Manager, GRC Engineering

At Workstreet, we’re on an exciting journey to help businesses scale securely by designing and implementing cutting-edge security and compliance programs. As a fast-growing startup, we specialize in frameworks like SOC 2, ISO 27001, GDPR, HIPAA, and more—empowering companies to meet regulatory standards while strengthening their cybersecurity posture from day one.

We’re seeking a Compliance and Security Analyst (Compliance & Security Extraordinaire) to join our global team. This role is focused on managing compliance programs and ensuring adherence to key frameworks such as SOC 2, ISO 27001, and HIPAA for our clients.

The ideal candidate will bring hands-on experience in policy writing, SOC 2 Type 1 and Type 2 implementations, and technical control management across cloud environments including AWS, GCP, and Azure. This is a highly visible role that bridges technical depth, compliance rigor, and client collaboration.

• Develop, write, and maintain policies, procedures, and documentation to support compliance with SOC 2, ISO 27001, and related standards.
• Lead and manage SOC 2 Type 1 and Type 2 implementation projects across multiple clients.
• Implement and monitor technical controls in cloud environments (AWS, GCP, Azure) to ensure security best practices.
• Conduct internal security audits and risk assessments, identifying vulnerabilities and recommending improvements.
• Collaborate cross-functionally with engineering, operations, and client teams to embed compliance and security processes into day-to-day workflows.
• Stay current with regulatory developments, cybersecurity trends, and evolving compliance requirements.
• Operate confidently in compliance platforms such as Drata, Vanta, and SecureFrame.

• Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or a related discipline.
• Proven experience in managing compliance programs and working with SOC 2 and ISO 27001 frameworks.
• Strong knowledge of cloud infrastructure security across AWS, GCP, and Azure.
• Excellent written and verbal communication skills with strong attention to detail.
• Self-starter who thrives in a fast-paced, remote-first startup environment.
• Analytical, organized, and proactive — with a strong sense of ownership and accountability.

• Professional certifications such as CISA, CISSP, CISM, or ISO 27001 Lead Implementer/Auditor.
• Experience in delivering security awareness and compliance training programs.
• Familiarity with additional frameworks and regulations including GDPR, HIPAA, NIST, or FedRAMP.
• Hands-on experience using compliance automation tools like Drata, Vanta, SecureFrame, or Tugboat Logic.

• Competitive Compensation: Fair, transparent pay aligned with your experience and impact.
• Remote-First Flexibility: Work from anywhere in the world while collaborating with a distributed team.
• Career Growth: Opportunity to grow into advanced roles such as vCISO or senior compliance leadership.
• Meaningful Work: Partner with innovative, security-driven organizations across industries.
• Learning Culture: Continuous exposure to evolving frameworks, technologies, and compliance standards.

Workstreet Is An Equal Opportunity Employer
As an equal opportunity employer, Workstreet is committed to providing employment opportunities to all individuals. All applicants for positions at Workstreet will be treated without regard to race, color, ethnicity, religion, sex, gender, gender identity and expression, sexual orientation, national origin, disability, age, marital status, veteran status, pregnancy, or any other basis prohibited by applicable law.