Information Security Manager

Job Description

About WorkSpan The next era of growth is being driven by business interoperability. Cloud, genAI, solutions combining services and software- more and more, companies outpace their competition not just through building superior products, but by creating stronger partnerships, paths to market, and better business models for winning together. Cloud providers, service providers, tech partners and resellers are teaming up to win more deals together through co-selling. WorkSpan is building the world’s largest, trusted co-selling network. WorkSpan already has seven of the world’s ten largest partner ecosystems on our platform and $50B of customer pipeline under active management. AWS, Google, Microsoft, MongoDB, PagerDuty, Databricks and dozens of others trust WorkSpan to accelerate and amplify their ecosystem strategies. With a $30M series C and backing from world class investors Insight Partners, Mayfield, and M12, WorkSpan is poised to drive the future of B2B. Come be a part of it. We are seeking an experienced Information Security Manager to serve as our information security leader, advancing WorkSpan's mature security program and building upon our 5+ year track record of successful SOC 2 compliance. Reporting directly to the CISO, you will have comprehensive ownership of our security operations while serving as the subject matter expert for GDPR, ISO 27001, and SOC 2 compliance frameworks. This role requires close collaboration with IT, Site Reliability Engineering, Product, and business stakeholders to translate regulatory requirements into actionable security practices and organizational standards. You will operate as a hands-on security practitioner while providing strategic guidance across the entire security landscape. Key Responsibilities Compliance & Risk Management Optimize and enhance existing SOC 2 Type II and ISO 27001 controls across the organization Conduct comprehensive security risk assessments, identify control gaps, and drive remediation to completion Evolve and maintain Information Security Management System (ISMS) policies and procedures Execute and refine established internal audit processes for various security domains Oversee annual SOC 2 Type II audits, leveraging our many years compliance history, and coordinate third-party penetration testing engagements Stakeholder Engagement Respond to customer security assessment questionnaires and RFPs with technical accuracy Conduct vendor security assessments and manage third-party risk evaluation processes Lead cross-functional security projects requiring coordination among multiple stakeholders Facilitate security awareness training programs for new hires and annual compliance education Operations & Documentation Participate in periodic security testing activities including penetration tests and disaster recovery exercises Lead security incident response activities and remediation efforts as the primary security point of contact Maintain comprehensive documentation of organizational security procedures and controls Ensure audit documentation remains current and compliant with regulatory requirements Monitor security tools and systems, analyzing alerts and implementing improvements Stay current with emerging threats and security technologies to continuously enhance our security posture Education & Experience Bachelor's or Master's degree in Cybersecurity, Information Technology, Computer Science, Systems Engineering, or related discipline 6+ years of hands-on experience implementing and managing regulatory compliance frameworks (GDPR, ISO 27001, SOC 2, NIST, COBIT) Proven track record conducting internal audits and managing external security audit processes Demonstrated ability to work independently and manage multiple priorities in a fast-paced environment Strong hands-on experience with security tools, technologies, and platforms Technical Expertise Deep understanding of information security terminology, concepts, and IT controls across: Risk assessment methodologies and frameworks Identity and access management (IAM) systems Cloud/SaaS security architectures Application security and secure development practices Data loss prevention and classification Network security and systems operations Incident response and management processes Experience leveraging AI tools for information security operations, vendor assessments, and questionnaire automation Leadership & Communication Demonstrated ability to establish trust and credibility with technical teams, executives, and external stakeholders Excellent written and verbal communication skills with ability to translate complex technical concepts for diverse audiences Strong project management capabilities with experience leading complex, multi-stakeholder security initiatives Independent decision-making skills with ability to operate autonomously while maintaining organizational alignment Self-motivated with strong organizational and time management capabilities Ability to be the "go-to" security expert across all domains while building scalable processes for future growth What We Offer The opportunity to be the security leader at a growing SaaS and AI company, building upon our established SOC 2 compliance track record while working with cutting-edge technologies. You'll have significant autonomy and direct influence in evolving WorkSpan's entire security posture and compliance strategy as we scale to the next level. This role offers exceptional visibility and growth potential as you help build the foundation for expanding the securi