supporting IT audits compliance initiatives and/or security risk assessments.

Hands-on experience implementing and managing GRC platform technology.

2-5 years of people leadership experience.

6 years of experience with strong working knowledge in at least three of the following frameworks or standards:

o HITRUST

o SOC1

o SOC2

o PCI DSS

o ISO 27001

o ISO 22301

o FISMA/NIST 800-53

o NIST CSF

o CMMC

PREFERRED QUALIFICATIONS

Holds or is actively pursuing one or more of the following certifications:

CISSP

GIAC Security Essentials (GSEC)

Certified Information Systems Auditor (CISA)

Certified in Risk and Information Systems Control (CRISC)

GIAC Critical Controls Certification (GCCC)

We conform to all the laws statutes and regulations concerning equal employment opportunities and affirmative action. We strongly encourage women minorities individuals with disabilities and veterans to apply to all of our job openings. We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race color religion gender sexual orientation gender identity or national origin age disability status Genetic Information & Testing Family & Medical Leave protected veteran status or any other characteristic protected by law. We prohibit retaliation against individuals who bring forth any complaint orally or in writing to the employer or the government or against any individuals who assist or participate in the investigation of any complaint or discrimination claim.

The Know Your Rights Poster is included here:

Know Your Rights (English)

Know Your Rights (Spanish)

The pay transparency policy is available here:

Pay Transparency Nondiscrimination Poster-Formatted

QTS is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation because of a disability for any part of the employment process please send an e-mail to and let us know the nature of your request and your contact information.