Information Security Manager
WorkSpan
The next era of growth is being driven by business interoperability. Cloud, genAI, solutions combining services and software- more and more, companies outpace their competition not just through building superior products, but by creating stronger partnerships, paths to market, and better business models for winning together. Cloud providers, service providers, tech partners and resellers are teaming up to win more deals together through co-selling.
WorkSpan is building the world’s largest, trusted co-selling network.
WorkSpan already has seven of the world’s ten largest partner ecosystems on our platform and $50B of customer pipeline under active management. AWS, Google, Microsoft, MongoDB, PagerDuty, Databricks and dozens of others trust WorkSpan to accelerate and amplify their ecosystem strategies.
With a $30M series C and backing from world class investors Insight Partners, Mayfield, and M12, WorkSpan is poised to drive the future of B2B. Come be a part of it.
We are seeking an experienced Information Security Manager to serve as our information security leader, advancing WorkSpan's mature security program and building upon our 5+ year track record of successful SOC 2 compliance. Reporting directly to the CISO, you will have comprehensive ownership of our security operations while serving as the subject matter expert for GDPR, ISO 27001, and SOC 2 compliance frameworks.
This role requires close collaboration with IT, Site Reliability Engineering, Product, and business stakeholders to translate regulatory requirements into actionable security practices and organizational standards. You will operate as a hands-on security practitioner while providing strategic guidance across the entire security landscape.
Key Responsibilities
Compliance & Risk Management
Optimize and enhance existing SOC 2 Type II and ISO 27001 controls across the organization
Conduct comprehensive security risk assessments, identify control gaps, and drive remediation to completion
Evolve and maintain Information Security Management System (ISMS) policies and procedures
Execute and refine established internal audit processes for various security domains
Oversee annual SOC 2 Type II audits, leveraging our many years compliance history, and coordinate third-party penetration testing engagements
Stakeholder Engagement
Respond to customer security assessment questionnaires and RFPs with technical accuracy
Conduct vendor security assessments and manage third-party risk evaluation processes
Lead cross-functional security projects requiring coordination among multiple stakeholders
Facilitate security awareness training programs for new hires and annual compliance education
Operations & Documentation
Participate in periodic security testing activities including penetration tests and disaster recovery exercises
Lead security incident response activities and remediation efforts as the primary security point of contact
Maintain comprehensive documentation of organizational security procedures and controls
Ensure audit documentation remains current and compliant with regulatory requirements
Monitor security tools and systems, analyzing alerts and implementing improvements
Stay current with emerging threats and security technologies to continuously enhance our security posture
Education & Experience
Bachelor's or Master's degree in Cybersecurity, Information Technology, Computer Science, Systems Engineering, or related discipline
6+ years of hands-on experience implementing and managing regulatory compliance frameworks (GDPR, ISO 27001, SOC 2, NIST, COBIT)
Proven track record conducting internal audits and managing external security audit processes
Demonstrated ability to work independently and manage multiple priorities in a fast-paced environment
Strong hands-on experience with security tools, technologies, and platforms
Technical Expertise
-
Deep understanding of information security terminology, concepts, and IT controls across:
Risk assessment methodologies and frameworks
Identity and access management (IAM) systems
Cloud/SaaS security architectures
Application security and secure development practices
Data loss prevention and classification
Network security and systems operations
Incident response and management processes
Experience leveraging AI tools for information security operations, vendor assessments, and questionnaire automation
Leadership & Communication
Demonstrated ability to establish trust and credibility with technical teams, executives, and external stakeholders
Excellent written and verbal communication skills with ability to translate complex technical concepts for diverse audiences
Strong project management capabilities with experience leading complex, multi-stakeholder security initiatives
Independent decision-making skills with ability to operate autonomously while maintaining organizational alignment
Self-motivated with strong organizational and time management capabilities
Ability to be the "go-to" security expert across all domains while building scalable processes for future growth
What We Offer
The opportunity to be the security leader at a growing SaaS and AI company, building upon our established SOC 2 compliance track record while working with cutting-edge technologies. You'll have significant autonomy and direct influence in evolving WorkSpan's entire security posture and compliance strategy as we scale to the next level. This role offers exceptional visibility and growth potential as you help build the foundation for expanding the securi
Submit Your Application
- You have errors in applying