Contract Security Program Manager Jobs in Iowa (NOW HIRING)

YOU MUST BE LOCAL, AND ABLE TO WORK IN OUR OFFICE. NO WORK VISA CONSIDERATION. NO REMOTE CAPABILITY.
Dymin Systems is a leading Managed Service Provider (MSP) committed to delivering top-tier IT solutions to our clients and an exceptional workplace for our team. We're looking for a Security Analyst who is passionate about cybersecurity, thrives in a fast-paced multi-client environment, and takes pride in protecting businesses and the people who rely on them.

This is a unique opportunity to be the first dedicated security role within Dymin's Managed Services department - building and executing a security practice that directly supports both our MSP client base and our fractional vCISO service offering. You'll work closely with the CIO on strategic security deliverables and with the Director of Managed Services on day-to-day operations and priorities.

POSITION SUMMARY

The Security Analyst at Dymin Systems serves as the primary executor of security-focused managed services delivery and recurring vCISO program tasks. This role exists to take security operations and deliverable execution off the CIO's plate, enabling the CIO to focus on client relationships, strategy, and program oversight. The Security Analyst is the first dedicated security position within the Managed Services department, reporting directly to the Director of Managed Services, with close day-to-day coordination with the CIO on all vCISO-related work.

KEY RESPONSIBILITIES

MSP Security Operations

• Monitor, triage, and respond to security alerts across client environments using SIEM, EDR, and other security tooling in the Dymin stack
• Conduct vulnerability scans and assessments across managed client environments; track and coordinate remediation with internal and client teams.
• Manage and review security tooling configurations, policies, and alerts for assigned clients.
• Support incident response activities including investigation, containment, documentation, and client communication; escalate incidents exceeding scope to the Director of Managed Services.
• Perform regular log reviews, threat hunting, and anomaly analysis across client environments.
• Administer and maintain endpoint protection, email security, DNS filtering, and privileged access tools across the MSP client base.

vCISO Program Execution

• Prepare and execute recurring deliverables under the vCISO service offering, including risk assessments, security awareness content, policy reviews, compliance tracking, and security roadmap updates - materials are prepared by this role and presented to clients by the CIO.
• Prepare client-facing security reports, risk registers, and program documentation for CIO review and delivery.
• Support HIPAA, NIST CSF, and CIS Controls compliance activities on behalf of clients.
• Coordinate vendor risk assessments and track findings through remediation.
• Assist with tabletop exercise preparation and incident response plan development and maintenance.
• Maintain all security program artifacts, documentation, and deliverable logs across the vCISO client portfolio.

Internal Security Support

• Assist the CIO with internal Dymin security initiatives, tooling evaluations, and policy development.
• Support phishing simulations and internal security awareness program execution.
• Contribute to the development and maintenance of Dymin's internal security posture documentation.

Emergency Incident Response

Available for emergency response to critical security incidents outside normal business hours as needed. This is not a scheduled on-call role, but emergency response to genuine critical events is expected.

QUALIFICATIONS

Required

• 2-4 years of experience in a security-focused IT role, ideally within an MSP or multi-client environment.
• Working knowledge of security frameworks (NIST CSF, CIS Controls, HIPAA) and their practical application.
• Hands-on experience with EDR, email security, SIEM, and vulnerability management tools.
• Familiarity with Microsoft 365 security
• Strong written and verbal communication skills - ability to prepare polished, client-facing security reports and documentation for executive presentation.
• Ability to manage multiple client priorities simultaneously and work independently without daily supervision.
• Valid driver's license and proof of auto insurance.

Preferred

• Security certifications such as CompTIA Security+, CySA+, or equivalent.
• Experience supporting vCISO or fractional security programs.
• Experience with HaloPSA or similar PSA/ticketing platforms.
• Exposure to HIPAA, SOC 2, or FINRA compliance environments.
  

KEY RESPONSIBILITIES

• Alert response and triage SLA compliance
• vCISO deliverable on-time completion rate
• Vulnerability remediation rate within defined timelines
• Client security program documentation completeness and accuracy
• Internal security posture improvement milestones

Benefits

• Health and dental insurance
• Retirement savings plan with company match after 1 year
• Generous paid time off and holidays
• Opportunities for professional development and continued education