Information Security Officer

at WorkBoard
🇺🇸 United States - Remote
🔒 Cybersecurity🔵 Mid-level

Job description

WORK WITH PURPOSE

WorkBoard’s Strategy Execution Platform powers the digital operating rhythm for companies around the globe, providing organization-wide clarity, alignment, and insights for growth. AstraZeneca, Ford, 3M, Intel and many others rely on WorkBoard’s platform, playbook, and expertise to accelerate results by aligning OKRs, simplifying business reviews and scorecards, focusing weeklies on outcomes, and leveraging analytics – all with embedded AI. More than 15,000 people are certified in WorkBoard’s OKR coaching and Outcome Mindset Methodology™ which enables their organizations to quickly gain the agility OKRs can provide.

Based in Silicon Valley and founded in 2013, WorkBoard investors include Andreessen Horowitz, SoftBank, Notable Capital, Workday Ventures, M12 (Microsoft), Intel Capital, Silicon Valley Bank, and Capital One.

THE OPPORTUNITY

As our information security officer, you’ll own and evolve WorkBoard’s security posture across our product, infrastructure, and organization. You will lead our compliance

initiatives, manage responses to customer and prospect inquiries, and ensure security practices are embedded across teams — from engineering to operations. This is a high-impact role at the intersection of customer trust, product assurance, and operational excellence.

Key Responsibilities

Security & Compliance Operations

• Lead and maintain ongoing SOC 2 Type II and ISO 27001 certification efforts, including audits, controls, evidence collection, and auditor coordination.

• Own and continuously improve WorkBoard’s internal security policies, standards, and documentation (e.g., incident response plans, data retention, access management).

• Drive regular internal risk assessments and coordinate remediation with

engineering and DevOps.

• Establish and monitor key security metrics and KPIs to guide program maturity and executive reporting.

• Evaluate, procure, and manage security platforms and tools supporting visibility, detection, prevention, and response.

• Own third-party vendor risk assessments and ongoing monitoring.

Customer & Sales Support

• Manage and respond to detailed security questionnaires from prospects and customers.

• Participate in security-related meetings with customer/prospect InfoSec and procurement teams.

• Provide clear, confident explanations of our security practices and controls to both technical and non-technical audiences.

• Partner with Legal and Sales on data protection addenda (DPAs), Master Service Agreements (MSAs), and customer security commitments.

Governance & Education

• Maintain and update the company’s Information Security Management System (ISMS).

• Conduct annual company-wide security training and awareness programs.

• Monitor compliance with internal security policies across departments.

• Champion a security-first culture by engaging regularly with team leads and department heads.

• Conduct or facilitate tabletop exercises for incident response, including cross- functional readiness and communication protocols.

Engineering Partnership

• Work closely with security engineers to ensure product and infrastructure are continuously assessed for vulnerabilities (static/dynamic testing, dependency

scanning, etc.).

• Track, prioritize, and drive resolution of identified issues through to closure.

• Contribute to secure SDLC practices and deployment pipeline hardening.

• Collaborate on architecture reviews, threat modeling, and design-time security input.

• Advise on data protection strategies, including encryption, access control, and secure data flows.

Requirements

Must-Have

• 7+ years of experience in information security, including 2+ years driving compliance and audit initiatives (SOC 2, ISO 27001, or similar).

• Deep understanding of cloud-native application security and SaaS architectures.

• Experience managing security questionnaires and interfacing with enterprise security teams.

• Strong knowledge of risk management, vulnerability management, access control, and incident response.

• Excellent written and verbal communication skills — able to represent the company externally with confidence.

• Demonstrated ability to influence without authority and drive cross-functional alignment around security objectives.

• Experience with multi-tenant architecture, customer data isolation, and modern DevOps tooling.

Nice-to-Have

• Experience in a high-growth SaaS environment.

• Familiarity with tools incl. OneTrust, Lacework, Wiz, Stackhawk, GitHub Advanced Security, or similar.

• Relevant certifications: CISSP, CCSP, CISM, CISA, or ISO 27001 Lead Implementer/Auditor.

• Experience with data privacy regulations (e.g., GDPR, CCPA) and their technical implementation implications.

• Understanding of frameworks like NIST CSF, CIS Controls, or HITRUST.

Share this job:
Please let WorkBoard know you found this job on Remote First Jobs 🙏

Similar Remote Jobs

WorkBoard logo

WorkBoard

  • 201-500 employees
  • Founded in 2013
  • 1 remote job

Latest Jobs at WorkBoard

Benefits of using Remote First Jobs

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

Advanced Filters

Filter by category, benefits, seniority, and more.

Priority Job Alerts

Get timely alerts for new job openings every day.

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

Search remote, work from home, 100% online jobs

We help you connect with top remote-first companies.

Search jobs

Hiring remote talent? Post a job

Frequently Asked Questions

What makes Remote First Jobs different from other job boards?

Unlike other job boards that only show jobs from companies that pay to post, we actively scan over 20,000 companies to find remote positions. This means you get access to thousands more jobs, including ones from companies that don't typically post on traditional job boards. Our platform is dedicated to fully remote positions, focusing on companies that have adopted remote work as their standard practice.

How often are new jobs added?

New jobs are constantly being added as our system checks company websites every day. We process thousands of jobs daily to ensure you have access to the most up-to-date remote job listings. Our algorithms scan over 20,000 different sources daily, adding jobs to the board the moment they appear.

Can I trust the job listings on Remote First Jobs?

Yes! We verify all job listings and companies to ensure they're legitimate. Our system automatically filters out spam, junk, and fake jobs to ensure you only see real remote opportunities.

Can I suggest companies to be added to your search?

Yes! We're always looking to expand our listings and appreciate suggestions from our community. If you know of companies offering remote positions that should be included in our search, please let us know. We actively work to increase our coverage of remote job opportunities.

How do I apply for jobs?

When you find a job you're interested in, simply click the 'Apply Now' button on the job listing. This will take you directly to the company's application page. We kindly ask you to mention that you found the position through Remote First Jobs when applying, as it helps us grow and improve our service 🙏

Apply