Information Security Officer

Summary

Join WorkBoard as our Information Security Officer and take ownership of evolving our security posture across product, infrastructure, and organization. Lead compliance initiatives, manage customer and prospect inquiries, and ensure security practices are embedded across teams. This high-impact role intersects customer trust, product assurance, and operational excellence. You will be responsible for security and compliance operations, customer and sales support, governance and education, and engineering partnerships. WorkBoard offers a dynamic environment with opportunities to make a significant contribution to a growing company.

Requirements

• 7+ years of experience in information security, including 2+ years driving compliance and audit initiatives (SOC 2, ISO 27001, or similar)
• Deep understanding of cloud-native application security and SaaS architectures
• Experience managing security questionnaires and interfacing with enterprise security teams
• Strong knowledge of risk management, vulnerability management, access control, and incident response
• Excellent written and verbal communication skills — able to represent the company externally with confidence
• Demonstrated ability to influence without authority and drive cross-functional alignment around security objectives
• Experience with multi-tenant architecture, customer data isolation, and modern DevOps tooling

Responsibilities

• Lead and maintain ongoing SOC 2 Type II and ISO 27001 certification efforts, including audits, controls, evidence collection, and auditor coordination
• Own and continuously improve WorkBoard’s internal security policies, standards, and documentation (e.g., incident response plans, data retention, access management)
• Drive regular internal risk assessments and coordinate remediation with engineering and DevOps
• Establish and monitor key security metrics and KPIs to guide program maturity and executive reporting
• Evaluate, procure, and manage security platforms and tools supporting visibility, detection, prevention, and response
• Own third-party vendor risk assessments and ongoing monitoring
• Manage and respond to detailed security questionnaires from prospects and customers
• Participate in security-related meetings with customer/prospect InfoSec and procurement teams
• Provide clear, confident explanations of our security practices and controls to both technical and non-technical audiences
• Partner with Legal and Sales on data protection addenda (DPAs), Master Service Agreements (MSAs), and customer security commitments
• Maintain and update the company’s Information Security Management System (ISMS)
• Conduct annual company-wide security training and awareness programs
• Monitor compliance with internal security policies across departments
• Champion a security-first culture by engaging regularly with team leads and department heads
• Conduct or facilitate tabletop exercises for incident response, including cross-functional readiness and communication protocols
• Work closely with security engineers to ensure product and infrastructure are continuously assessed for vulnerabilities (static/dynamic testing, dependency scanning, etc.)
• Track, prioritize, and drive resolution of identified issues through to closure
• Contribute to secure SDLC practices and deployment pipeline hardening
• Collaborate on architecture reviews, threat modeling, and design-time security input
• Advise on data protection strategies, including encryption, access control, and secure data flows

Preferred Qualifications

• Experience in a high-growth SaaS environment
• Familiarity with tools incl. OneTrust, Lacework, Wiz, Stackhawk, GitHub Advanced Security, or similar
• Relevant certifications: CISSP, CCSP, CISM, CISA, or ISO 27001 Lead Implementer/Auditor
• Experience with data privacy regulations (e.g., GDPR, CCPA) and their technical implementation implications
• Understanding of frameworks like NIST CSF, CIS Controls, or HITRUST