Manager, GRC Engineering

About Workstreet

At Workstreet, we're on an exciting journey to help businesses scale securely by designing and implementing cutting-edge security and compliance programs. As a fast-growing startup, we specialize in a wide range of frameworks — including SOC 2, ISO 27001, GDPR, CMMC, NIST 800-171, NIST 800-53, and FedRAMP — empowering companies to meet regulatory requirements and enhance their cybersecurity posture from day one.

We are seeking a Manager, GRC Engineering who leads with a client-first mindset and brings exceptional relationship management skills to every engagement. The ideal candidate is an experienced client manager who knows how to build trust, navigate complex accounts, and deliver an outstanding client experience — while also bringing deep expertise in cybersecurity compliance frameworks such as SOC 2, ISO 27001, and NIST CSF.

The successful candidate will be able to come up to speed quickly, integrate into the organization, and take on clients within your first 15 days. You will serve as the primary point of contact for a portfolio of clients, leading engagements end-to-end, managing escalations with composure and urgency, and ensuring every client interaction reflects the highest standard of service.
This role requires working US Pacific Time (PST) hours.

Client Relationship Management (Primary Focus)

• Own the Client Experience: Serve as the primary point of contact for a portfolio of client accounts, building strong, trusted relationships and ensuring clients feel supported, informed, and valued throughout every engagement.
• Lead Client Engagements: Guide clients through compliance initiatives end-to-end — from kickoff through certification — providing clear communication, proactive updates, and expert guidance at every milestone.
• Handle Escalations with Professionalism: Resolve complex client issues and requests with urgency, composure, and a solution-oriented approach that reinforces confidence and long-term retention.
• Be a Trusted Advisor: Understand each client's unique business context and deliver compliance guidance that is practical, actionable, and tailored to their needs.
• Collaborate Cross-Functionally: Partner with internal teams and client stakeholders to embed security and compliance best practices and resolve issues quickly.

Team Leadership

• Manage and Develop a Pod of Analysts: Lead a team of 3–5 analysts through coaching, mentorship, and performance management, fostering accountability, quality, and professional growth.
• Drive Consistent Delivery: Ensure the team meets deadlines and delivers high-quality work across all active client engagements, stepping in to support where needed.

GRC & Compliance Execution

• Develop and Maintain Compliance Frameworks: Create, update, and align compliance policies, procedures, and technical controls with SOC 2 (Type 1 & 2), ISO 27001, HIPAA, and PCI DSS standards.
• Lead Compliance Certifications: Oversee and execute SOC 2 and ISO 27001 implementation and certification projects across multi-cloud environments (AWS, GCP, Azure).
• Conduct Risk and Security Audits: Perform regular risk assessments and audits to identify vulnerabilities and enhance overall security posture.
• Monitor Regulatory Developments: Stay informed on evolving regulations and frameworks to maintain the relevance and accuracy of compliance controls.
• Leverage Compliance Automation Tools: Utilize platforms such as Drata, Vanta, and SecureFrame to track compliance metrics and ensure continuous audit readiness.

Required

• Demonstrated experience managing client relationships directly — you are comfortable owning accounts, leading difficult conversations, and being the trusted face of an engagement
• Exceptional professionalism in all client-facing communication, with outstanding written and verbal English skills
• 5+ years of experience managing or leading a team
• Proven experience managing compliance programs with hands-on familiarity with SOC 2 and ISO 27001 frameworks
• Strong knowledge of technical control implementation in cloud platforms (AWS, GCP, Azure)
• Ability to manage multiple compliance projects simultaneously without sacrificing client experience or quality
• Bachelor's degree in Information Technology, Cybersecurity, or a related field
• Ability to work independently with a strong sense of initiative

• Experience at a Big 4 firm (e.g., Deloitte, PwC, EY, KPMG) in an advisory or assurance capacity
• Relevant certifications (e.g., CISA, CISSP, CISM)
• Consulting experience
• Familiarity with additional frameworks and regulations (e.g., HiTRUST, PCI DSS, NIST, GDPR, HIPAA)

• Career Development: Clear growth path with mentorship and training opportunities
• Technical Training: Comprehensive onboarding on security and compliance frameworks
• Competitive Compensation: Competitive base salary with regular performance reviews, merit-based appraisals, and bonus opportunities
• Growth Opportunity: Early-stage company with significant room for career advancement
• Remote-First Culture: Flexibility to work from anywhere while collaborating with a global team

• Reliable high-speed internet connection
• Quiet, professional home office setup
• This role requires working US Pacific Time (PST) hours.
• Fluency in written and verbal English communication skills

As an equal opportunity employer, Workstreet is committed to providing employment opportunities to all individuals. All applicants for positions at Workstreet will be treated without regard to race, color, ethnicity, religion, sex, gender, gender identity and expression, sexual orientation, national origin, disability, age, marital status, veteran status, pregnancy, or any other basis prohibited by applicable law.

Employment with Workstreet is contingent upon the successful completion of a background check, which may include verification of employment history, education, and other relevant information, in compliance with applicable laws.