W

Manager, GRC Engineering (vCISO)

Workstreet United State
Remote
Apply
AI Summary

Lead as a vCISO, build client relationships, drive security programs, and ensure compliance for a portfolio of clients. 8+ years of experience required.

Key Highlights
Serve as dedicated vCISO for a portfolio of clients
Lead client engagements from assessment to certification
Represent clients on prospect and customer calls
Develop and maintain security program roadmaps
Key Responsibilities
Own the vCISO relationship and build deep, trusted client relationships
Guide clients through security program development and compliance initiatives end-to-end
Represent clients on prospect and customer calls as their CISO
Handle complex client issues and escalations with urgency and composure
Maintain client mastery by attending weekly syncs and proactively identifying emerging risks
Provide strategic security leadership and develop each client’s security program roadmap
Lead risk & compliance oversight and support security hire interviews, contract reviews, and bug bounty SOP development
Manage compliance operations and leverage GRC platforms for continuous audit readiness
Manage and develop a pod of analysts through coaching, mentorship, and performance management
Contribute to practice development and support pre-sales conversations
Technical Skills Required
Security frameworks (SOC 2, ISO 27001, GDPR, CMMC, NIST 800-171, NIST 800-53, FedRAMP) Cloud platforms (AWS, GCP, Azure) GRC platforms (Vanta, Drata, SecureFrame)
Benefits & Perks
Career development opportunities
Technical training on security and compliance frameworks
Competitive compensation with performance-based bonuses
Growth opportunities in an early-stage company
Remote-first culture
Nice to Have
CISSP, CISM, or equivalent certification
Prior experience in a vCISO, fractional CISO, or managed security services environment
Familiarity with additional frameworks: ISO 42001, GDPR, CCPA, DORA, NIST 800-171
Background in SaaS, fintech, healthcare, or defense contracting industries

Job Description


About Workstreet

At Workstreet, we’re on an exciting journey to help businesses scale securely by designing and implementing cutting-edge security and compliance programs. As a fast-growing startup, we specialize in a wide range of frameworks—including SOC 2, ISO 27001, GDPR, CMMC, NIST 800-171, NIST 800-53, and FedRAMP—empowering companies to meet regulatory requirements and enhance their cybersecurity posture from day one.

The Opportunity

We are seeking a Manager, GRC Engineering (vCISO) who leads with a client-first mindset and brings the executive presence, technical depth, and relationship skills to serve as a trusted security leader for a portfolio of clients. The ideal candidate is a seasoned security professional who knows how to build trust with executive stakeholders, speak fluently about complex security architectures, and represent clients confidently on their most important prospect and customer calls.

The successful candidate will be able to come up to speed quickly, integrate into the organization, and take on clients within your first 30 days. You will serve as the dedicated virtual CISO for a portfolio of clients, owning strategic security relationships end-to-end, guiding risk and compliance decisions with authority, and ensuring every client can count on you as a security expert.

What You'll Do

Client Relationship Management

  • Own the vCISO Relationship: Serve as the dedicated virtual CISO for a portfolio of clients, building deep, trusted relationships and operating with the authority and credibility of an embedded security executive.
  • Lead Client Engagements: Guide clients through security program development and compliance initiatives end-to-end, from initial assessment through certification, providing strategic direction, proactive risk guidance, and executive-level communication at every milestone.
  • Represent Clients on Prospect and Customer Calls: Join your clients’ sales and due diligence calls as their CISO, answering technical security questions in real-time with specificity and confidence. You must be able to speak fluently about their architecture, controls, and compliance posture without notes.
  • Handle Escalations with Professionalism: Resolve complex client issues and escalations with urgency and composure, owning decisions and making security calls independently without deferring every judgment call.
  • Be a Trusted Advisor: Understand each client’s business, technology, risk appetite, and compliance drivers deeply enough to deliver specific, contextualized security guidance, not generic recommendations.
  • Maintain Client Mastery: Attend every weekly sync, review GRC platform results in business context, track architecture changes and upcoming projects, and proactively identify emerging risks before they surface in routine discussions.

vCISO Service Delivery

  • Provide Strategic Security Leadership: Develop and maintain each client’s security program roadmap, aligned to their business objectives and applicable compliance frameworks. Advise C-suite and board-level stakeholders on security posture, risk tolerance, and investment priorities.
  • Lead Risk & Compliance Oversight: Lead risk assessments, risk register development, and treatment planning. Guide clients through SOC 2 (Type I/II), ISO 27001, ISO 42001, HIPAA, CMMC, NIST CSF/800-171, GDPR, CCPA, DORA, NYDFS, and other applicable frameworks.
  • Develop Client Security Programs: Build and mature security programs for early-stage clients and optimize existing programs for more mature organizations. Develop customized policies, controls, and compliance roadmaps that reflect each client’s actual technology and business model.
  • Deliver Advanced Security Strategy: Produce architecture recommendation memoranda with trade-off analysis, vulnerability disclosure assessments, threat modeling exercises, and executive security briefings. Support security hire interviews, contract reviews, and bug bounty SOP development.
  • Monitor Regulatory Developments: Stay informed on evolving regulations and frameworks to maintain the relevance and accuracy of compliance controls.
  • Manage Compliance Operations: Facilitate quarterly access reviews, annual penetration testing engagements, and annual tabletop exercises for incident response and business continuity. Leverage GRC platforms such as Vanta, Drata, and SecureFrame to maintain continuous audit readiness.

Team Leadership

  • Manage and Develop a Pod of Analysts: Lead a team of 3–5 analysts through coaching, mentorship, and performance management, fostering accountability, quality, and professional growth.
  • Drive Consistent Delivery: Ensure the team meets deadlines and delivers high-quality work across all active client engagements, stepping in to support where needed.

Internal Contribution

  • Contribute to Practice Development: Refine vCISO playbooks, templates, and service delivery standards to improve consistency and quality across the practice.
  • Mentor and Support Team Members: Coach junior team members, share domain expertise, and contribute to a culture of continuous learning.
  • Support Pre-Sales: Participate in pre-sales conversations to scope vCISO engagements and support proposal development.

Who You Are

  • 8+ years of experience in information security, with at least 3 years in a senior security leadership role
  • Demonstrated experience managing client relationships directly; comfortable owning accounts, leading difficult conversations, and serving as the trusted face of a security engagement
  • Ability to speak fluently and specifically about security architecture, compliance status, and control trade-offs in high-stakes client and prospect conversations
  • Deep working knowledge of security frameworks, including SOC 2, ISO 27001, NIST CSF, HIPAA, HITRUST, NIST SP 800-171, and/or CMMC
  • Proven experience managing multiple security programs or client engagements simultaneously (consulting, fractional, or advisory background preferred)
  • Exceptional written and verbal English communication skills; able to translate technical risk into business language without losing precision
  • Independent decision-making: you own your client portfolio and make security calls without needing approval on every judgment
  • Strong knowledge of technical control implementation in cloud platforms (AWS, GCP, Azure)

Nice to Have

  • CISSP, CISM, or equivalent certification
  • Prior experience in a vCISO, fractional CISO, or managed security services environment
  • Familiarity with compliance automation platforms such as Drata, Vanta, and SecureFrame
  • Experience supporting clients through SOC 2 Type II audits, ISO 27001 certification, or CMMC assessments
  • Familiarity with additional frameworks: ISO 42001, GDPR, CCPA, DORA, NIST 800-171
  • Background in SaaS, fintech, healthcare, or defense contracting industries

What We Offer

  • Career Development: Clear path with mentorship and training opportunities
  • Technical Training: Comprehensive onboarding on security and compliance frameworks
  • Competitive Compensation: A competitive base salary with regular performance reviews linked to merit-based appraisals and bonus opportunities.
  • Growth Opportunity: Early-stage company with significant room for career advancement.
  • Remote-First Culture: Flexibility to work from anywhere while collaborating with a global team.

Work Environment Requirements

  • Reliable high-speed internet connection.
  • Quiet, professional home office setup.
  • Must be amenable to working US Time zone hours.
  • Fluency in written and verbal English communication skills.

Workstreet Is An Equal Opportunity Employer

As an equal opportunity employer, Workstreet is committed to providing employment opportunities to all individuals. All applicants for positions at Workstreet will be treated without regard to race, color, ethnicity, religion, sex, gender, gender identity and expression, sexual orientation, national origin, disability, age, marital status, veteran status, pregnancy, or any other basis prohibited by applicable law.

Similar Jobs

Explore other opportunities that match your interests

HNBA Development Manager

Programming
3h ago
Visa Sponsorship Relocation Remote
Job Type Volunteer
Experience Level Not Applicable

tennessee society of associati...

United State
Visa Sponsorship Relocation Remote
Job Type Full-time
Experience Level Not Applicable

val's services

United State

Senior Exploit Developer

Programming
3h ago
Visa Sponsorship Relocation Remote
Job Type Full-time
Experience Level Not Applicable

vulncheck

United State

Subscribe our newsletter

New Things Will Always Update Regularly