Job DescriptionJob Description

Prime Data Centers develops, acquires, and operates data centers for some of the world's largest enterprises. A private firm owned by a group controlling $6 billion in assets, with a 15-year tenure in technology and real estate development, Prime provides customers with ownership options and dynamic leasing models, defining a true corporate partnership. www.primedatacenters.com

Reports To: Director IT and Cybersecurity
Location: Remote/Hybrid
Travel: 10-15%

The Internal Compliance Manager is responsible for managing and ensuring the data center’s adherence to regulatory standards and compliance frameworks, including ISO 27001, PCI/DSS, HIPAA, and SOC 2 Type 2. This role will involve designing, implementing, and maintaining compliance programs, conducting internal audits, and collaborating with cross-functional teams to uphold the security and regulatory integrity of the company’s data storage and processing services. The Internal Compliance Manager will ensure that the company consistently meets industry standards and regulatory obligations, with a special focus on data protection, security, and privacy.

Key Responsibilities:

Compliance Program Management:

Develop, implement, and oversee a robust compliance program tailored to the needs of a data center company.
Ensure that compliance policies and procedures align with ISO 27001, PCI/DSS, HIPAA, and SOC 2 Type 2 standards.
Monitor and continuously improve compliance processes to meet evolving regulatory and industry standards.

Audit and Risk Management:

Plan and conduct internal audits and gap assessments to verify adherence to ISO 27001, PCI/DSS, HIPAA, and SOC 2 Type 2 requirements.
Collaborate with internal teams to assess data protection and security risks; design and implement mitigation strategies.

Lead external audits and certification processes, ensuring the company maintains compliance with relevant standards.

Data Protection and Privacy:

Implement and maintain privacy and security programs to protect sensitive information in line with HIPAA, PCI/DSS, and data protection regulations.

Act as the point of contact for data breach response and incident management, ensuring timely and appropriate handling of incidents.

Training and Awareness:

Develop and conduct training programs to educate staff on compliance and security-related topics, with a focus on ISO 27001, PCI/DSS, HIPAA, and SOC 2 Type 2.
Ensure ongoing awareness of compliance responsibilities across the organization, including employees and third-party vendors.

Policy and Procedure Management:

Create and maintain comprehensive policies and procedures that reflect compliance with ISO 27001, PCI/DSS, HIPAA, and SOC 2 Type 2.
Regularly review and update policies to reflect changes in legal and regulatory environments, ensuring timely communication and implementation.

Vendor and Third-Party Compliance:

Oversee vendor management programs to ensure that third-party services meet compliance requirements.
Conduct due diligence and risk assessments of vendors handling sensitive data or involved in data processing operations.

Regulatory Liaison and Reporting:

Serve as the liaison with regulatory bodies, external auditors, and certification agencies for ISO 27001, PCI/DSS, HIPAA, and SOC 2 Type 2 compliance.
Prepare and submit regular compliance reports to senior leadership and regulatory authorities.
Maintain comprehensive documentation of compliance activities and audit findings.

Incident Management and Investigations:

Investigate and respond to compliance violations or data security incidents.
Coordinate with internal teams and external regulators to resolve incidents and implement corrective actions.

Lead post-incident reviews and ensure lessons learned are incorporated into future compliance measures.

Qualifications:

Education:

Bachelor’s degree in Information Security, Law, Business Administration, or a related field (Master’s degree ).
Certifications in compliance and security frameworks, such as CISM, CISA, CISSP, or CIPM, are highly desirable.

Experience:

Minimum of 5 years of experience in compliance management, auditing, or a related field within the technology or data center industry.
Proven experience in managing compliance with ISO 27001, PCI/DSS, HIPAA, and SOC 2 Type 2 standards is required.

Experience in leading audits and certification processes in a highly regulated environment.

Skills:

Strong understanding of data security and privacy regulations, including HIPAA and PCI/DSS.

Excellent project management and organizational skills.

Strong analytical and problem-solving skills.

Ability to communicate effectively with technical and non-technical teams.

Familiarity with data center operations, cloud environments, and security best practices.

Personal Attributes:

Ethical and integrity-driven with a strong focus on maintaining compliance and security.

Attention to detail and ability to manage multiple projects simultaneously.

Strong leadership and decision-making skills.

Proactive, adaptable, and capable of thriving in a fast-paced environment.

Working Conditions:

Full-time position, typically Monday through Friday.

May require occasional travel for audits or certifications.

Primarily office-based with potential for remote work flexibility.

Benefits:

Competitive salary and performance bonus program
401k fully vested upon enrollment, up to a 4% employer match
100% employee premiums paid by employer for medical, dental, vision, life insurance, and
Paid Time Off + Sick time

Applications will be accepted on an ongoing basis.

Prime is an Equal Opportunity Employer. All applicants are considered for employment without attention to race, , , religion, (including , childbirth or related medical conditions), , gender or expression, genetic information, ancestry, origin, citizenship, protected veteran or military status, status, or any other classification protected by federal, state, or local laws and ordinances.

2Gg8xvxFFN

Internal Compliance Manager

Internal Compliance Manager

Share this job now

Similar jobs