Manager, GRC Engineering

About Workstreet

At Workstreet, we’re on an exciting journey to help businesses scale securely by building and implementing cutting-edge security and compliance programs. As a fast-growing startup, we specialize in compliance frameworks like SOC 2, ISO 27001, and GDPR, empowering companies to meet regulatory standards and strengthen their cybersecurity posture from day one. We’ve partnered with Vanta, which has significantly driven our business and contributed to our growth!

We are seeking a Manager, GRC Engineering who is highly motivated, detail-oriented, and experienced in leading cybersecurity compliance initiatives. The ideal candidate will have a solid background in frameworks such as SOC 2, ISO 27001, and NIST CSF, along with strong communication skills and the ability to manage multiple cybersecurity compliance projects simultaneously.

As part of our GRC leadership team, you will manage compliance programs, oversee client engagements, and ensure adherence to industry standards such as SOC 2, ISO 27001, HIPAA, and PCI DSS. This role also involves leading a small team of analysts, providing strategic direction, and ensuring the consistent delivery of high-quality compliance outcomes for Workstreet’s clients.

• Develop and Maintain Compliance Frameworks: Create, update, and align compliance policies, procedures, and technical controls with SOC 2 (Type 1 & 2), ISO 27001, HIPAA, and PCI DSS standards.
• Lead Compliance Certifications: Oversee and execute SOC 2 and ISO 27001 implementation and certification projects across multi-cloud environments (AWS, GCP, Azure).
• Conduct Risk and Security Audits: Perform regular risk assessments and audits to identify vulnerabilities and enhance overall security posture.
• Manage Compliance Team: Lead a team of 3–5 analysts through coaching, mentorship, and performance management to ensure quality and accountability.
• Collaborate Cross-Functionally: Partner with internal teams and clients to embed security and compliance best practices and resolve compliance escalations.
• Monitor Regulatory Developments: Stay informed on evolving regulations and frameworks to maintain the relevance and accuracy of compliance controls.
• Leverage Compliance Automation Tools: Utilize platforms such as Drata, Vanta, and SecureFrame to track compliance metrics and ensure continuous audit readiness.

• Bachelor’s degree in Information Technology, Cybersecurity, or a related field.
• 5+ years of experience managing a team.
• Proven experience in managing compliance programs and familiarity with SOC 2 and ISO 27001 frameworks.
• Strong knowledge of technical control implementation in cloud platforms such as AWS, GCP, and Azure.
• Excellent written and verbal communication skills in English.
• Ability to work independently with a strong sense of initiative.
• Must be amenable to working US Time zone hours.

• Relevant certifications (e.g., CISA, CISSP, CISM).
• Consulting experience
• Familiarity with other compliance frameworks and regulations (e.g., HiTRUST, PCI DSS, NIST, GDPR, HIPAA).