Manager, GRC Engineering
Posted 5hrs ago
Employment Information
Report this job
Job expired or something wrong with this job?
Job Description
Manager, GRC Engineering leading client relationships at Workstreet, a cybersecurity startup. Guiding security program development and compliance initiatives for a portfolio of clients.
Responsibilities:
- Client Relationship Management: Own the vCISO Relationship: Serve as the dedicated virtual CISO for a portfolio of clients, building deep, trusted relationships and operating with the authority and credibility of an embedded security executive.
- Lead Client Engagements: Guide clients through security program development and compliance initiatives end-to-end, from initial assessment through certification, providing strategic direction, proactive risk guidance, and executive-level communication at every milestone.
- Represent Clients on Prospect and Customer Calls: Join your clients’ sales and due diligence calls as their CISO, answering technical security questions in real-time with specificity and confidence.
- Handle Escalations with Professionalism: Resolve complex client issues and escalations with urgency and composure, owning decisions and making security calls independently without deferring every judgment call.
- Be a Trusted Advisor: Understand each client’s business, technology, risk appetite, and compliance drivers deeply enough to deliver specific, contextualized security guidance, not generic recommendations.
- Maintain Client Mastery: Attend every weekly sync, review GRC platform results in business context, track architecture changes and upcoming projects, and proactively identify emerging risks before they surface in routine discussions.
- Provide Strategic Security Leadership: Develop and maintain each client’s security program roadmap, aligned to their business objectives and applicable compliance frameworks.
- Advise C-suite and board-level stakeholders on security posture, risk tolerance, and investment priorities.
- Lead Risk & Compliance Oversight: Lead risk assessments, risk register development, and treatment planning. Guide clients through SOC 2 (Type I/II), ISO 27001, ISO 42001, HIPAA, CMMC, NIST CSF/800-171, GDPR, CCPA, DORA, NYDFS, and other applicable frameworks.
- Develop Client Security Programs: Build and mature security programs for early-stage clients and optimize existing programs for more mature organizations.
- Develop customized policies, controls, and compliance roadmaps that reflect each client’s actual technology and business model.
- Deliver Advanced Security Strategy: Produce architecture recommendation memoranda with trade-off analysis, vulnerability disclosure assessments, threat modeling exercises, and executive security briefings.
- Support security hire interviews, contract reviews, and bug bounty SOP development.
- Monitor Regulatory Developments: Stay informed on evolving regulations and frameworks to maintain the relevance and accuracy of compliance controls.
- Manage Compliance Operations: Facilitate quarterly access reviews, annual penetration testing engagements, and annual tabletop exercises for incident response and business continuity.
- Leverage GRC platforms such as Vanta, Drata, and SecureFrame to maintain continuous audit readiness.
- Manage and Develop a Pod of Analysts: Lead a team of 3–5 analysts through coaching, mentorship, and performance management, fostering accountability, quality, and professional growth.
- Drive Consistent Delivery: Ensure the team meets deadlines and delivers high-quality work across all active client engagements, stepping in to support where needed.
- Contribute to Practice Development: Refine vCISO playbooks, templates, and service delivery standards to improve consistency and quality across the practice.
- Mentor and Support Team Members: Coach junior team members, share domain expertise, and contribute to a culture of continuous learning.
- Support Pre-Sales: Participate in pre-sales conversations to scope vCISO engagements and support proposal development.
Requirements:
- 8+ years of experience in information security, with at least 3 years in a senior security leadership role
- Demonstrated experience managing client relationships directly; comfortable owning accounts, leading difficult conversations, and serving as the trusted face of a security engagement
- Ability to speak fluently and specifically about security architecture, compliance status, and control trade-offs in high-stakes client and prospect conversations
- Deep working knowledge of security frameworks, including SOC 2, ISO 27001, NIST CSF, HIPAA, HITRUST, NIST SP 800-171, and/or CMMC
- Proven experience managing multiple security programs or client engagements simultaneously (consulting, fractional, or advisory background preferred)
- Exceptional written and verbal English communication skills; able to translate technical risk into business language without losing precision
- Independent decision-making: you own your client portfolio and make security calls without needing approval on every judgment.
- Strong knowledge of technical control implementation in cloud platforms (AWS, GCP, Azure)
Benefits:
- Career Development: Clear path with mentorship and training opportunities
- Technical Training: Comprehensive onboarding on security and compliance frameworks
- Competitive Compensation: A competitive base salary with regular performance reviews linked to merit-based appraisals and bonus opportunities.
- Growth Opportunity: Early-stage company with significant room for career advancement.
- Remote-First Culture: Flexibility to work from anywhere while collaborating with a global team.
- Work Environment Requirements: Reliable high-speed internet connection. Quiet, professional home office setup. Must be amenable to working US Time zone hours. Fluency in written and verbal English communication skills.


















