Chief Information Security Officer (CISO)

Workato is the only integration and automation platform that is as simple as it is powerful — and because it’s built to power the largest enterprises, it is quite powerful. 

Simultaneously, it’s a low-code/no-code platform. This empowers any user (dev/non-dev) to painlessly automate workflows across any apps and databases.

We’re proud to be named a leader by both Forrester and Gartner and trusted by 7,000+ of the world's top brands such as Box, Grab, Slack, and more. But what is most exciting is that this is only the beginning. 

Ultimately, Workato believes in fostering a flexible, trust-oriented culture that empowers everyone to take full ownership of their roles. We are driven by innovation and looking for team players who want to actively build our company. 

But, we also believe in balancing productivity with self-care. That’s why we offer all of our employees a vibrant and dynamic work environment along with a multitude of benefits they can enjoy inside and outside of their work lives. 

If this sounds right up your alley, please submit an application. We look forward to getting to know you!

Also, feel free to check out why:

• Business Insider named us an “enterprise startup to bet your career on”

• Forbes’ Cloud 100 recognized us as one of the top 100 private cloud companies in the world

• Deloitte Tech Fast 500 ranked us as the 17th fastest growing tech company in the Bay Area, and 96th in North America

• Quartz ranked us the #1 best company for remote workers

We are looking for an exceptional Chief Information Security Officer (CISO) to lead Workato’s security, governance, and compliance activities.

As the company’s most senior information security executive, this is a hands-on role that has enterprise-level responsibility for all information security policies and will be accountable for establishing a modernized and sustainable strategy for security, including cloud and product security.

The CISO will serve as a face to internal constituencies regarding information security and communicate the mission of cybersecurity. (S)he will serve as a key business leader and security representative interfacing with Workato’s executive team, board of directors, and various business line and functional stakeholders. It will be critical for this person to implement a security program which supports rapid business growth and ensures Workato is a trusted and secure platform.

The CISO will play a role in terms of GTM: interact with customers, partners and internal stakeholders to promote automation, integration and cross-system visibility of Security, Governance, Risk and Compliance Workflows using Workato's leading class platform.

• Oversee, maintain and monitor a strategic, comprehensive enterprise-wide information security and risk management program to ensure the integrity, confidentiality and availability of information owned, controlled or processed by the organization.

• Oversee the development and enforcement of information security policies and procedures based on industry standard best practices.

• Build, inspire and coordinate a highly skilled and diverse Security team. Foster a culture of trusted cross functional partnership, service, and continuous improvement based on Key Performance Indicators

• Maintain a broad understanding of: present and emerging security risks; compliance frameworks;  regulatory and legal requirements; relevant industry standards and guidelines; secure software development practices; technical security measures and supporting tools

• Conduct risk assessments, proactively identify process and control gaps and areas for improvement, and work with internal teams to address these gaps.

• Regularly assess the need for 3rd-party vendors and tooling to support Workato’s security program, and guide the evaluation and onboarding of  third parties

• Provide expert internal guidance and regular updates to multiple Workato functional groups and to executive management regarding security and compliance issues

• Coordinate and oversee Workato’s annual security audits and activities required to support the audit program

• Communicate externally our security and GRC program and address customer concerns

• Partner with internal leaders in multiple departments including Business Technology, Product & Engineering, Legal, and Human Resources to maintain and enhance Workato's security and compliance posture. Serve as an expert resource to help plan, coordinate and execute initiatives to reduce risks and meet security and compliance goals.

• Promote and oversee strategic information security relationships between internal resources and external entities, including government, vendors, and partner organizations.

• Offer strong leadership, coaching and mentoring to the security team in order to ensure their continued success in a changing environment.

• Develop short term and long-term resource plans for addressing data privacy and future strategic initiatives.

• Utilize business-relevant metrics to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation and increase the maturity of the security program.

Qualifications / Experience / Technical Skills

• 10+ years of relevant information security experience including experience as CISO at a public company; experience within an enterprise or consumer tech environment is preferred.

• Proven large scale crisis and incident management experience, as well as experience managing large projects and programs.

• Possesses technical acumen to develop cybersecurity posture and execute the strategy with a clear vision for the evolving needs within the cybersecurity function. Abreast of the latest trends in cloud, AI, platforms, security automation, etc.

• Experience performing the security due diligence for prospective M&A activity.

• Ability to attract, develop and retain talent and cultivate winning teams.

• Inventive and experimental with a problem-solving mindset who is willing to push boundaries.

• Proven ability to inspire confidence, create executive presentations and guide strategic discussions with senior management.

• Strong leadership acumen, with the ability to influence throughout the organization and effectively communicate a business vision, key objectives, and security needs.

• Security certification such as CISSP, CISM or CISA.

• Knowledge and experience with security and governance frameworks: SSAE-18 (SOC-2), HIPAA, PCI-DSS, ISO27001, NIST, Fedramp

• Knowledge of legal and regulatory requirements including GDPR, CCPA/CPRA, PDPA, etc.