Security & Compliance Specialist

The Security & Compliance Specialist is responsible for reducing security risk and incidents across Spinen and all client environments by defining, enforcing, and sustaining strong baseline security standards. 

This role focuses on closing remaining gaps in Spinen’s security posture (with CIS IG1 as the baseline standard), preventing drift over time, and driving real remediation in client environments. The Specialist operates as an opinionated senior individual contributor who works closely with Pods, clients, vendors, and internal teams to ensure security controls are implemented, automated where possible, and measurable. 

This is a hands-on, client facing role with authority to lead incident response, define standards, and drive remediation — without management responsibilities. 

Supervisory Duties 

• 
  

  None 

  
  

Core Responsibilities 

Security Standards & Baseline Enforcement 

• 
  

  Define, document, and evolve Spinen’s baseline security standards (CIS IG1 as the minimum for all clients) 

  
  

• 
  

  Ensure CIS IG1 is implemented and sustained across 100% of client environments, with no permanent exceptions 

  
  

• 
  

  Design and maintain layered security and compliance standards (e.g., SOC 2, CMMC) for Compliance and Service clients 

  
  

• 
  

  Conduct research and evaluation of security tools and approaches, selecting and standardizing solutions in close collaboration with Pod leadership 

  
  

• 
  

  Work with Pods to ensure standards are implemented consistently and efficiently across environments 

  
  

Client Environment Oversight & Remediation 

• 
  

  Proactively assess client environments to identify security gaps, risks, and drift from established standards 

  
  

• 
  

  Actively drive remediation plans with Pods and clients to close identified gaps 

  
  

• 
  

  Engage directly with clients as a peer advisor to explain security risks, required controls, and necessary changes 

  
  

• 
  

  Support Pods during client pushback by clearly articulating risk, necessity, and tradeoffs 

  
  

Incident Response Leadership 

• 
  

  Lead security incident response efforts during active compromises or material security events 

  
  

• 
  

  Coordinate Pods and internal teams during investigation, containment, and recovery 

  
  

• 
  

  Ensure incidents result in meaningful improvements to standards, controls, and processes 

  
  

• 
  

  Maintain accurate incident documentation and reporting for internal leadership and clients 

  
  

Measurement, Evidence & Reporting 

• 
  

  Define what “done” means for security controls: implemented, automated where possible, and measurable 

  
  

• 
  

  Share responsibility with Pods for evidence and measurement, while remaining accountable for unresolved gaps 

  
  

• 
  

  Continuously assess security posture and control effectiveness 

  
  

• 
  

  Provide formal quarterly reporting to leadership focused on:  

  
  

• 
  

  Risk reduction 

  
  

• 
  

  Gap closure 

  
  

• 
  

  Drift prevention 

  
  

• 
  

  Prioritization of security work 

  
  

Automation Partnership 

• 
  

  Act as the product owner and internal client for security and compliance automation 

  
  

• 
  

  Define automation requirements and success criteria 

  
  

• 
  

  Partner with Spinen’s automation team to ensure automation meaningfully reduces risk and operational effort 

  
  

Collaboration & Advisory 

• 
  

  Work closely with Pods, vendors, and internal teams to ensure secure and compliant solutions 

  
  

• 
  

  Communicate Spinen’s security standards, expectations, and best practices clearly and consistently 

  
  

• 
  

  Support Tier 2/3 escalations related to security specific issues 

  
  

Required Skills & Abilities 

• 
  

  Proven experience in IT security operations, incident response, or security program management 

  
  

• 
  

  Strong understanding of security frameworks and controls (CIS, SOC, CMMC, etc.) 

  
  

• 
  

  Experience working across multiple client environments (MSP or similar) 

  
  

• 
  

  Ability to translate technical risk into clear, practical guidance for clients and internal teams 

  
  

• 
  

  Comfortable delivering informed opinions, leading discussions, and driving decisions without direct authority 

  
  

• 
  

  Strong analytical, organizational, and communication skills 

  
  

• 
  

  Proficient in Microsoft Office 

  
  

Education & Experience 

• 
  

  Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or equivalent experience 

  
  

• 
  

  3+ years of experience in IT security or compliance within an MSP or multiclient environment (preferred) 

  
  

• 
  

  Industry certifications (CISSP, CISM, CEH, CompTIA Security+) are a plus 

  
  

Physical Requirements 

• 
  

  Prolonged periods of sitting and working on a computer 

  
  

• 
  

  Ability to lift up to 50 lbs as needed 

  
  

• 
  

  May be required to work outside normal business hours during security incidents