Manager, GRC Engineering

Posted Yesterday
Be an Early Applicant
Hiring Remotely in United States
Remote
Senior level
Artificial Intelligence • Information Technology • Software
The Role
Serve as a virtual CISO for a client portfolio: build executive relationships, lead security program and compliance roadmaps (SOC 2, ISO 27001, NIST, HIPAA, CMMC), guide risk assessments and remediation, represent clients in high-stakes calls, manage 3–5 analysts, leverage GRC platforms (Vanta/Drata/SecureFrame), and support practice development and pre-sales.
Summary Generated by Built In
About Workstreet

At Workstreet, we’re on an exciting journey to help businesses scale securely by designing and implementing cutting-edge security and compliance programs. As a fast-growing startup, we specialize in a wide range of frameworks—including SOC 2, ISO 27001, GDPR, CMMC, NIST 800-171, NIST 800-53, and FedRAMP—empowering companies to meet regulatory requirements and enhance their cybersecurity posture from day one.

The Opportunity 

We are seeking a Manager, GRC Engineering (vCISO) who leads with a client-first mindset and brings the executive presence, technical depth, and relationship skills to serve as a trusted security leader for a portfolio of clients. The ideal candidate is a seasoned security professional who knows how to build trust with executive stakeholders, speak fluently about complex security architectures, and represent clients confidently on their most important prospect and customer calls.

 

The successful candidate will be able to come up to speed quickly, integrate into the organization, and take on clients within your first 30 days. You will serve as the dedicated virtual CISO for a portfolio of clients, owning strategic security relationships end-to-end, guiding risk and compliance decisions with authority, and ensuring every client can count on you as a security expert.

What You'll Do
Client Relationship Management
  • Own the vCISO Relationship: Serve as the dedicated virtual CISO for a portfolio of clients, building deep, trusted relationships and operating with the authority and credibility of an embedded security executive.
  • Lead Client Engagements: Guide clients through security program development and compliance initiatives end-to-end, from initial assessment through certification, providing strategic direction, proactive risk guidance, and executive-level communication at every milestone.
  • Represent Clients on Prospect and Customer Calls: Join your clients’ sales and due diligence calls as their CISO, answering technical security questions in real-time with specificity and confidence. You must be able to speak fluently about their architecture, controls, and compliance posture without notes.
  • Handle Escalations with Professionalism: Resolve complex client issues and escalations with urgency and composure, owning decisions and making security calls independently without deferring every judgment call.
  • Be a Trusted Advisor: Understand each client’s business, technology, risk appetite, and compliance drivers deeply enough to deliver specific, contextualized security guidance, not generic recommendations.
  • Maintain Client Mastery: Attend every weekly sync, review GRC platform results in business context, track architecture changes and upcoming projects, and proactively identify emerging risks before they surface in routine discussions.

vCISO Service Delivery

  • Provide Strategic Security Leadership: Develop and maintain each client’s security program roadmap, aligned to their business objectives and applicable compliance frameworks. Advise C-suite and board-level stakeholders on security posture, risk tolerance, and investment priorities.
  • Lead Risk & Compliance Oversight: Lead risk assessments, risk register development, and treatment planning. Guide clients through SOC 2 (Type I/II), ISO 27001, ISO 42001, HIPAA, CMMC, NIST CSF/800-171, GDPR, CCPA, DORA, NYDFS, and other applicable frameworks.
  • Develop Client Security Programs: Build and mature security programs for early-stage clients and optimize existing programs for more mature organizations. Develop customized policies, controls, and compliance roadmaps that reflect each client’s actual technology and business model.
  • Deliver Advanced Security Strategy: Produce architecture recommendation memoranda with trade-off analysis, vulnerability disclosure assessments, threat modeling exercises, and executive security briefings. Support security hire interviews, contract reviews, and bug bounty SOP development.
  • Monitor Regulatory Developments: Stay informed on evolving regulations and frameworks to maintain the relevance and accuracy of compliance controls.
  • Manage Compliance Operations: Facilitate quarterly access reviews, annual penetration testing engagements, and annual tabletop exercises for incident response and business continuity. Leverage GRC platforms such as Vanta, Drata, and SecureFrame to maintain continuous audit readiness.

Team Leadership

  • Manage and Develop a Pod of Analysts: Lead a team of 3–5 analysts through coaching, mentorship, and performance management, fostering accountability, quality, and professional growth.
  • Drive Consistent Delivery: Ensure the team meets deadlines and delivers high-quality work across all active client engagements, stepping in to support where needed.

Internal Contribution

  • Contribute to Practice Development: Refine vCISO playbooks, templates, and service delivery standards to improve consistency and quality across the practice.
  • Mentor and Support Team Members: Coach junior team members, share domain expertise, and contribute to a culture of continuous learning.
  • Support Pre-Sales: Participate in pre-sales conversations to scope vCISO engagements and support proposal development.
Who You Are
  • Extensive information security leadership experience - you bring 8+ years of experience in information security, including at least 3 years in a senior security leadership role, driving security strategy, governance, and risk management across complex environments.
  • Demonstrated client relationship management - you're comfortable owning client engagements, leading difficult conversations, serving as a trusted security advisor, and building long-term relationships with executive stakeholders.
  • Executive-level security communication - you're confident discussing security architecture, compliance posture, and control trade-offs with clients and prospects, translating complex technical concepts into practical business decisions without sacrificing accuracy.
  • Deep expertise in cybersecurity frameworks - you have extensive hands-on knowledge of frameworks and standards such as SOC 2, ISO 27001, NIST CSF, HIPAA, HITRUST, NIST SP 800-171, and/or CMMC, helping organizations build and mature security programs.
  • Strong program and client management skills - you're experienced managing multiple security programs or client engagements simultaneously, ideally within consulting, advisory, or fractional security leadership environments.
  • Exceptional communication skills - you communicate with clarity, confidence, and precision, effectively translating technical risks into business language for executive, technical, and non-technical audiences.
  • Independent decision-maker - you're comfortable owning your client portfolio, exercising sound judgment, and making informed security decisions independently while maintaining accountability for outcomes.
  • Strong technical cloud security expertise - you have practical experience implementing and evaluating security controls across cloud platforms such as AWS, GCP, and Azure, with a solid understanding of cloud security architecture and best practices.
What will help you succeed
  • CISSP, CISM, or equivalent certification
  • Prior experience in a vCISO, fractional CISO, or managed security services environment
  • Familiarity with compliance automation platforms such as Drata, Vanta, and SecureFrame
  • Experience supporting clients through SOC 2 Type II audits, ISO 27001 certification, or CMMC assessments
  • Familiarity with additional frameworks: ISO 42001, GDPR, CCPA, DORA, NIST 800-171
  • Background in SaaS, fintech, healthcare, or defense contracting industries
What We Offer
  • Career Development: Clear path with mentorship and training opportunities
  • Technical Training: Comprehensive onboarding on security and compliance frameworks
  • Competitive Compensation: A competitive base salary with regular performance reviews linked to merit-based appraisals and bonus opportunities.
  • Growth Opportunity: Early-stage company with significant room for career advancement.
  • Remote-First Culture: Flexibility to work from anywhere while collaborating with a global team.
What You'll Need to Thrive 
  • Excellent written and verbal English communication skills, with the ability to engage confidently with candidates, hiring managers, and business leaders across global teams.
  • A reliable, high-speed internet connection and a professional home office environment that supports confidential conversations, virtual interviews, and uninterrupted collaboration.
  • Commitment to working a standard schedule of 8:00 AM–5:00 PM US Eastern Time (ET) to effectively support hiring managers, candidates, and cross-functional teams. Occasional flexibility to adjust working hours is expected to accommodate changing business priorities, global collaboration, and time-sensitive hiring needs.
  • Willingness and ability to travel locally for occasional onsite meetings, team gatherings, or business activities as needed.
Hiring and Selection Process
  • Candidates must participate in live video interviews throughout the hiring process with camera on (non-negotiable) and be prepared to verify their identity during recruitment and onboarding.
  • Employment is contingent upon successful completion of identity verification and background screening, where permitted by law.
  • Selected candidates will participate in structured interviews with hiring managers and cross-functional stakeholders to assess role fit, experience, and alignment with Workstreet’s operating principles.
  • Candidates will receive prompt updates and consistent communication throughout the interview process, ensuring a transparent, smooth, and engaging experience at every step.
  • Applicants must be authorized to work in the U.S. without the need for visa sponsorship now or in the future. Workstreet does not provide employment-based visa sponsorship or transfers for this role, including H-1B, L-1, TN, O-1, E-3, H-1B1, F-1 (OPT/CPT), J-1, or any other work-authorized visa category.


Workstreet Is An Equal Opportunity Employer

As an equal opportunity employer, Workstreet is committed to providing employment opportunities to all individuals. All applicants for positions at Workstreet will be treated without regard to race, color, ethnicity, religion, sex, gender, gender identity and expression, sexual orientation, national origin, disability, age, marital status, veteran status, pregnancy, or any other basis prohibited by applicable law.


Skills Required

  • 8+ years of experience in information security with at least 3 years in a senior security leadership role
  • Demonstrated experience managing client relationships and owning accounts in consulting or advisory contexts
  • Ability to speak fluently about security architecture, controls, and compliance in executive-level conversations
  • Deep working knowledge of security frameworks (SOC 2, ISO 27001, NIST CSF, HIPAA, HITRUST, NIST SP 800-171, CMMC)
  • Proven experience managing multiple security programs or client engagements simultaneously (consulting, fractional, or advisory background)
  • Exceptional written and verbal English communication skills
  • Independent decision-making and ownership of client security decisions
  • Strong knowledge of technical control implementation in cloud platforms (AWS, GCP, Azure)
  • Experience leading risk assessments, risk registers, treatment planning, and oversight of compliance operations (access reviews, pen tests, tabletop exercises)
  • Reliable high-speed internet connection and a quiet professional home office; amenable to working US time zone hours
  • CISSP, CISM, or equivalent certification
  • Prior experience in a vCISO, fractional CISO, or managed security services environment
  • Familiarity with compliance automation platforms such as Drata, Vanta, and SecureFrame
  • Experience supporting clients through SOC 2 Type II audits, ISO 27001 certification, or CMMC assessments
  • Familiarity with additional frameworks (ISO 42001, GDPR, CCPA, DORA, NIST 800-171)
  • Background in SaaS, fintech, healthcare, or defense contracting industries
Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: San Francisco, CA
102 Employees
Year Founded: 2023

What We Do

Workstreet is an AI-powered security firm. We deliver full stack solutions that transform security and compliance from operational anchors into growth accelerators. We work with thousands of companies - startups, hypergrowth scalers and enterprises that are at the cutting edge of disruptive innovation. Specifically, we support our customers with the following solutions: • Virtual CISO - dedicated security teams to help our customers build and scale security programs • AI Powered GRC Solutions - turnkey compliance for SOC2, ISO 27001, CMMC and 35+ frameworks • Security Questionnaires - AI powered, human in the loop solution to accelerate GTM teams • Penetration Testing - Penetration testing and vulnerability management for market and security demand • Vanta Implementation - Expert Vanta implementation, integration and migration; we are Vanta's #1 security solutions partner

Similar Jobs

Workstreet Logo Workstreet

Senior Manager, GRC Engineering

Artificial Intelligence • Information Technology • Software
Remote
United States
102 Employees

CrowdStrike Logo CrowdStrike

Senior CAO Elite Analyst II (Remote, East Coast)

Cloud • Computer Vision • Information Technology • Sales • Security • Cybersecurity
Remote or Hybrid
37 Locations
11000 Employees
100K-155K Annually

Circle Logo Circle

Director, Corporate Communications

Blockchain • Fintech • Payments • Financial Services • Cryptocurrency • Web3
In-Office or Remote
New York, NY, USA
1050 Employees
200K-258K Annually

Dropbox Logo Dropbox

Executive Business Partner

Artificial Intelligence • Cloud • Consumer Web • Productivity • Software • App development • Data Privacy
Remote
United States
2500 Employees
137K-185K Annually

Similar Companies Hiring

Golden Pet Brands Thumbnail
Digital Media • eCommerce • Information Technology • Marketing Tech • Pet • Retail • Social Media
El Segundo, California
178 Employees
Kepler  Thumbnail
Fintech • Software
New York, New York
6 Employees
Onshore Thumbnail
Artificial Intelligence • Fintech • Software • Financial Services
New York, New York
60 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account