Manager, GRC Engineering

About Workstreet

At Workstreet, we’re on an exciting journey to help businesses scale securely by designing and implementing cutting-edge security and compliance programs. As a fast-growing startup, we specialize in a wide range of frameworks—including SOC 2, ISO 27001, GDPR, CMMC, NIST 800-171, NIST 800-53, and FedRAMP—empowering companies to meet regulatory requirements and enhance their cybersecurity posture from day one.

The Opportunity

We are seeking a Manager, GRC Engineering who is highly motivated, detail-oriented, and experienced in leading cybersecurity compliance initiatives. The ideal candidate will have a solid background in frameworks such as SOC 2, ISO 27001, and NIST CSF, along with strong communication skills and the ability to manage multiple cybersecurity compliance projects simultaneously.

As part of our GRC leadership team, you will manage compliance programs, oversee client engagements, and ensure adherence to industry standards such as SOC 2, ISO 27001, HIPAA, and PCI DSS. This role also involves leading a small team of analysts, providing strategic direction, and ensuring the consistent delivery of high-quality compliance outcomes for Workstreet’s clients.

What You Will Do

• Develop and Maintain Compliance Frameworks: Create, update, and align compliance policies, procedures, and technical controls with SOC 2 (Type 1 & 2), ISO 27001, HIPAA, and PCI DSS standards.
• Lead Compliance Certifications: Oversee and execute SOC 2 and ISO 27001 implementation and certification projects across multi-cloud environments (AWS, GCP, Azure).
• Conduct Risk and Security Audits: Perform regular risk assessments and audits to identify vulnerabilities and enhance overall security posture.
• Manage Compliance Team: Lead a team of 3–5 analysts through coaching, mentorship, and performance management to ensure quality and accountability.
• Collaborate Cross-Functionally: Partner with internal teams and clients to embed security and compliance best practices and resolve compliance escalations.
• Monitor Regulatory Developments: Stay informed on evolving regulations and frameworks to maintain the relevance and accuracy of compliance controls.
• Leverage Compliance Automation Tools: Utilize platforms such as Drata, Vanta, and SecureFrame to track compliance metrics and ensure continuous audit readiness.

Who You Are

• Bachelor’s degree in Information Technology, Cybersecurity, or a related field.
• 5+ years of experience managing a team.
• Proven experience in managing compliance programs and familiarity with SOC 2 and ISO 27001 frameworks.
• Strong knowledge of technical control implementation in cloud platforms such as AWS, GCP, and Azure.
• Excellent written and verbal communication skills in English.
• Ability to work independently with a strong sense of initiative.
• Must be amenable to working US Time zone hours.

Nice to Have

• Relevant certifications (e.g., CISA, CISSP, CISM).
• Consulting experience
• Familiarity with other compliance frameworks and regulations (e.g., HiTRUST, PCI DSS, NIST, GDPR, HIPAA).

What We Offer

• Career Development: Clear path with mentorship and training opportunities
• Technical Training: Comprehensive onboarding on security and compliance frameworks
• Competitive Compensation: A competitive base salary with regular performance reviews linked to merit-based appraisals and bonus opportunities.
• Growth Opportunity: Early-stage company with significant room for career advancement.
• Remote-First Culture: Flexibility to work from anywhere while collaborating with a global team.

Work Environment Requirements

• Reliable high-speed internet connection.
• Quiet, professional home office setup.
• Must be amenable to working US Time zone hours.
• Fluency in written and verbal English communication skills.
  

Workstreet is an Equal Opportunity Employer

As an equal opportunity employer, Workstreet is committed to providing employment opportunities to all individuals. All applicants for positions at Workstreet will be treated without regard to race, color, ethnicity, religion, sex, gender, gender identity and expression, sexual orientation, national origin, disability, age, marital status, veteran status, pregnancy, or any other basis prohibited by applicable law.