IT Security and Compliance Manager

IT Security and Compliance Manager

Location: NYC, Dallas, Charlotte, or Chicago (Hybrid – 3 days/week in office)

Reports to: Chief Technology Officer

Employment Type: Full Time / Permanent

Salary: 125 - 145k

About Phaidon International

Established in London in 2004, Phaidon International was founded with the ambition to deliver talent solutions backed by deep industry expertise. Since then, we have consistently ranked among the fastest-growing recruitment firms globally and are currently the 10th largest direct-hire agency in the world.

We partner with a wide range of businesses - from Fortune 500 companies to venture-backed start-ups - to deliver the right talent for mission-critical roles. Operating through global hubs, our consultants offer localised knowledge combined with international reach, helping clients navigate regional complexities and achieve both immediate and long-term hiring goals.

About the Role

We are looking for a senior leader to take full ownership of the organisation’s security, compliance, and operational control environment, with explicit authority to define, enforce, and evidence policy execution across the enterprise.

This role owns the company’s SOC 2 certification end-to-end, including policy definition, enforcement, audit execution, artifact management, vendor compliance, and oversight of external security managed service providers (MSSPs/MSPs). The Global Service Desk sits deliberately within this remit, acting as the primary operational control plane through which access management, incident handling, policy enforcement, and audit evidence are executed.

Reporting to the CTO, this is a senior leadership and governance role, not a hands-on engineering position. You will manage two senior regional Service Desk leaders and govern multiple external providers, requiring strong authority, commercial judgement, and influence across IT, HR, Legal, Finance, and the broader business.

Key Responsibilities

Security, Compliance & Risk

• Own and operate the organisation’s SOC 2 program end-to-end, including policy ownership, audit execution, control effectiveness, and continuous readiness.
• Define, maintain, and enforce security, IT, and service-related policies, ensuring alignment with regulatory and business needs.
• Govern security managed service providers (MSSPs/MSPs) and third-party vendors, ensuring compliance, effective delivery, and remediation of risks.
• Partner with HR and Legal to ensure global workforce, access, and data protection controls comply with local regulations.

Global Service Desk Ownership (Operational Control Plane)

• Own the global Service Desk as the primary execution layer for security, compliance, and policy enforcement.
• Lead two senior regional Service Desk leaders, ensuring consistent standards across access management, incident handling, and audit execution.
• Act as the senior escalation point for security incidents, access issues, and material service disruptions.
• Ensure operational documentation and runbooks are consistently followed and auditready.

Service Delivery, Risk & Operations

• Own global service delivery performance and SLAs, ensuring service desk outcomes support security, compliance, and business continuity.
• Oversee change and release controls from an operational risk and governance perspective.
• Monitor incidents, audit findings, and service metrics, driving improvements that balance risk, service quality, and cost.

Stakeholder Leadership & Governance

• Act as a clear authority on security risk, compliance decisions, and operational tradeoffs, partnering closely with HR, Legal, Finance, IT, and the business.
• Resolve competing priorities while protecting the organisation’s risk posture.
• Serve as a trusted advisor to senior leadership on security posture and audit readiness.

Strategy, Commercial & Reporting

• Define and own the global security and service operations strategy, ensuring governance is enforced operationally.
• Set standards for service delivery, vendor performance, and control execution, backed by metrics and accountability.
• Own budgets related to service desk tooling, managed services, security providers, and audits.
• Produce clear, audit-ready documentation and concise, decision-focused reporting for senior leadership.

What We’re Looking For

Security, Compliance & Risk

• Direct ownership of SOC 2 (or equivalent) certifications, including audit execution and ongoing readiness.
• Proven ability to translate compliance requirements into operationally enforced controls.
• Experience governing security managed service providers (MSSPs/MSPs).

Service Desk & Operational Control

• Experience owning global service desk operations as a control function, not just end-user support.
• Proven track record in managing managers across regions.
• Demonstrated success using service operations to enforce security and compliance standards.

Vendor & Commercial Management

• Strong vendor governance and contract negotiation experience.
• Commercially astute, balancing risk, cost, and service quality.

Mindset & Leadership Style

• Authoritative, pragmatic, and comfortable enforcing standards.
• Calm, credible, and detail-oriented during audits and incidents.
• Excellent written and verbal communication skills.

Why Join Phaidon International

• Work on cutting-edge AI-driven automation projects impacting enterprise-scale workflows.
• Collaborate with a dynamic, cross-functional team in an agile environment.
• Help build a mature technology organization. Drive innovation with tight feedback loops, cohort-based experimentation, and continuous delivery.
• Work in a mature business where your work drives revenues, where you can see cause and effect directly from your work