Senior GRC Engineer

Sr. GRC Engineer

At Workstreet, we're on an exciting journey to help businesses scale securely by designing and implementing cutting-edge security and compliance programs. As a fast-growing startup, we specialize in a wide range of frameworks—including SOC 2, ISO 27001, GDPR, CMMC, NIST 800-171, NIST 800-53, and FedRAMP—empowering companies to meet regulatory requirements and enhance their cybersecurity posture from day one.

We are seeking a highly motivated, client-focused Sr. GRC Engineer to join our fast-growing team. The ideal candidate is a seasoned client relationship manager who brings deep expertise in cybersecurity compliance and a proven track record of leading high-complexity client engagements with professionalism and care. This role is first and foremost about delivering an exceptional client experience — managing accounts, building trust, and driving successful outcomes — while overseeing a pod of analysts and applying expertise across frameworks such as SOC 2, ISO 27001, and NIST CSF.

The successful candidate will be able to come up to speed quickly, integrate into the organization, and take on clients within your first 15 days. You will serve as the primary point of contact for a portfolio of clients, leading engagements end-to-end, managing escalations with composure and urgency, and ensuring every client interaction reflects the highest standard of service.

What You'll Do

Client Relationship Management (Primary Focus)

• Own the Client Experience: Serve as the dedicated primary contact for a portfolio of high-complexity, long-term client accounts, ensuring consistent delivery, proactive communication, and strong relationships at every stage of the engagement.
• Lead Client Engagements: Conduct regular client meetings, deliver progress updates, set expectations, and guide clients through audits, assessments, and compliance milestones with clarity and confidence.
• Communicate with Care: Engage directly with U.S.-based clients via phone, email, and text to address compliance concerns, provide expert guidance, and ensure clients always feel supported and informed.
• Handle Escalations: Resolve complex client issues swiftly and professionally, applying a solution-oriented approach that reinforces client trust and satisfaction.
• Be a Trusted Advisor: Build long-term relationships by understanding each client's unique business context and delivering compliance guidance that is practical, relevant, and actionable.

Team Leadership

• Manage and Develop a Pod of Analysts: Provide day-to-day direction, constructive feedback, and professional development support to a small team of junior analysts, fostering a high-performance and collaborative culture.
• Drive Accountability: Ensure the pod delivers high-quality work on time across all active client engagements, stepping in to support and coach where needed.

GRC & Compliance Execution

• Interpret Regulatory Frameworks: Analyze and apply cybersecurity compliance requirements under SOC 2, ISO 27001, HIPAA, NIST CSF, and related standards.
• Lead Compliance Projects: Oversee multiple client engagements simultaneously, including audits, evidence collection, control mapping, and due diligence or incident response activities.
• Develop Compliance Programs: Create, implement, and maintain cybersecurity policies, procedures, and supporting documentation to meet audit and certification objectives.
• Collaborate on Risk Management: Work with internal and external teams to identify, assess, and mitigate cybersecurity and compliance risks.
• Drive Process Improvement: Enhance standard operating procedures, playbooks, and compliance frameworks to strengthen operational effectiveness.

Who You Are

Required

• Demonstrated experience managing client relationships directly — you are comfortable owning accounts, navigating difficult conversations, and being the face of the engagement
• Exceptional professionalism in all client-facing communication, with outstanding written and verbal English skills
• 3+ years of experience managing or leading a small team (pod, squad, or similar structure)
• 3+ years of experience in cybersecurity compliance, including hands-on work with SOC 2, ISO 27001, or NIST CSF frameworks
• Proven ability to manage multiple compliance projects concurrently without sacrificing quality or client experience
• Strong organizational skills and the ability to thrive in a fast-paced startup environment
• Familiarity with creating and enforcing cybersecurity policies
• Experience working in a tech company with a cybersecurity focus

Nice to Have

• Experience at a Big 4 firm (e.g., Deloitte, PwC, EY, KPMG) in an advisory or assurance capacity
• Experience with HIPAA, PCI DSS, or additional compliance frameworks
• Familiarity with Vanta or similar compliance automation platforms
• Certifications such as CISA, CISSP, ISO 27001 Lead Implementer, or Security+
• Prior experience handling audit coordination or third-party assessments

What We Offer

• Career Development: Clear growth path with mentorship and training opportunities
• Technical Training: Comprehensive onboarding on security and compliance frameworks
• Competitive Compensation: Competitive base salary with regular performance reviews, merit-based appraisals, and bonus opportunities
• Growth Opportunity: Early-stage company with significant room for career advancement
• Remote-First Culture: Flexibility to work from anywhere while collaborating with a global team

Work Environment Requirements

• Reliable high-speed internet connection.
• Quiet, professional home office setup.
• Must be amenable to work US Eastern Time zone hours.
• Fluency in written and verbal English communication skills.

Workstreet Is An Equal Opportunity Employer

As an equal opportunity employer, Workstreet is committed to providing employment opportunities to all individuals. All applicants for positions at Workstreet will be treated without regard to race, color, ethnicity, religion, sex, gender, gender identity and expression, sexual orientation, national origin, disability, age, marital status, veteran status, pregnancy, or any other basis prohibited by applicable law.