• Compliance Manager

    Job Location(s) US-AZ-Phoenix
    Requisition #
    Information Technology
    Work From Home (Virtual)
  • Overview

    Iron Mountain Data Centers (IMDC) business line provides highly secure, compliant and resilient data center colocation services to enterprise customers in regulated industries. As an emerging business opportunity for Iron Mountain, the strategy and business plan requires rapid growth and revenue expansion.  IMDC plans to leverage Iron Mountain’s strong brand and installed customer base to achieve this growth. Product differentiation is a key requirement to separate IMDC from other providers while pursuing enterprise prospects. IMDC is focused on high touch services.


    Iron Mountain is an equal opportunity employer, and does not unlawfully discriminate on the basis of race, color, religion, sex, national origin, marital status, age, sexual orientation, gender identity characteristics or expression, disability, medical condition, U.S. Military or veteran status or other legally protected classifications in making employment decisions.


    Reporting to the Compliance Director, the Compliance Manager is responsible for ensuring that Iron Mountain’s Data Center Colocation and Cloud-based market-facing service offerings conform to relevant internal and external compliance requirements.  This individual will support the development, implementation and oversight of the Information Security Management Systems for all services and facilities in scope, located in the US, Europe and Asia. The Compliance Manager will carry out internal and external audits, make recommendations for process improvements, track open risks discovered through the audit and incident management channels, and assist in the performance of periodic risk assessments.


    • Participate in the evaluation, development and maintenance of policies, procedures and training as they pertain to regulatory and customer compliance requirements.
    • Carry out internal audits across multiple operational areas, analyze potential information security and other operational risks, escalate findings, assign corrective-preventive actions to key stakeholders, and track progress through to closure.
    • Identify and evaluate Information Security and other operational risks and threats discovered through the incident management channel.
    • Serve as a member of all ISMS Committees and participate in periodic risk assessments. When acting as a lead function during assessments, will gather and provide metrics used in support of the assessment.
    • Manage customer and other third party audits, including the gathering of artifacts across multiple departments and scheduling internal and external prep meetings with subject matter experts. When acting as a lead function during audits, will track all post-audit follow-up deliverables through to completion.
    • Confer with business stakeholders to discuss issues and make recommendations pertaining to their compliance needs.





    • 5-7 years of experience
    • Very good knowledge of Information Security compliance standards and frameworks, including SOC 2 Type II, ISO 27001, HIPAA, FISMA, FedRAMP and PCI-DSS. Strong candidates will also possess knowledge in the following additional areas: ISO 50001, ISO 14001, ISO 9001, CJIS, ITAR and /or FFIEC.
    • Strong communication; written and verbal skills. There will be frequent interactions with internal and external stakeholders.
    • Familiarity with technical assessments and audit methodologies for technical systems (network, operating systems, application security) as well as IT auditing processes.
    • Strong Project Management skills.
    • Familiarity with cloud computing services/deployment architecture.
    • This highly collaborative role requires strong listening skills, as you will be actively involved in evaluating process gaps and the development of new processes.
    • Ability to work autonomously while managing both short and long term project goals.
    • Strong organizational skills and steadfast attention to detail to manage fast paced and demanding requests from internal and external stakeholders.
    • High resourcefulness and ability to team with other groups to influence the collection of information required to obtain compliance.
    • Willingness to travel. 50% travel is expected but will vary throughout the year based on business need.
    • CISSP preferred.


    A strong candidate will possess a background in Information Security and Technology, and specifically with ISO 27001. You’ll thrive in this role if you:

    • Enjoy staying on top of the latest security practices,
    • Have a passion for protecting customer data from threats,
    • Work well with both technical and non-technical business partners, and
    • Are a tenacious, hard worker with a good sense of humor!