Manager, Information Security Risk & Compliance

Upwork is the world's largest freelancing website. Each year $1.5 billion of work happens through Upwork, allowing businesses to get more done and helping professionals break free of traditional time and place boundaries and work anytime, anywhere on projects they love. At Upwork, you'll help build on this momentum. Together, we'll create economic and social value on a global scale, providing a trusted online workplace for businesses to connect with extraordinary talent and work without limits.

Are you motivated to make an impact in a high-growth company? Are you a hands-on problem solver who loves to drive cross-functional decisions at the intersection of business, security, and engineering?  We can use your skills and experience to drive pragmatic risk posture and keep our platform secure. We need your disciplined, methodical approach towards building a robust security and privacy compliance program


  • Lead or assist the successful completion of information security, IT regulatory  and privacy risk assessment activities
  • Successfully project manage and drive remediation activities across various teams within the organization 
  • Facilitate the process to perform third-party security risk reviews and follow up on action items
  • Conduct audits/gap analysis to assess compliance with company policies, regulatory requirements, and alignment with industry standards and prepare summary reports
  • Facilitate customer requests and information gathering for enterprise audit activities
  • Help our customers understand security and compliance control environment
  • Contribute to enhancing our GRC tool to address security, privacy controls, and SOX, SOC2 compliance requirements
  • Support the Security and Privacy Training and Awareness program
  • Develop/Enhance Key risks dashboards for stakeholder reporting

How to really knock our socks off:

  • Ability to lead security and compliance projects
  • Prior experience with GRC systems
  • Ability to understand the intent of compliance requirements to provide effective and meaningful analysis
  • Excellent report writing skills, ability to prepare compliance reports and associated metrics

What it takes to catch our eye:

  • 7+ years working in the field of compliance or security
  • Prior work experience in a SaaS/Cloud company Security and Compliance group or Security & Risk practice of a Big 4 firm
  • Direct and recent work experience with at least two of the following compliance program: ISO 27001, ISO 9001, PCI, SSAE16, SOC2, SOX, HIPAA, 21 CFR Part 11, 21 CFR Part 820, Annex 11, FedRAMP, DoDI 8500.2, and GDPR.
  • Relevant professional certifications such as CISSP, CISA, CISM, CIPP, GIAC, PMP

Come change how the world works.

At Upwork you’ll help shape the future of work. From our offices in San Francisco, Mountain View and Chicago, together we’re creating exciting new opportunities for a world of professionals. You’ll be part of a vibrant culture built on shared values: Inspire a boundless future of work, Put our community first, Have a bias towards action, and Build amazing teams. Along the way you’ll have fun and enjoy the perks of a people-first company: Work from Home Wednesday's, daily breakfast and lunch, regular in-office happy hours, top-notch benefits … and more. Check out Upwork’s spotlight on The Muse for a glimpse of our daily work/life balance.

Upwork is proudly committed to recruiting and retaining a diverse and inclusive workforce. As an Equal Opportunity Employer, we never discriminate based on race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical condition), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.

Back to top