Workstreet

Sr. Manager, Virtual Chief Information Security Officer, vCISO

Workstreet

full-time

Posted on:

Origin:  • 🇺🇸 United States

Visit company website
AI Apply
Apply

Job Level

Senior

Tech Stack

AWSAzureCloudCyber SecurityGoogle Cloud PlatformKubernetesOpen SourceTerraform

About the role

  • Embed directly with 7-10 high-growth clients as their fractional CISO, becoming an integral part of their leadership team.
  • Architect security solutions, analyze infrastructure, and configure security tools.
  • Work side-by-side with client engineering teams to implement security controls and review infrastructure-as-code.
  • Provide immediate security guidance via Slack, customer calls, and impromptu consultations.
  • Collaborate with GTM teams to unblock deals because of security questionnaires.
  • Build deep relationships with CTOs, VPs of Engineering, and founders; participate in daily standups, sprint planning, and engineering discussions.
  • Serve as the calm, knowledgeable voice during security incidents and critical decisions.
  • Guide clients through SOC 2, ISO 27001, and other certifications; write and review policies, create risk registers, and manage third-party risk.
  • Conduct hands-on gap assessments and build remediation roadmaps; work directly with auditors to answer technical questions and provide evidence.
  • Review cloud configurations, recommend hardening measures, and evaluate and implement security tools, often doing initial setup.
  • Create security runbooks, automation scripts, and provide code-level guidance on secure development practices.
  • Focus on direct client engagement and technical leadership rather than people management.

Requirements

  • 10+ years of hands-on information security experience with deep technical expertise, client-facing and/or consulting experience.
  • Proven track record as a CISO or senior security leader at high-growth technology companies.
  • Expertise in cloud security (AWS, Azure, GCP) with the ability to review Terraform/CloudFormation.
  • Hands-on experience with security tools (SIEM, CSPM, vulnerability scanners, etc.).
  • Deep understanding of modern development practices (CI/CD, containerization, Kubernetes).
  • Experience working directly with engineering teams in fast-paced startup environments.
  • Track record of implementing security programs at companies scaling from Series A to IPO.
  • Excellent technical communication skills with the ability to explain complex issues clearly.
  • Background in software engineering or DevOps before moving to security (preferred).
  • Hands-on experience with security automation and infrastructure-as-code (preferred).
  • Active in the security community (bug bounties, research, open source contributions) (preferred).
  • Professional certifications (CISSP, OSCP, AWS Security) backed by real-world experience (preferred).