Senior GRC Engineer (CMMC/FedRAMP)

About Workstreet

At Workstreet, we’re on an exciting journey to help businesses scale securely by designing and implementing cutting-edge security and compliance programs. As a fast-growing startup, we specialize in frameworks such as CMMC, NIST 800-171, NIST 800-53, FedRAMP, enabling companies to meet regulatory requirements and strengthen their cybersecurity posture from day one.

We are seeking a Sr. GRC Engineer (CMMC) who leads with a client-first mindset, brings deep expertise in CMMC and related Department of Defense cybersecurity compliance frameworks, and hits the ground running from day one. The ideal candidate is a skilled client relationship manager who takes pride in delivering an exceptional, high-touch experience to defense contractor clients — and is ready to own a portfolio of accounts within their first 15 days.

This role is fundamentally about guiding defense contractors through complex compliance journeys with professionalism, clarity, and care. You will serve as the primary point of contact for your clients end-to-end — leading engagements, managing escalations with composure and urgency, and ensuring every interaction reflects the highest standard of service. You will also lead and mentor a small team of compliance professionals, driving consistent, high-quality outcomes across all engagements.

Client Relationship Management (Primary Focus)

• Own the Client Experience: Serve as the primary point of contact for a portfolio of defense contractor clients, building trusted relationships and ensuring every client feels informed, supported, and well-prepared throughout their CMMC compliance journey.
• Guide Clients Through CMMC Certification: Lead clients through the full certification process — from gap assessment to C3PAO coordination — with proactive communication, clear milestone guidance, and hands-on support.
• Collaborate Closely with Defense Contractors: Partner directly with clients to understand their environment, close cybersecurity gaps, and drive progress toward CMMC Level 1 and Level 2 compliance with a practical, client-tailored approach.
• Handle Escalations Professionally: Address complex client concerns with urgency and composure, providing solution-oriented responses that reinforce trust and confidence.
• Be a Trusted Compliance Advisor: Deliver expert guidance on CMMC 2.0 developments and DoD cybersecurity requirements in a way that is accessible, actionable, and aligned with each client's unique operational context.

Team Leadership

• Lead and Mentor a Compliance Team: Provide direction, feedback, and professional development support to a small team of compliance professionals, maintaining quality standards and accountability across all client engagements.
• Drive Consistent Delivery: Oversee multiple client engagements simultaneously, ensuring milestones and deliverables are met ahead of contract deadlines.

CMMC & Compliance Execution

• Interpret and Apply CMMC Requirements: Analyze CMMC and NIST SP 800-171 controls to ensure client compliance with Department of Defense cybersecurity standards.
• Develop and Maintain Compliance Documentation: Create and manage System Security Plans (SSPs), Plans of Action & Milestones (POA&Ms), and other required CMMC documentation.
• Conduct Gap Assessments: Perform readiness reviews to identify and address control deficiencies for organizations pursuing CMMC certification.
• Support C3PAO Coordination: Coordinate assessment activities with Certified Third-Party Assessment Organizations on behalf of clients.
• Monitor Regulatory Updates: Stay current on CMMC 2.0 developments and DoD cybersecurity policies to ensure client programs remain compliant and ahead of evolving requirements.

Required

• Demonstrated experience managing client relationships directly — you are comfortable owning accounts, communicating complex technical requirements in plain language, and being a trusted face of the engagement
• Exceptional professionalism in all client-facing communication, with outstanding written and verbal English skills
• 5+ years of experience in defense contractor compliance, CMMC, NIST 800-171, NIST 800-53, or FedRAMP implementation
• 3+ years of leadership experience managing or guiding a small team
• Deep understanding of CUI handling requirements and DFARS clauses (252.204-7012, 252.204-7019, 252.204-7020, 252.204-7021)
• Experience with NIST SP 800-171 control implementation and assessment
• Familiarity with DoD supply chain requirements and defense contractor workflows
• Experience working with small to mid-sized defense contractors
• Knowledge of GCC High, Azure Government, or AWS GovCloud environments
• Thrives in a fast-paced startup environment

• Experience at a Big 4 firm (e.g., Deloitte, PwC, EY, KPMG) in an advisory or assurance capacity
• CMMC Registered Practitioner (RP), CMMC Certified Professional (CCP), or CMMC Certified Assessor (CCA) certification
• Security+ or CISSP certification
• Experience with SPRS reporting and maintaining scores of 110
• Familiarity with ITAR compliance requirements
• Ability to obtain U.S. public trust security clearance
• Previous experience working directly with C3PAOs or as part of assessment teams

• Career Development: Clear growth path with mentorship and training opportunities
• Technical Training: Comprehensive onboarding on security and compliance frameworks
• Competitive Compensation: Competitive base salary with regular performance reviews, merit-based appraisals, and bonus opportunities
• Growth Opportunity: Early-stage company with significant room for career advancement
• Remote-First Culture: Flexibility to work from anywhere while collaborating with a global team

• Reliable high-speed internet connection
• Quiet, professional home office setup
• Must be amenable to working US Eastern Time zone hours
• Fluency in written and verbal English communication skills

As an equal opportunity employer, Workstreet is committed to providing employment opportunities to all individuals. All applicants for positions at Workstreet will be treated without regard to race, color, ethnicity, religion, sex, gender, gender identity and expression, sexual orientation, national origin, disability, age, marital status, veteran status, pregnancy, or any other basis prohibited by applicable law.