Senior GRC Engineer

About Workstreet

At Workstreet, we’re on an exciting journey to help businesses scale securely by designing and implementing cutting-edge security and compliance programs. As a fast-growing startup, we specialize in frameworks such as CMMC, NIST 800-171, NIST 800-53, FedRAMP, enabling companies to meet regulatory requirements and strengthen their cybersecurity posture from day one.

We are seeking a Sr. GRC Engineer who is highly motivated, detail-oriented, and experienced with these compliance frameworks. The ideal candidate will have strong communication skills, proven ability to manage multiple projects, and experience leading or mentoring a small team.

Responsibilities:

• Analyze and interpret CMMC requirements and NIST SP 800-171 controls to ensure client compliance with Department of Defense cybersecurity standards.
• Develop, implement, and maintain System Security Plans (SSPs), Plans of Action & Milestones (POA&Ms), and other CMMC-required documentation.
• Conduct gap assessments and readiness reviews for organizations pursuing CMMC certification.
• Collaborate with defense contractors to identify and remediate gaps in their cybersecurity programs to meet CMMC Level 1 and Level 2 requirements.
• Guide clients through the CMMC assessment process and coordinate with Certified Third-Party Assessment Organizations (C3PAOs).
• Manage and coordinate multiple CMMC compliance projects across various defense contractors, ensuring timely completion before contract deadlines.
• Lead and mentor a small team of compliance professionals to effectively deliver on CMMC objectives.
• Stay current with evolving CMMC requirements, CMMC 2.0 rulemaking, and DoD cybersecurity policies.

Must-have Qualifications:

• Strong organizational skills with the ability to manage multiple CMMC compliance projects concurrently.
• 5+ years of experience in defense contractor compliance, CMMC, NIST 800-171, NIST 800-53, or FedRAMP implementation.
• 3+ years of leadership experience managing or guiding a small team.
• Deep understanding of CUI handling requirements and DFARS clauses (252.204-7012, 252.204-7019, 252.204-7020, 252.204-7021).
• Experience with NIST SP 800-171 control implementation and assessment.
• Familiarity with DoD supply chain requirements and defense contractor workflows.
• Experience working with small to mid-sized defense contractors.
• Knowledge of common GCC High, Azure Government, or AWS GovCloud environments.
• Experience thriving in a fast-paced startup environment.

Preferred Qualifications:

• CMMC Registered Practitioner (RP), CMMC Certified Professional (CCP), or CMMC Certified Assessor (CCA) certification.
• Security+ or CISSP certification.
• Experience with SPRS reporting and maintaining scores of 110.
• Familiarity with ITAR compliance requirements.
• Ability to obtain U.S public trust security clearance.
• Previous experience working directly with C3PAOs or as part of assessment teams.

Requirements:

• Must be a US citizen or permanent resident (due to potential access to CUI).
• Must be located in the United States.
• Ability to obtain security clearance if required by client engagements.
• Available for occasional travel to client sites within the US (estimated 10-20%).

We are an equal opportunity employer committed to building a diverse and inclusive team. We encourage applications from all qualified candidates regardless of race, gender, age, religion, sexual orientation, or disability status.

[]