Manager, Information Security Compliance and Risk

Job Description

Manager, Security Risk & Compliance leads the QTS Security Risk & Compliance Team and reports to the QTS Director, Compliance & Integrated Risk. The role drives and improves the security risk and compliance programs across QTS via a risk‑based GRC program.

This role may be based in Overland Park, KS;
Suwanee, GA; or Ashburn, VA and requires up to 15% travel to QTS data center locations.

• Lead and manage the Security Risk & Compliance team, planning, executing, and reporting on overall program health.
• Provide executive‑level visibility into program maturity, risks, and control effectiveness.
• Support and oversee various compliance programs (SOC1 & SOC2, ISO 27001 & ISO 22301, PCI DSS, FISMA/NIST 800‑53, CMMC, HITRUST).
• Compliance Program Monitoring – Monitor, assess, and report on compliance posture and control operating effectiveness.
• Compliance Implementations – Lead new compliance program implementation and expand existing programs to new sites.
• Audit Support – Coordinate and support internal and external audits, including auditor management and evidence collection.
• Customer Compliance Support – Serve as escalation point for customer security and compliance inquiries, questionnaires, and audits.
• Manage enterprise security risk management program, including risk identification, assessment, tracking, and reporting.
• Lead GRC platform technology management, ensuring the platform supports QTS GRC program and adapts to business needs.

• Leadership & People Development – Ability to lead, mentor, and grow a high‑performing team.
• Quality Decision Making – Strong analytical skills to evaluate risks, assess control solutions, and synthesize input from cross‑functional stakeholders.
• Consultative Communication – Effectively influence and advise leadership and partners on security risk and compliance.
• Security Risk & Compliance Expertise – Deep understanding of standards and practical implementation in regulated environments.
• Bachelor’s degree or equivalent professional experience.
• 5–10 years of experience performing or supporting IT audits, compliance initiatives, and/or security risk assessments.
• Hands‑on experience implementing and managing GRC platform technology.
• 2–5 years of people leadership experience.
• 6+ years of experience with strong working knowledge in at least three of the following frameworks or standards: HITRUST, SOC1, SOC2, PCI DSS, ISO 27001, ISO 22301, FISMA/NIST 800‑53, NIST CSF, CMMC.

• Holding or actively pursuing GIAC Security Essentials (GSEC).
• Certified in Risk and Information Systems Control (CRISC).
• GIAC Critical Controls Certification (GCCC).

• Roth and Traditional 401(k) matching contributions with immediate vesting.
• Bonus or commission eligibility for all employees.
• 11 paid holidays annually (or holiday compensation when worked).
• Pet and legal insurance.
• Q‑Anniversary Service Award program.
• Parental leave for primary and secondary caregivers.
• Military benefits package.
• QTS Charitable Matching Gift Program.
• QTS Scholarship for employee dependents.

We conform to all the laws, statutes, and regulations concerning equal employment opportunities and affirmative action. We strongly encourage women, minorities, individuals with disabilities and veterans to apply to all of our job openings. We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, gender identity, or national origin, age, disability status, Genetic Information & Testing, Family & Medical Leave, protected veteran status, or any other characteristic protected by law.

We prohibit retaliation against individuals who bring forth any complaint, orally or in writing, to the employer or the government, or against any individuals who assist or participate in the investigation of any complaint or discrimination claim.