Security & Compliance Specialist
SPINEN (Specialized Information Environments, Inc) · Macon, GA · 1 mo ago
Information TechnologyFull-time
Core Responsibilities
- Define, document, and evolve Spinen’s baseline security standards (CIS IG1 as the minimum for all clients)
- Ensure CIS IG1 is implemented and sustained across 100% of client environments, with no permanent exceptions
- Design and maintain layered security and compliance standards (e.g., SOC 2, CMMC) for Compliance and Service clients
- Conduct research and evaluation of security tools and approaches, selecting and standardizing solutions in close collaboration with Pod leadership
- Work with Pods to ensure standards are implemented consistently and efficiently across environments
- Proactively assess client environments to identify security gaps, risks, and drift from established standards
- Actively drive remediation plans with Pods and clients to close identified gaps
- Engage directly with clients as a peer advisor to explain security risks, required controls, and necessary changes
- Support Pods during client pushback by clearly articulating risk, necessity, and tradeoffs
- Lead security incident response efforts during active compromises or material security events
- Carefully coordinate Pods and internal teams during investigation, containment, and recovery
- Ensure incidents result in meaningful improvements to standards, controls, and processes
- Maintain accurate incident documentation and reporting for internal leadership and clients
- Define what “done” means for security controls: implemented, automated where possible, and measurable
- Share responsibility with Pods for evidence and measurement, while remaining accountable for unresolved gaps
- Continuously assess security posture and control effectiveness
- Provide formal quarterly reporting to leadership focused on:
- Risk reduction
- Gap closure
- Drift prevention
- Prioritization of security work
- Act as the product owner and internal client for security and compliance automation
- Define automation requirements and success criteria
- Partner with Spinen’s automation team to ensure automation meaningfully reduces risk and operational effort
Collaboration & Advisory
- Work closely with Pods, vendors, and internal teams to ensure secure and compliant solutions
- Communicate Spinen’s security standards, expectations, and best practices clearly and consistently
- Support Tier 2/3 escalations related to security specific issues
Required Skills & Abilities
- Proven experience in IT security operations, incident response, or security program management
- Strong understanding of security frameworks and controls (CIS, SOC, CMMC, etc.)
- Experience working across multiple client environments (MSP or similar)
- Ability to translate technical risk into clear, practical guidance for clients and internal teams
- Comfortable delivering informed opinions, leading discussions, and driving decisions without direct authority
- Strong analytical, organizational, and communication skills
- Proficient in Microsoft Office
Education & Experience
- Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or equivalent experience
- 3+ years of experience in IT security or compliance within an MSP or multiclient environment (preferred)
- Industry certifications (CISSP, CISM, CEH, CompTIA Security+) are a plus