Manager, GRC Engineering

About Workstreet At Workstreet, we’re on an exciting journey to help businesses scale securely by designing and implementing cutting-edge security and compliance programs. As a fast-growing startup, we specialize in a wide range of frameworks—including SOC 2, ISO 27001, GDPR, CMMC, NIST 800-171, NIST 800-53, and FedRAMP—empowering companies to meet regulatory requirements and enhance their cybersecurity posture from day one. The Opportunity We are seeking a Manager, GRC Engineering who leads with a client-first mindset and brings exceptional relationship management skills to every engagement. The ideal candidate is an experienced client manager who knows how to build trust, navigate complex accounts, and deliver an outstanding client experience — while also bringing deep expertise in cybersecurity compliance frameworks such as SOC 2, ISO 27001, and NIST CSF. The successful candidate will be able to come up to speed quickly, integrate into the organization, and take on clients within your first 15 days. You will serve as the primary point of contact for a portfolio of clients, leading engagements end-to-end, managing escalations with composure and urgency, and ensuring every client interaction reflects the highest standard of service. What You'll Do Client Relationship Management (Primary Focus) Own the Client Experience: Serve as the primary point of contact for a portfolio of client accounts, building strong, trusted relationships and ensuring clients feel supported, informed, and valued throughout every engagement.Lead Client Engagements: Guide clients through compliance initiatives end-to-end — from kickoff through certification — providing clear communication, proactive updates, and expert guidance at every milestone.Handle Escalations with Professionalism: Resolve complex client issues and requests with urgency, composure, and a solution-oriented approach that reinforces confidence and long-term retention.Be a Trusted Advisor: Understand each client's unique business context and deliver compliance guidance that is practical, actionable, and tailored to their needs.Collaborate Cross-Functionally: Partner with internal teams and client stakeholders to embed security and compliance best practices and resolve issues quickly. Team Leadership Manage and Develop a Pod of Analysts: Lead a team of 3–5 analysts through coaching, mentorship, and performance management, fostering accountability, quality, and professional growth.Drive Consistent Delivery: Ensure the team meets deadlines and delivers high-quality work across all active client engagements, stepping in to support where needed. GRC & Compliance Execution Develop and Maintain Compliance Frameworks: Create, update, and align compliance policies, procedures, and technical controls with SOC 2 (Type 1 & 2), ISO 27001, HIPAA, and PCI DSS standards.Lead Compliance Certifications: Oversee and execute SOC 2 and ISO 27001 implementation and certification projects across multi-cloud environments (AWS, GCP, Azure).Conduct Risk and Security Audits: Perform regular risk assessments and audits to identify vulnerabilities and enhance overall security posture.Monitor Regulatory Developments: Stay informed on evolving regulations and frameworks to maintain the relevance and accuracy of compliance controls.Leverage Compliance Automation Tools: Utilize platforms such as Drata, Vanta, and SecureFrame to track compliance metrics and ensure continuous audit readiness. Who You Are Required Demonstrated experience managing client relationships directly — you are comfortable owning accounts, leading difficult conversations, and being the trusted face of an engagementExceptional professionalism in all client-facing communication, with outstanding written and verbal English skills5+ years of experience managing or leading a teamProven experience managing compliance programs with hands-on familiarity with SOC 2 and ISO 27001 frameworksStrong knowledge of technical control implementation in cloud platforms (AWS, GCP, Azure)Ability to manage multiple compliance projects simultaneously without sacrificing client experience or qualityBachelor's degree in Information Technology, Cybersecurity, or a related fieldAbility to work independently with a strong sense of initiativeAmenable to working UK time zone hours Nice to Have Experience at a Big 4 firm (e.g., Deloitte, PwC, EY, KPMG) in an advisory or assurance capacityRelevant certifications (e.g., CISA, CISSP, CISM)Consulting experienceFamiliarity with additional frameworks and regulations (e.g., HiTRUST, PCI DSS, NIST, GDPR, HIPAA) What We Offer Career Development: Clear growth path with mentorship and training opportunitiesTechnical Training: Comprehensive onboarding on security and compliance frameworksCompetitive Compensation: Competitive base salary with regular performance reviews, merit-based appraisals, and bonus opportunitiesGrowth Opportunity: Early-stage company with significant room for career advancementRemote-First Culture: Flexibility to work from anywhere while collaborating with a global team Work Environment Requirements Reliable high-speed internet connectionQuiet, professional home office setupMust be amenable to working UK time zone hoursFluency in written and verbal English communication skills Workstreet Is An Equal Opportunity Employer As an equal opportunity employer, Workstreet is committed to providing employment opportunities to all individuals. All applicants for positions at Workstreet will be treated without regard to race, color, ethnicity, religion, sex, gender, gender identity and expression, sexual orientation, national origin, disability, age, marital status, veteran status, pregnancy, or any other basis prohibited by applicable law. Employment with Workstreet is contingent upon the successful completion of a background check, which may include verification of employment history, education, and other relevant information, in compliance with applicable laws. Locations: Remote (United Kingdom)