About Nexcess

Nexcess provides specialty cloud solutions for organizations where performance and compliance have to coexist. We serve businesses worldwide, from agencies scaling client sites to enterprises running mission-critical operations. We've built our reputation on deep technical expertise and genuine partnership with every client we work with. Behind every environment we manage is a team of people who take the craft seriously and keep showing up when it matters.

About the role

The IT Compliance Manager plays a critical role in supporting and maintaining Nexcess' compliance and governance programs. This position partners closely with Security, Infrastructure, Engineering, Operations, Legal, and Business stakeholders to ensure the organization remains prepared for audits, aligned with regulatory requirements, and capable of demonstrating compliance across multiple frameworks.

This role is ideal for someone who enjoys bringing structure to complex compliance requirements, coordinating across teams, managing audit activities, and helping drive a culture of security and accountability throughout the organization.

Success in this role requires strong organizational skills, attention to detail, effective communication, and the ability to balance multiple compliance initiatives simultaneously.

Location: Remote

Employment type: Permanent, Full-time

Pay Range: $110,000 - $120,000 Annual.

Individual compensation will be determined based on factors including experience, skills, qualifications, market conditions, and geographic location.

Compliance Program Management

• Maintain compliance documentation, evidence repositories, and audit-ready artifacts across applicable frameworks including SOC 2, ISO 27001, PCI-DSS, HIPAA, NIST CSF, and customer security requirements.
• Maintain compliance calendars, assessment schedules, and framework documentation.
• Monitor regulatory, contractual, and industry developments and communicate emerging compliance obligations to stakeholders.
• Track remediation plans, corrective actions, and control deficiencies through resolution.

Audit Coordination & Control Validation

• Coordinate internal and external audit activities, including evidence collection, auditor requests, and stakeholder engagement.
• Serve as a primary point of contact for audit coordination and compliance inquiries.
• Support control testing activities, risk assessments, and compliance reviews.
• Track audit findings and corrective actions through closure.
• Assist teams in preparing for recurring compliance assessments and certifications.

Governance & Policy Management

• Maintain information security policies, standards, procedures, and governance documentation.
• Coordinate periodic policy reviews and updates with business and technical stakeholders.
• Ensure governance documentation remains aligned with organizational requirements and compliance obligations.
• Support continuous improvement initiatives related to compliance and risk management processes.

Access Management & Security Oversight

• Coordinate periodic access reviews, user access certifications, and privileged access validation activities.
• Partner with IT and Identity Management teams to maintain evidence supporting access control compliance.
• Support documentation, validation, and improvement of identity and access management processes.

Vendor & Customer Compliance Support

• Coordinate responses to customer, prospect, and partner security questionnaires.
• Assist with third-party risk assessments and vendor security reviews.
• Escalate identified compliance or security concerns to appropriate stakeholders.
• Support customer-facing compliance and security assurance activities.

Reporting & Awareness

• Prepare compliance metrics, audit status reports, and remediation tracking for leadership review.
• Maintain dashboards and reporting tools related to compliance activities.
• Administer compliance and security awareness training programs and monitor completion rates.
• Support organizational compliance communications and awareness initiatives.

What you bring

Required Qualifications

• Bachelor's degree in Information Technology, Cybersecurity, Information Systems, Business, or equivalent experience.
• 4+ years of experience in IT compliance, information security, governance, risk management, or audit-related roles.
• Experience supporting compliance frameworks such as SOC 2, ISO 27001, PCI-DSS, HIPAA, NIST, or similar standards.
• Experience coordinating audits and maintaining compliance documentation and evidence repositories.
• Strong project management, organizational, and documentation skills.
• Ability to manage multiple priorities while maintaining exceptional attention to detail.
• Strong written and verbal communication skills with the ability to work across technical and non-technical teams.
• Experience working within cloud infrastructure, managed services, SaaS, web hosting, or data center environments.
• Familiarity with identity and access management concepts, access reviews, and security governance practices.

Preferred Qualifications

• Professional certifications such as CISA, CRISC, CISM, Security+, ISO 27001 Lead Implementer, or ISO 27001 Lead Auditor..

What We Offer

• Comprehensive benefits package
• Traditional and Roth 401(k) with company matching
• A collaborative, team-oriented culture
• Consistent and predictable work hours
• Engaging, varied work that keeps each day different
• Opportunities to contribute ideas and influence how work gets done

Disclaimer:

This job description is only a summary of the typical functions of the position. It is not intended to be an exhaustive or comprehensive list of all job responsibilities, tasks, or duties. Additional duties and tasks may be assigned as part of the job function. Nexcess reserves the right to modify, interpret, or apply this job description in a way that best supports the organizational needs. The job description in no way creates or implies an employment contract. The employment contract remains “at will”.

Equal Employment Opportunity Policy:

Nexcess is committed to offering equal employment opportunity without regard to age, color, disability, gender, gender identity, genetic information, marital status, military status, national origin, race, religion, sexual orientation, veteran status, or any other legally protected characteristic.