Senior Manager, Security Risk and Compliance

Learn what makes QTS a unique place to grow your career!

The Senior Manager, Security Risk & Compliance leads the QTS Security Risk & Compliance Team and reports to the QTS Vice President, Security Risk & Compliance. QTS has embraced a risk-based approach for security risk and compliance, and in this position, you will manage a team of risk and compliance professionals, working to build and maintain a security risk and compliance program through the QTS GRC program.

The Senior Manager, Security Risk & Compliance can be in any of these three QTS locations: Overland Park, Kansas; Suwanee, Georgia; or Ashburn, Virginia. This position will require up to 15% travel to QTS data center locations as required. The ideal candidate will have a broad base of experience in security risk and compliance, both as a contributor and leader.

RESPONSIBILITIES:

· Lead the QTS Security Risk & Compliance Team and manage the planning, execution, and health reporting of QTS’ Security Risk & Compliance programs (SOC 1, SOC 2, ISO 27001, ISO 22301, PCI DSS, FISMA, CMMC, and HITRUST) through:

· Compliance Program Monitoring – Monitor and report on the health of the QTS compliance programs, including compliance program control operating effectiveness.

· Compliance Implementations – Manage the implementation of new QTS compliance programs, or existing compliance programs for new sites.

· Compliance Audit Support – Support the QTS compliance program audits.

· Customer Compliance Support - Support of QTS customer compliance and information/physical security inquiries, questionnaires, and audits.

· Security Risk Program – Manage and monitor the QTS security risk program through the identification, assessment, and tracking of risk issues, and the QTS Security Risk Register.

· GRC Platform Management – Lead the team managing the QTS GRC platform technology, ensuring the platform supports the needs of the QTS GRC program, and adapting the platform to the needs of QTS businesses that use the GRC platform.

QUALIFICATIONS:

· Bachelor’s degree or equivalent professional experience.

· Ten or more years performing or supporting information technology audits, compliance, and/or risk assessments.

· Prior experience using and managing GRC platform technology.

· Prior people leadership experience, preferably five or more years of direct people management experience.

· Six or more years of experience and strong knowledge in at least three of the following compliance standards:

o HITRUST

o SOC1

o SOC2

o PCI DSS

o ISO 27001

o ISO 22301

o FISMA/NIST 800-53

o NIST CSF

o CMMC

PREFERRED QUALIFICATIONS:

· Holds or working towards one or more of the following certifications:

· CISSP

· GIAC Security Essentials (GSEC)

· Certified Information Systems Auditor (CISA)

· Certified in Risk and Information Systems Control (CRISC)

· GIAC Critical Controls Certification (GCCC)

KNOWLEDGE, SKILLS, AND ABILITIES:

In addition to QTS’ Core Values, the candidate should be skilled in the following areas:

· Management & Leadership – Lead, develop, grow, and work with a cohesive team through establishment of clear direction, identification of employee strengths and opportunities, and alignment of company goals with departmental and employee goals.

· Quality Team Decision Making - Develop engagement plans and approaches for success of department projects. Identify company control solutions and develop conclusions through analysis of multiple data sources and input of cross-functional team members.

· Consulting Style Communication Skills – Effective at recommending solutions across the organization at all levels for risk and compliance and challenges. Skilled at cross organizational communications and influence, sometimes working to influence in the absence of direct authority.

· Security Risk & Compliance – Strong knowledge of security risk and compliance programs from both the standards and practical implementations, as well as demonstrated success in effectively managing risk and compliance programs.

We conform to all the laws, statutes, and regulations concerning equal employment opportunities and affirmative action.  We strongly encourage women, minorities, individuals with disabilities and veterans to apply to all of our job openings.  We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, gender identity, or national origin, age, disability status, Genetic Information & Testing, Family & Medical Leave, protected veteran status, or any other characteristic protected by law.  We prohibit retaliation against individuals who bring forth any complaint, orally or in writing, to the employer or the government, or against any individuals who assist or participate in the investigation of any complaint or discrimination claim.

The "Know Your Rights" Poster is included here:

Know Your Rights (English)

Know Your Rights (Spanish)

The pay transparency policy is available here:

Pay Transparency Nondiscrimination Poster-Formatted

QTS is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation because of a disability for any part of the employment process, please send an e-mail to talentacquisition@qtsdatacenters.com and let us know the nature of your request and your contact information.