Job Description

About WorkSpan



The next era of growth is being driven by business interoperability. Cloud, genAI, solutions combining services and software- more and more, companies outpace their competition not just through building superior products, but by creating stronger partnerships, paths to market, and better business models for winning together. Cloud providers, service providers, tech partners and resellers are teaming up to win more deals together through co-selling.



WorkSpan is building the world's largest, trusted co-selling network.



WorkSpan already has seven of the world's ten largest partner ecosystems on our platform and $50B of customer pipeline under active management. AWS, Google, Microsoft, MongoDB, PagerDuty, Databricks and dozens of others trust WorkSpan to accelerate and amplify their ecosystem strategies.

With a $30M series C and backing from world class investors Insight Partners, Mayfield, and M12, WorkSpan is poised to drive the future of B2B. Come be a part of it.



We are seeking an experienced Information Security Manager to serve as our information security leader, advancing WorkSpan's mature security program and building upon our 5+ year track record of successful SOC 2 compliance. Reporting directly to the CISO, you will have comprehensive ownership of our security operations while serving as the subject matter expert for GDPR, ISO 27001, and SOC 2 compliance frameworks.



This role requires close collaboration with IT, Site Reliability Engineering, Product, and business stakeholders to translate regulatory requirements into actionable security practices and organizational standards. You will operate as a hands-on security practitioner while providing strategic guidance across the entire security landscape.



Key Responsibilities

Compliance & Risk Management



Optimize and enhance existing SOC 2 Type II and ISO 27001 controls across the organization



Conduct comprehensive security risk assessments, identify control gaps, and drive remediation to completion



Evolve and maintain Information Security Management System (ISMS) policies and procedures



Execute and refine established internal audit processes for various security domains



Oversee annual SOC 2 Type II audits, leveraging our many years compliance history, and coordinate third-party penetration testing engagements



Stakeholder Engagement



Respond to customer security assessment questionnaires and RFPs with technical accuracy



Conduct vendor security assessments and manage third-party risk evaluation processes



Lead cross-functional security projects requiring coordination among multiple stakeholders



Facilitate security awareness training programs for new hires and annual compliance education



Operations & Documentation



Participate in periodic security testing activities including penetration tests and disaster recovery exercises



Lead security incident response activities and remediation efforts as the primary security point of contact



Maintain comprehensive documentation of organizational security procedures and controls



Ensure audit documentation remains current and compliant with regulatory requirements



Monitor security tools and systems, analyzing alerts and implementing improvements



Stay current with emerging threats and security technologies to continuously enhance our security posture



Education & Experience



Bachelor's or Master's degree in Cybersecurity, Information Technology, Computer Science, Systems Engineering, or related discipline



6+ years of hands-on experience implementing and managing regulatory compliance frameworks (GDPR, ISO 27001, SOC 2, NIST, COBIT)



Proven track record conducting internal audits and managing external security audit processes



Demonstrated ability to work independently and manage multiple priorities in a fast-paced environment



Strong hands-on experience with security tools, technologies, and platforms



Technical Expertise



Deep understanding of information security terminology, concepts, and IT controls across:



Risk assessment methodologies and frameworks



Identity and access management (IAM) systems



Cloud/SaaS security architectures



Application security and secure development practices



Data loss prevention and classification



Network security and systems operations



Incident response and management processes



Experience leveraging AI tools for information security operations, vendor assessments, and questionnaire automation



Leadership & Communication



Demonstrated ability to establish trust and credibility with technical teams, executives, and external stakeholders



Excellent written and verbal communication skills with ability to translate complex technical concepts for diverse audiences



Strong project management capabilities with experience leading complex, multi-stakeholder security initiatives



Independent decision-making skills with ability to operate autonomously while maintaining organizational alignment



Self-motivated with strong organizational and time management capabilities



Ability to be the "go-to" security expert across all domains while building scalable processes for future growth



What We Offer



The opportunity to be the security leader at a growing SaaS and AI company, building upon our established SOC 2 compliance track record while working with cutting-edge technologies. You'll have significant autonomy and direct influence in evolving WorkSpan's entire security posture and compliance strategy as we scale to the next level. This role offers exceptional visibility and growth potential as you help build the foundation for expanding the securi