DC Security & Compliance Lead

Role Summary

We are seeking a DC Security & Compliance Lead to drive security architecture, compliance alignment, and control implementation for a new data center (primary/secondary). This role partners with facilities, network, computer, storage, backup/DR, and InfoSec/GRC teams to ensure the environment meets enterprise and regulatory requirements, is built with strong preventive/detective controls, and is supported with evidence-based documentation for audits.

Key Responsibilities

• Security Governance & Control Framework: Define the security control baseline for the new DC aligned to enterprise policy and applicable regulations; manage control mapping, exceptions, and risk acceptance.
• Physical Security Controls: Validate and oversee physical security requirements: badging/roles, escort policy, camera coverage, visitor logs, cage access procedures, media handling, and secure disposal processes.
• Network & Segmentation Security: Drive segmentation strategy (zones/VRFs), firewall placement and policy model, north-south/east-west controls, secure DCI/WAN connectivity, and micro-segmentation alignment.
• Identity & Privileged Access: Implement secure admin model, RBAC, MFA, PAM integration, break-glass procedures, and access reviews for platforms and devices.
• Logging, Monitoring & Detection: Ensure centralized logging and SIEM integration (firewalls, switches, hypervisors, storage, backup), time sync (NTP), alerting standards, and incident response readiness.
• Vulnerability & Hardening: Define baseline hardening (CIS-style principles), patching expectations, vulnerability scanning workflow, remediation tracking, and risk reporting.
• Data Protection & Encryption: Ensure encryption at rest/in transit where required, key management alignment, certificate lifecycle practices, and secure configuration standards.
• Backup/DR Security & Ransomware Resilience: Ensure backup immutability/air-gap options, least-privilege access to backup systems, recovery testing evidence, and ransomware recovery runbooks.
• Compliance & Audit Readiness: Build and maintain audit artifacts: SOPs, MOPs, change control evidence, access review records, DR test results, and control attestations.
• Third-Party & Vendor Risk: Support vendor due diligence (colo provider, carriers, MSPs), validate SOC reports/controls, and ensure contract/security requirements are met.
• Program Risk Leadership: Maintain RAID for security/compliance; run security checkpoints/gates for build milestones and production go-live signoff.

Required Qualifications

• 8 12+ years in infrastructure security, compliance, or GRC with direct experience supporting data center build / migration programs.
• Strong knowledge of security controls across: physical security, network security, identity/PAM, logging/SIEM, vulnerability management, and data protection.
• Experience producing audit-ready documentation and managing controls evidence in regulated environments.
• Ability to lead cross-functional teams and enforce governance without slowing delivery strong stakeholder management and communication.

Preferred

• Experience in banking/regulated environments (e.g., FFIEC-style controls), and exposure to frameworks like NIST, ISO 27001, SOC 2, CIS benchmarks (as applicable). Hands-on experience with common enterprise stacks: Palo Alto, Infoblox, VMware, backup platforms, and SIEM tooling (Splunk or equivalent).