Director of Security, Compliance & Risk

Hansen Gress is a fast-growing, Alaska-based Managed Services Provider with deep roots in Juneau and active expansion into Anchorage. We’re 23 people today, scaling quickly, and investing in the leadership capacity needed to grow sustainably and serve our clients with consistency and excellence.    

We are not a corporate machine — and we don’t want to be. We run lean, trust our team, and believe in leadership that works with the team, not above it. We are relationship-first, execution-focused, and allergic to bureaucracy.   

What We’re Looking For   

As we continue to grow, we’re looking for a Director of Security, Compliance & Risk. This role is equivalent to a security executive in scope, but with the builder's mentality of a startup.

We are looking for a security leader who thrives on building programs from the ground up — someone who will take ownership of both our internal security posture and create a client-facing vCISO service that becomes a cornerstone of our growth strategy.

This person is not just managing existing security programs — they are creating them. You'll build the frameworks, write policies, handle incidents, and develop the services that our clients will pay premium rates for. 

What You'll Actually Do   

Build Internal Security Excellence:   

• Own Hansen Gress's internal security posture: NIST alignment, HIPAA compliance, risk management   

• Implement principle of least privilege, JIT access, and other enterprise-grade security controls   

• Manage all security incidents and breaches, keeping ownership out of escalations.   

• Design and enforce security policies that protect both HG and client data   

• Lead internal security audits, tabletop exercises, and compliance assessments   

Create Client-Facing vCISO Services:   

• Design and launch our vCISO service offering from scratch   

• Package security advisory services that integrate with our MSP contracts   

• Develop BCDR planning, risk assessments, and compliance readiness programs   

• Build frameworks for NIST CSF, CMMC, HIPAA, and other compliance standards   

• Create client security dashboards, reports, and executive briefings   

Lead Security Operations:   

• Engineer our client security stack for maximum effectiveness and margins   

• Be the subject matter expert when clients face BEC, ransomware, or other threats   

• Coordinate incident response across client environments   

• Train and develop our technical team on security best practices   

• Manage vendor relationships for security tools and services   

Who You Are  

• You've built or led security programs at an MSP or similar IT services company  

• You know how to translate technical risk into business language that executives understand  

• You're hands-on. If a client gets hit with BEC, you're reviewing logs with the first responder, coordinating the response, and writing the post-incident report yourself  

• You get energized by building something from nothing — policies, procedures, service offerings  

• You're sales-minded: you see security not just as cost center, but as revenue opportunity  

• You can coach and develop technical staff on security concepts and tools  

• You understand MSP economics: margins, recurring revenue, and client retention  

• You put people first: clients and team members naturally listen and trust you with your expertise and judgment  

Why This Role Is Special   

• You're not inheriting someone else's security program — you're building it from day one  

• Direct impact on company valuation through both risk reduction and revenue generation  

• You'll be respected as a peer-level leader, not a subordinate  

• Opportunity to shape security culture at a fast-growing, high-integrity company  

• Your security program becomes a competitive differentiator in Alaska's MSP market  

• Clear path from cost center to profit center as vCISO services scale  

What We're Not Looking For  

• Corporate security managers who need big teams and budgets to be effective  

• Compliance checklist mentality without business acumen  

• Security-as-obstacle rather than security-as-enabler philosophy  

• Anyone who can't explain risk in terms that business owners understand  

What You’ll Need   

• Ability to pass a basic background check for airport security badging   

• Valid driver’s license (or willingness to get one) and the ability to drive. Driver policies apply. Please note: we do not expect you to have a car.  

Where You’ll Work    

• Must be based in Anchorage or Juneau. Relocation assistance is available.  

• This role requires regular face-to-face collaboration with both locations  

• Remote work flexibility within Alaska  

• This is NOT a fully remote position  

What’s In It For You   

• Full-time role   

• Salary: $135,000-$165,000 a year, based on experience and market positioning  

• Performance bonus based on vCISO revenue generation and security program milestones  

• Health insurance (with vision coverage)   

• Retirement plans   

• Mobile device plans reimbursement   

• Flexible scheduling policy 

• Work in Juneau, where meaningful work meets stunning nature with mountains, trails, and ocean right outside your door. 

Why You’ll Want to Work with Us  

Employee satisfaction and growth is important to us! We are committed to helping employees dedicate part of their paid time to personal growth through courses and certifications relevant to their specific interests, research and development, and team-building opportunities. See what else our current employees have to say.   

Hansen Gress is committed to equal treatment and opportunities for all employees and job applicants. We are dedicated to building an inclusive and diverse company and have no tolerance for discrimination or harassment. We strive to provide meaningful opportunities for all, particularly those who have been traditionally marginalized in tech fields.