Sr. GRC Engineer (Government)

About Workstreet
At Workstreet, we’re on an exciting journey to help businesses scale securely by designing and implementing cutting-edge security and compliance programs. As a fast-growing startup, we specialize in frameworks such as CMMC, NIST 800-171, NIST 800-53, FedRAMP, enabling companies to meet regulatory requirements and strengthen their cybersecurity posture from day one.

We are seeking a Sr. GRC Engineer (Government) who is highly motivated, detail-oriented, and experienced with these compliance frameworks. The ideal candidate will have strong communication skills, proven ability to manage multiple projects, and experience leading or mentoring a small team.

• Analyze and interpret CMMC requirements and NIST SP 800-171 controls to ensure client compliance with Department of Defense cybersecurity standards.
• Develop, implement, and maintain System Security Plans (SSPs), Plans of Action & Milestones (POA&Ms), and other CMMC-required documentation.
• Conduct gap assessments and readiness reviews for organizations pursuing CMMC certification.
• Collaborate with defense contractors to identify and remediate gaps in their cybersecurity programs to meet CMMC Level 1 and Level 2 requirements.
• Guide clients through the CMMC assessment process and coordinate with Certified Third-Party Assessment Organizations (C3PAOs).
• Manage and coordinate multiple CMMC compliance projects across various defense contractors, ensuring timely completion before contract deadlines.
• Lead and mentor a small team of compliance professionals to effectively deliver on CMMC objectives.
• Stay current with evolving CMMC requirements, CMMC 2.0 rulemaking, and DoD cybersecurity policies.

• Strong organizational skills with the ability to manage multiple CMMC compliance projects concurrently.
• 5+ years of experience in defense contractor compliance, CMMC, NIST 800-171, NIST 800-53, or FedRAMP implementation.
• 3+ years of leadership experience managing or guiding a small team.
• Deep understanding of CUI handling requirements and DFARS clauses (252.204-7012, 252.204-7019, 252.204-7020, 252.204-7021).
• Experience with NIST SP 800-171 control implementation and assessment.
• Familiarity with DoD supply chain requirements and defense contractor workflows.
• Experience working with small to mid-sized defense contractors.
• Knowledge of common GCC High, Azure Government, or AWS GovCloud environments.
• Experience thriving in a fast-paced startup environment.

• CMMC Registered Practitioner (RP), CMMC Certified Professional (CCP), or CMMC Certified Assessor (CCA) certification.
• Security+ or CISSP certification.
• Experience with SPRS reporting and maintaining scores of 110.
• Familiarity with ITAR compliance requirements.
• Ability to obtain U.S public trust security clearance.
• Previous experience working directly with C3PAOs or as part of assessment teams.

• Must be a US citizen or permanent resident (due to potential access to CUI).
• Must be located in the United States.
• Ability to obtain security clearance if required by client engagements.
• Available for occasional travel to client sites within the US (estimated 10-20%).

• Reliable high-speed internet connection.
• Quiet, professional home office setup.
• Must be amenable to work US Eastern Time zone hours.
• Fluency in written and verbal English communication skills.

As an equal opportunity employer, Workstreet is committed to providing employment opportunities to all individuals. All applicants for positions at Workstreet will be treated without regard to race, color, ethnicity, religion, sex, gender, gender identity and expression, sexual orientation, national origin, disability, age, marital status, veteran status, pregnancy, or any other basis prohibited by applicable law.