Senior GRC Engineer

About Workstreet

At Workstreet, we’re on an exciting journey to help businesses scale securely by designing and implementing cutting-edge security and compliance programs. As a fast-growing startup, we specialize in a wide range of frameworks—including SOC 2, ISO 27001, GDPR, CMMC, NIST 800-171, NIST 800-53, and FedRAMP—empowering companies to meet regulatory requirements and enhance their cybersecurity posture from day one.

We are seeking a Sr. GRC Engineer who is highly motivated, detail-oriented, and experienced with CMMC and related cybersecurity compliance frameworks. The ideal candidate will have strong communication skills, a proven ability to manage multiple projects simultaneously, and experience leading or mentoring a small team.

This role involves guiding defense contractors through the CMMC compliance process, conducting assessments, developing documentation, and ensuring adherence to Department of Defense cybersecurity standards. The successful candidate will play a key role in helping clients achieve CMMC Level 1 and Level 2 compliance while leading a team to deliver exceptional results.

• Interpret and Apply CMMC Requirements: Analyze CMMC and NIST SP 800-171 controls to ensure client compliance with Department of Defense cybersecurity standards.
• Develop and Maintain Compliance Documentation: Create and manage System Security Plans (SSPs), Plans of Action & Milestones (POA&Ms), and other required CMMC documentation.
• Conduct Gap Assessments: Perform readiness reviews to identify and address control deficiencies for organizations pursuing CMMC certification.
• Collaborate with Defense Contractors: Partner with clients to close cybersecurity gaps and achieve CMMC Level 1 and Level 2 compliance.
• Guide CMMC Certification Process: Support clients through assessments and coordinate activities with Certified Third-Party Assessment Organizations (C3PAOs).
• Manage CMMC Projects: Oversee multiple client engagements, ensuring milestones and deliverables are met ahead of contract deadlines.
• Lead Compliance Team: Mentor and guide a team of compliance professionals to achieve project goals and maintain quality standards.
• Monitor Regulatory Updates: Stay informed on CMMC 2.0 developments and DoD cybersecurity policies to ensure client programs remain compliant.

• Strong organizational skills with the ability to manage multiple CMMC compliance projects concurrently
• 5+ years of experience in defense contractor compliance, CMMC, NIST 800-171, NIST 800-53, or FedRAMP implementation
• 3+ years of leadership experience managing or guiding a small team
• Deep understanding of CUI handling requirements and DFARS clauses (252.204-7012, 252.204-7019, 252.204-7020, 252.204-7021)
• Experience with NIST SP 800-171 control implementation and assessment
• Familiarity with DoD supply chain requirements and defense contractor workflows
• Experience working with small to mid-sized defense contractors
• Knowledge of common GCC High, Azure Government, or AWS GovCloud environments
• Experience thriving in a fast-paced startup environment

• CMMC Registered Practitioner (RP), CMMC Certified Professional (CCP), or CMMC Certified Assessor (CCA) certification
• Security+ or CISSP certification
• Experience with SPRS reporting and maintaining scores of 110
• Familiarity with ITAR compliance requirements
• Ability to obtain U.S. public trust security clearance
• Previous experience working directly with C3PAOs or as part of assessment teams