The Sr. GRC Engineer will guide defense contractors through CMMC compliance, conduct assessments, develop required documentation, and lead a compliance team to meet standards.
About Workstreet
At Workstreet, we’re on an exciting journey to help businesses scale securely by designing and implementing cutting-edge security and compliance programs. As a fast-growing startup, we specialize in a wide range of frameworks—including SOC 2, ISO 27001, GDPR, CMMC, NIST 800-171, NIST 800-53, and FedRAMP—empowering companies to meet regulatory requirements and enhance their cybersecurity posture from day one.
The OpportunityWe are seeking a Sr. GRC Engineer who is highly motivated, detail-oriented, and experienced with CMMC and related cybersecurity compliance frameworks. The ideal candidate will have strong communication skills, a proven ability to manage multiple projects simultaneously, and experience leading or mentoring a small team.
This role involves guiding defense contractors through the CMMC compliance process, conducting assessments, developing documentation, and ensuring adherence to Department of Defense cybersecurity standards. The successful candidate will play a key role in helping clients achieve CMMC Level 1 and Level 2 compliance while leading a team to deliver exceptional results.
What You'll Do- Interpret and Apply CMMC Requirements: Analyze CMMC and NIST SP 800-171 controls to ensure client compliance with Department of Defense cybersecurity standards.
- Develop and Maintain Compliance Documentation: Create and manage System Security Plans (SSPs), Plans of Action & Milestones (POA&Ms), and other required CMMC documentation.
- Conduct Gap Assessments: Perform readiness reviews to identify and address control deficiencies for organizations pursuing CMMC certification.
- Collaborate with Defense Contractors: Partner with clients to close cybersecurity gaps and achieve CMMC Level 1 and Level 2 compliance.
- Guide CMMC Certification Process: Support clients through assessments and coordinate activities with Certified Third-Party Assessment Organizations (C3PAOs).
- Manage CMMC Projects: Oversee multiple client engagements, ensuring milestones and deliverables are met ahead of contract deadlines.
- Lead Compliance Team: Mentor and guide a team of compliance professionals to achieve project goals and maintain quality standards.
- Monitor Regulatory Updates: Stay informed on CMMC 2.0 developments and DoD cybersecurity policies to ensure client programs remain compliant.
- Strong organizational skills with the ability to manage multiple CMMC compliance projects concurrently
- 5+ years of experience in defense contractor compliance, CMMC, NIST 800-171, NIST 800-53, or FedRAMP implementation
- 3+ years of leadership experience managing or guiding a small team
- Deep understanding of CUI handling requirements and DFARS clauses (252.204-7012, 252.204-7019, 252.204-7020, 252.204-7021)
- Experience with NIST SP 800-171 control implementation and assessment
- Familiarity with DoD supply chain requirements and defense contractor workflows
- Experience working with small to mid-sized defense contractors
- Knowledge of common GCC High, Azure Government, or AWS GovCloud environments
- Experience thriving in a fast-paced startup environment
- CMMC Registered Practitioner (RP), CMMC Certified Professional (CCP), or CMMC Certified Assessor (CCA) certification
- Security+ or CISSP certification
- Experience with SPRS reporting and maintaining scores of 110
- Familiarity with ITAR compliance requirements
- Ability to obtain U.S. public trust security clearance
- Previous experience working directly with C3PAOs or as part of assessment teams
Top Skills
Aws Govcloud
Azure Government
Cmmc
Fedramp
Gcc High
Gdpr
Iso 27001
Nist 800-171
Nist 800-53
Soc 2
Workstreet Oak Creek, Colorado, USA Office
Oak Creek, CO, United States
Similar Jobs
.png)
Software
As a Senior Staff GRC Engineer, you'll lead governance efforts, manage enterprise risk, support customer deals, and automate GRC controls, enhancing the company's security posture and compliance.
Top Skills:
GovernanceRisk And Compliance
Fintech • Insurance • PropTech
The role involves leading cybersecurity controls testing, managing vendor risk assessments, optimizing GRC tools, and collaborating with teams to ensure compliance and security.
Top Skills:
AWSDrataNist CsfOnetrustPci DssSoc2
Software
Lead complex software projects, mentor engineers, and set technical direction at Vanta while contributing to security and compliance solutions.
Top Skills:
Node.jsReactTypescript
What you need to know about the Colorado Tech Scene
With a business-friendly climate and research universities like CU Boulder and Colorado State, Colorado has made a name for itself as a startup ecosystem. The state boasts a skilled workforce and high quality of life thanks to its affordable housing, vibrant cultural scene and unparalleled opportunities for outdoor recreation. Colorado is also home to the National Renewable Energy Laboratory, helping cement its status as a hub for renewable energy innovation.
Key Facts About Colorado Tech
- Number of Tech Workers: 260,000; 8.5% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Lockheed Martin, Century Link, Comcast, BAE Systems, Level 3
- Key Industries: Software, artificial intelligence, aerospace, e-commerce, fintech, healthtech
- Funding Landscape: $4.9 billion in VC funding in 2024 (Pitchbook)
- Notable Investors: Access Venture Partners, Ridgeline Ventures, Techstars, Blackhorn Ventures
- Research Centers and Universities: Colorado School of Mines, University of Colorado Boulder, University of Denver, Colorado State University, Mesa Laboratory, Space Science Institute, National Center for Atmospheric Research, National Renewable Energy Laboratory, Gottlieb Institute
