Key skills
Cybersecurity compliance frameworksCybersecurity policiesClient engagementRisk managementCompliance automation platformsTechnical trainingRegulatory analysisStrategic thinkingMentorshipSwiftRisk ManagementCommunicationCollaboration
About this role
Workstreet is a fast-growing startup focused on helping businesses scale securely through innovative security and compliance programs. They are seeking a Senior Manager, GRC Engineering to lead teams, manage compliance projects, and drive operational excellence in cybersecurity compliance for their clients.
Responsibilities:
- Oversee Compliance Projects: Manage and coordinate multiple cybersecurity compliance engagements, ensuring timely completion and adherence to relevant standards and frameworks
- Lead and Develop Teams: Supervise and mentor managers and analysts across various accounts, fostering performance, collaboration, and professional growth
- Drive Resource Strategy: Guide staffing, hiring, and resource allocation to optimize delivery efficiency and support department scalability
- Manage Client Escalations: Address executive-level client concerns with professionalism, ensuring swift and effective resolution
- Ensure Quality Standards: Conduct regular reviews of client communications, deliverables, and quality metrics to maintain consistency and excellence across projects
- Implement Compliance Policies: Develop, execute, and maintain cybersecurity compliance policies and procedures aligned with industry best practices
- Collaborate on Risk Mitigation: Partner with internal and external teams to identify, assess, and remediate cybersecurity risks
- Engage Directly with Clients: Communicate with US-based clients to address compliance concerns and deliver expert guidance
- Interpret Regulatory Frameworks: Analyze and apply cybersecurity regulations and standards, including SOC 2, ISO 27001, GDPR, HIPAA, PCI DSS, HiTRUST, and NIST 800-171/CMMC
Requirements:
- 8+ years working in cybersecurity compliance, including SOC 2, ISO 27001, GDPR, HIPAA, PCI DSS, HiTRUST, and NIST 800-171/CMMC frameworks
- 8+ years creating and enforcing cybersecurity policies
- 5+ years of proven experience leading and developing mid-sized teams in a fast-paced, results-driven environment
- Strong strategic thinking skills with experience driving cross-functional collaboration and aligning team goals with business objectives
- Proven ability to work directly with clients in the US
- Strong organizational skills with the ability to manage multiple cybersecurity compliance projects concurrently
- Experience working in a tech company with a focus on cybersecurity
- Thrives in a fast-paced startup environment
- Exceptional written and verbal English communication skills
- Reliable high-speed internet connection
- Quiet, professional home office setup
- Must be amenable to work US Eastern Time zone hours
- Fluency in written and verbal English communication skills
- Certifications such as CISA, CISSP, CISM, ISO 27001 Lead Implementer, or CRISC
- Experience managing GRC functions within a managed security services or consulting environment
- Familiarity with compliance automation platforms such as Vanta, Drata, or Secureframe
- Exposure to risk management or audit methodologies across multiple regulatory frameworks