About Workstreet

At Workstreet, we're on an exciting journey to help businesses scale securely by building and implementing cutting-edge security and compliance programs. As a fast-growing startup, we specialize in compliance frameworks like SOC 2, ISO 27001, and GDPR, empowering companies to meet regulatory standards and strengthen their cybersecurity posture from day one. We've partnered with Vanta, which has significantly driven our business and contributed to our growth!

We are seeking an experienced Sr. Manager, Virtual Chief Information Security Officer (vCISO) to serve as an embedded security leader for our portfolio of high-growth Silicon Valley unicorns and technology companies. This is a hands-on, client-facing role perfect for a security expert who thrives on solving complex technical challenges and wants to be deeply involved in building world-class security programs. This position focuses on direct client engagement and technical leadership rather than people management.

Why This Role is Unique:

• Work directly with some of the most innovative unicorns as their trusted CISO.
• Dive deep into technical security challenges.
• Be the hands-on security expert that fast-growing companies desperately need, and put your fingerprint on rapidly expanding security programs.
• Shape security strategies for companies disrupting entire industries.

Responsibilities:

Hands-On Security Leadership:

• Embed directly with 7-10 high-growth clients as their fractional CISO, becoming an integral part of their leadership team.
• Roll up your sleeves to architect security solutions, analyze infrastructure, and configure security tools.
• Work side-by-side with client engineering teams to implement security controls.
• Be the go-to expert who can jump into Slack, customer calls, etc., and provide immediate security guidance.
• Collaborating with GTM teams to unblock deals because of security questionnaires.

Direct Client Engagement:

• Build deep, trusted relationships with CTOs, VPs of Engineering, and founders.
• Participate in daily standups, sprint planning, and engineering discussions as needed.
• Provide real-time security guidance during product development and feature releases.
• Be available for impromptu security consultations and "quick questions" that prevent major issues.
• Serve as the calm, knowledgeable voice during security incidents and critical decisions.

Compliance & Risk Management:

• Personally guide clients through SOC 2, ISO 27001, and other certifications/compliance frameworks.
• Write and review policies, create risk registers, and manage third-party risk for clients.
• Conduct hands-on gap assessments and build remediation roadmaps.
• Work directly with auditors, answering technical questions and providing evidence.
• Transform compliance from a checkbox exercise into meaningful security improvements.

Security Engineering Support:

• Review infrastructure-as-code for security best practices.
• Analyze cloud configurations and recommend hardening measures.
• Evaluate and implement security tools, often doing the initial setup yourself.
• Create security runbooks and automation scripts.
• Provide code-level guidance on secure development practices.

Must-Have Qualifications:

• 10+ years of hands-on information security experience with deep technical expertise, client-facing and/or consulting experience.
• Proven track record as a CISO or senior security leader at high-growth technology companies.
• Expertise in cloud security (AWS, Azure, GCP) with the ability to review Terraform/CloudFormation.
• Hands-on experience with security tools (SIEM, CSPM, vulnerability scanners, etc.).
• Deep understanding of modern development practices (CI/CD, containerization, Kubernetes).
• Experience working directly with engineering teams in fast-paced startup environments.
• Track record of implementing security programs at companies scaling from Series A to IPO.
• Excellent technical communication skills with the ability to explain complex issues clearly.

Preferred Qualifications:

• Background in software engineering or DevOps before moving to security.
• Hands-on experience with security automation and infrastructure-as-code.
• Active in the security community (bug bounties, research, open source contributions).
• Professional certifications (CISSP, OSCP, AWS Security) backed by real-world experience.

Workstreet Is An Equal Opportunity Employer

As an equal opportunity employer, Workstreet is committed to providing employment opportunities to all individuals. All applicants for positions at Workstreet will be treated without regard to race, color, ethnicity, religion, sex, gender, gender identity and expression, sexual orientation, national origin, disability, age, marital status, veteran status, pregnancy, or any other basis prohibited by applicable law.