Information Security Manager

Job Description

We are seeking an experienced Information Security Manager to serve as our information security leader, advancing WorkSpans mature security program and building upon our 5+ year track record of successful SOC 2 compliance. Reporting directly to the CISO, you will have comprehensive ownership of our security operations while serving as the subject matter expert for GDPR, ISO 27001, and SOC 2 compliance frameworks. This role requires close collaboration with IT, Site Reliability Engineering, Product, and business stakeholders to translate regulatory requirements into actionable security practices and organizational standards. You will operate as a hands-on security practitioner while providing strategic guidance across the entire security landscape. Key Responsibilities Compliance & Risk Management Optimize and enhance existing SOC 2 Type II and ISO 27001 controls across the organization Conduct comprehensive security risk assessments, identify control gaps, and drive remediation to completion Evolve and maintain Information Security Management System (ISMS) policies and procedures Execute and refine established internal audit processes for various security domains Oversee annual SOC 2 Type II audits, leveraging our many years compliance history, and coordinate third-party penetration testing engagements Stakeholder Engagement Respond to customer security assessment questionnaires and RFPs with technical accuracy Conduct vendor security assessments and manage third-party risk evaluation processes Lead cross-functional security projects requiring coordination among multiple stakeholders Facilitate security awareness training programs for new hires and annual compliance education Operations & Documentation Participate in periodic security testing activities including penetration tests and disaster recovery exercises Lead security incident response activities and remediation efforts as the primary security point of contact Maintain comprehensive documentation of organizational security procedures and controls Ensure audit documentation remains current and compliant with regulatory requirements Monitor security tools and systems, analyzing alerts and implementing improvements Stay current with emerging threats and security technologies to continuously enhance our security posture Education & Experience Bachelors or Masters degree in Cybersecurity, Information Technology, Computer Science, Systems Engineering, or related discipline 6+ years of hands-on experience implementing and managing regulatory compliance frameworks (GDPR, ISO 27001, SOC 2, NIST, COBIT) Proven track record conducting internal audits and managing external security audit processes Demonstrated ability to work independently and manage multiple priorities in a fast-paced environment Strong hands-on experience with security tools, technologies, and platforms Technical Expertise Deep understanding of information security terminology, concepts, and IT controls across: Risk assessment methodologies and frameworks Identity and access management (IAM) systems Cloud/SaaS security architectures Application security and secure development practices Data loss prevention and classification Network security and systems operations Incident response and management processes Experience leveraging AI tools for information security operations, vendor assessments, and questionnaire automation Leadership & Communication Demonstrated ability to establish trust and credibility with technical teams, executives, and external stakeholders Excellent written and verbal communication skills with ability to translate complex technical concepts for diverse audiences Strong project management capabilities with experience leading complex, multi-stakeholder security initiatives Independent decision-making skills with ability to operate autonomously while maintaining organizational alignment Self-motivated with strong organizational and time management capabilities Ability to be the "go-to" security expert across all domains while building scalable processes for future growth