Security and Compliance Lead
Overview:
We’re on the hunt for a hands-on, sharp-thinking Security & Compliance Lead to level up the physical and operational security of our data center. If you thrive in fast-moving environments, love solving complex problems, and know how to turn policy into action you’ll fit right in.
In this role, you’ll be the go-to expert on everything from physical access controls and compliance standards to threat detection and incident response. You’ll work closely with IT, facilities, and leadership teams to build smart strategies, lead investigations, and keep our data center rock-solid.
Think of yourself as part detective, part strategist, part guard dog; helping us stay ahead of threats with layered defenses, real-time monitoring, and a strong culture of security awareness. Whether you’re jumping into a live incident or preparing for the next big audit, you’ll have the autonomy to make smart calls and the trust to follow through.
Wage:
$110k-$120k DOE
Benefits:
• 100% employer-paid medical, dental and vision for employees
• Annual review with raise option
• 22 days Paid Time Off accrued annually, and 4 holidays
• After 3 years, PTO increases to 29 days. Employees transition to flexible time off after 5 years with the company—not accrued, not capped, take time off when you want
• The 4 holidays are: New Year’s Day, Fourth of July, Thanksgiving, and Christmas Day
• Paid Parental Leave
• Up to 6% company matching 401(k) with no vesting period
• Quarterly allowance
• Use to make your remote work set up more comfortable, for continuing education classes, a plant for your desk, coffee for your coworker, a massage for yourself... really, whatever
• Open concept office with friendly coworkers
• Creative environment where you can make a difference
• No dumb benefits like free dog walking on the weekends that snobby hipster places have to make you feel cool, but mathematically won't cost the company much money because you won't use it Trail Mix Bar
• - oh yeah
Responsibilities:
• Develop and maintain security policies, standards, and baseline configurations for the data center.
• Enhance layered physical security systems, including CCTV, badge readers, biometrics, and intrusion alarms.
• Manage 24/7 access controls, including visitor management, staff clearances, badge systems, and vendor accreditation.
• Lead risk assessments (e.g., FMEA, threat modeling), identify vulnerabilities, and recommend remediation.
• Ensure compliance with standards like SOC 2, ISO 27001, and PCI DSS; coordinate audits and maintain audit-ready documentation.
• Serve as Incident Commander or key responder for physical breaches, alarms, or policy violations; lead investigations and reporting.
• Maintain and improve incident response playbooks; train staff on protocols and best practices.
• Deploy and manage security monitoring tools (e.g., SIEM, physical access logs) and define KPIs for access attempts and compliance health.
• Deliver regular security reports to leadership and key stakeholders.
• Run training and awareness programs for staff and contractors on physical security and compliance.
• Oversee vendor and third-party compliance through assessments, audits, and contractual reviews.
• Continuously improve security posture by applying industry best practices and staying current on emerging threats and technologies.
Requirements:
• Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or equivalent experience in security and compliance.
• 5+ years in security, compliance, or audit roles within IT infrastructure or data centers.
• Demonstrable experience managing SOC 2, ISO 27001, PCI DSS, HIPAA, or GDPR compliance.
• Hands‑on familiarity with physical security systems like CCTV, badge control, biometric access, and alarms.
• Deep knowledge of SIEM systems, incident response frameworks, and risk assessment methodologies.
• Comfortable with networking/physical infrastructure concepts: VLANs, firewalls, environmental sensors, racks.
• A great human
• Strong leadership and interpersonal skills
• A person who gets things done themselves with or without a team
Security and Compliance Lead
Des Moines, IA
Why you might like this job:
You’re the kind of person who thrives when protecting critical infrastructure and solving complex security puzzles. You don’t shy away from rolling up your sleeves and diving into both strategy and hands-on work. You get a kick out of working with diverse teams each bringing a different piece of the security puzzle. If you love staying one step ahead of threats, turning compliance requirements into practical wins, and leading the charge when incidents happen, then this role is calling your name.
We’re on the hunt for a hands-on, sharp-thinking Security & Compliance Lead to level up the physical and operational security of our data center. If you thrive in fast-moving environments, love solving complex problems, and know how to turn policy into action you’ll fit right in.
In this role, you’ll be the go-to expert on everything from physical access controls and compliance standards to threat detection and incident response. You’ll work closely with IT, facilities, and leadership teams to build smart strategies, lead investigations, and keep our data center rock-solid.
Think of yourself as part detective, part strategist, part guard dog; helping us stay ahead of threats with layered defenses, real-time monitoring, and a strong culture of security awareness. Whether you’re jumping into a live incident or preparing for the next big audit, you’ll have the autonomy to make smart calls and the trust to follow through.
Wage:
$110k-$120k DOE
Benefits:
• 100% employer-paid medical, dental and vision for employees
• Annual review with raise option
• 22 days Paid Time Off accrued annually, and 4 holidays
• After 3 years, PTO increases to 29 days. Employees transition to flexible time off after 5 years with the company—not accrued, not capped, take time off when you want
• The 4 holidays are: New Year’s Day, Fourth of July, Thanksgiving, and Christmas Day
• Paid Parental Leave
• Up to 6% company matching 401(k) with no vesting period
• Quarterly allowance
• Use to make your remote work set up more comfortable, for continuing education classes, a plant for your desk, coffee for your coworker, a massage for yourself... really, whatever
• Open concept office with friendly coworkers
• Creative environment where you can make a difference
• No dumb benefits like free dog walking on the weekends that snobby hipster places have to make you feel cool, but mathematically won't cost the company much money because you won't use it Trail Mix Bar
• - oh yeah
Responsibilities:
• Develop and maintain security policies, standards, and baseline configurations for the data center.
• Enhance layered physical security systems, including CCTV, badge readers, biometrics, and intrusion alarms.
• Manage 24/7 access controls, including visitor management, staff clearances, badge systems, and vendor accreditation.
• Lead risk assessments (e.g., FMEA, threat modeling), identify vulnerabilities, and recommend remediation.
• Ensure compliance with standards like SOC 2, ISO 27001, and PCI DSS; coordinate audits and maintain audit-ready documentation.
• Serve as Incident Commander or key responder for physical breaches, alarms, or policy violations; lead investigations and reporting.
• Maintain and improve incident response playbooks; train staff on protocols and best practices.
• Deploy and manage security monitoring tools (e.g., SIEM, physical access logs) and define KPIs for access attempts and compliance health.
• Deliver regular security reports to leadership and key stakeholders.
• Run training and awareness programs for staff and contractors on physical security and compliance.
• Oversee vendor and third-party compliance through assessments, audits, and contractual reviews.
• Continuously improve security posture by applying industry best practices and staying current on emerging threats and technologies.
Requirements:
• Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or equivalent experience in security and compliance.
• 5+ years in security, compliance, or audit roles within IT infrastructure or data centers.
• Demonstrable experience managing SOC 2, ISO 27001, PCI DSS, HIPAA, or GDPR compliance.
• Hands‑on familiarity with physical security systems like CCTV, badge control, biometric access, and alarms.
• Deep knowledge of SIEM systems, incident response frameworks, and risk assessment methodologies.
• Comfortable with networking/physical infrastructure concepts: VLANs, firewalls, environmental sensors, racks.
• A great human
• Strong leadership and interpersonal skills
• A person who gets things done themselves with or without a team
Security and Compliance Lead
Des Moines, IA
Why you might like this job:
You’re the kind of person who thrives when protecting critical infrastructure and solving complex security puzzles. You don’t shy away from rolling up your sleeves and diving into both strategy and hands-on work. You get a kick out of working with diverse teams each bringing a different piece of the security puzzle. If you love staying one step ahead of threats, turning compliance requirements into practical wins, and leading the charge when incidents happen, then this role is calling your name.