Workstreet

• Complete security questionnaires and vendor risk assessments using existing documentation • Research and respond to security questionnaires by leveraging policy and control libraries • Work within platforms like Drata, Vanta, or SecureFrame to retrieve relevant evidence • Collaborate with compliance and security teams to clarify responses as needed

• Analyze and interpret CMMC requirements and NIST SP 800-171 controls to ensure client compliance with Department of Defense cybersecurity standards. • Develop, implement, and maintain System Security Plans (SSPs), Plans of Action & Milestones (POA&Ms), and other CMMC-required documentation. • Conduct gap assessments and readiness reviews for organizations pursuing CMMC certification. • Collaborate with defense contractors to identify and remediate gaps in their cybersecurity programs to meet CMMC Level 1 and Level 2 requirements. • Guide clients through the CMMC assessment process and coordinate with Certified Third-Party Assessment Organizations (C3PAOs). • Manage and coordinate multiple CMMC compliance projects across various defense contractors, ensuring timely completion before contract deadlines. • Lead and mentor a small team of compliance professionals to effectively deliver on CMMC objectives. • Stay current with evolving CMMC requirements, CMMC 2.0 rulemaking, and DoD cybersecurity policies.

• Perform comprehensive security assessments across cloud, network, and system environments. • Execute specialized security evaluations of native MacOS applications to identify platform-specific vulnerabilities. • Go beyond standard assessments by simulating real-world adversary tactics and testing human security awareness through phishing and pretexting. • Evaluate and exploit vulnerabilities within AWS, GCP, or Azure environments to ensure robust cloud architecture. • Analyze findings, assess impact, and produce detailed reports with clear remediation recommendations. • Work with engineering and operations teams to validate fixes and strengthen overall system security. • Create and refine scripts, tools, and methodologies to enhance testing accuracy and coverage. • Continuously monitor emerging exploits, specifically focusing on MacOS-based threats and cloud-native attack vectors.

Role Description We are a US-based cybersecurity consulting firm looking for a People & Talent Manager to serve as the primary HR point of contact for our growing India team. This is a blended generalist and recruiting role — you will own the day-to-day people operations for our India-based employees and contractors while also leading full-cycle recruiting efforts in-country. You will be a trusted partner to both local team members and US-based leadership, helping to build a strong, high-performing team in India. The ideal candidate brings experience supporting or working within a cybersecurity, technology consulting, or professional services environment, and understands the nuances of supporting a global team operating across time zones. This role begins as a contract engagement with a clear path to permanent employment based on performance and business needs. Qualifications - 6–9 years of progressive HR experience, with a blend of generalist and recruiting responsibilities - Prior experience supporting a cybersecurity, IT consulting, managed services, or technology company - Strong knowledge of India employment law, statutory compliance, and local HR best practices - Experience working in a global or US-headquartered company and collaborating with an international People team - Proven ability to recruit for technical and specialized roles, including an understanding of cybersecurity skill sets and role nomenclature - Proficiency with HRIS systems; experience with Rippling is a strong plus - Excellent written and verbal English communication skills; comfortable working across US Eastern Time hours as needed - High degree of discretion, integrity, and professionalism Requirements - Serve as the primary HR point of contact for all India-based employees and contractors - Partner with the US People team to localize and roll out global HR programs, policies, and processes for the India workforce - Support onboarding and offboarding processes - Manage employee relations matters with professionalism and discretion - Track and ensure compliance with India labor laws, statutory requirements, and any EOR provider obligations - Maintain accurate HR records and support data reporting needs through Rippling - Assist with performance management cycles, compensation reviews, and employee engagement initiatives - Lead full-cycle recruiting for open roles in India - Source and engage candidates for cybersecurity and technical roles - Build and maintain relationships with local recruiting partners, universities, and talent communities in India - Coordinate interview processes between India-based candidates and US-based hiring managers - Draft job descriptions and manage job postings across relevant platforms - Ensure a positive candidate experience that reflects the company’s values and culture - Partner with the US People team to align India hiring to headcount plans and compensation bands Benefits - Clear path with mentorship and training opportunities - A competitive base salary with regular performance reviews linked to merit-based appraisals and bonus opportunities - Early-stage company with significant room for career advancement - Flexibility to work from anywhere while collaborating with a global team Nice To Have - Experience working with an EOR provider such as Rippling EOR - Background in compliance-heavy industries where confidentiality and regulatory awareness are critical - Familiarity with sourcing cybersecurity professionals on Naukri, LinkedIn Recruiter, or niche platforms - MBA or postgraduate degree in HR, Business, or a related field - SHRM, HRCI, or equivalent HR certification Company Description As an equal opportunity employer, Workstreet is committed to providing employment opportunities to all individuals. All applicants for positions at Workstreet will be treated without regard to race, color, ethnicity, religion, sex, gender, gender identity and expression, sexual orientation, national origin, disability, age, marital status, veteran status, pregnancy, or any other basis prohibited by applicable law.

• Develop and Maintain Compliance Frameworks : Create, update, and align compliance policies, procedures, and technical controls with SOC 2 (Type 1 & 2), ISO 27001, HIPAA, and PCI DSS standards. • Lead Compliance Certifications : Oversee and execute SOC 2 and ISO 27001 implementation and certification projects across multi-cloud environments (AWS, GCP, Azure). • Conduct Risk and Security Audits : Perform regular risk assessments and audits to identify vulnerabilities and enhance overall security posture. • Manage Compliance Team : Lead a team of 3–5 analysts through coaching, mentorship, and performance management to ensure quality and accountability. • Collaborate Cross-Functionally : Partner with internal teams and clients to embed security and compliance best practices and resolve compliance escalations. • Monitor Regulatory Developments : Stay informed on evolving regulations and frameworks to maintain the relevance and accuracy of compliance controls. • Leverage Compliance Automation Tools : Utilize platforms such as Drata, Vanta, and SecureFrame to track compliance metrics and ensure continuous audit readiness.

• Own Executive-Level Client Relationships: Serve as the senior point of contact for a portfolio of strategic accounts, building long-term trust and ensuring clients receive an exceptional, high-touch experience at every stage of the engagement. • Lead and Guide Client Engagements: Provide strategic oversight across multiple trust services engagements, ensuring clients are well-informed, prepared, and confident throughout security reviews, assessments, and contractual negotiations. • Manage Escalations at the Executive Level: Address complex, high-stakes client concerns with professionalism, urgency, and composure — turning challenging situations into opportunities to reinforce trust and loyalty. • Be a Strategic Trusted Advisor: Understand the broader business goals of each client and deliver security and compliance guidance that is not just technically sound, but strategically aligned with their objectives. • Conduct regular reviews of client communications, deliverables, and quality metrics to maintain consistency and excellence across all engagements. • Supervise and mentor managers, analysts, and reviewers across multiple time zones, fostering a culture of performance, accountability, collaboration, and professional growth. • Provide leadership and direction to team managers, setting clear expectations, coaching for performance, and ensuring accountability across the full delivery team. • Drive staffing, hiring, and resource allocation to optimize delivery efficiency and support department scalability as the business grows. • Establish and enforce quality benchmarks across the team, ensuring every client-facing output meets Workstreet’s high standards. • Implement agile practices (Scrum or Kanban) to manage workload distribution, track SLAs, and drive continuous improvement through retrospectives and sprint planning. • Oversee the completion, review, and finalization of client and vendor security questionnaires (SIG, CAIQ, or custom formats). Collaborate with SMEs to validate technical and compliance responses. • Conduct and manage reviews of NDAs, DPAs, MNDAs, and other contractual security clauses. Collaborate with internal and external legal counsel to redline, comment, and ensure alignment with cybersecurity frameworks and risk posture. • Utilize AI-powered tools to accelerate first-pass reviews and integrate SME feedback to improve accuracy and speed. • Partner with Legal, Compliance, IT, and Sales teams to align responses, ensure contractual compliance, and resolve escalations.

• Manage 10–15+ concurrent client engagements, ensuring timely execution, prioritization, and risk management. • Partner with Security Analysts, Compliance Specialists, and other internal teams to maintain quality and streamline workflows. • Configure Jira boards, manage sprints, maintain dashboards, and promote consistent Agile practices. • Build and maintain dashboards and KPIs in Jira, Notion, or similar tools to track project health and performance. • Provide regular project updates, risks, and status reports to stakeholders and leadership. • Identify gaps and implement improvements through documentation, templates, automation, and optimized workflows. • Coordinate tasks, manage priorities, and ensure on-time delivery across multiple time zones. • Use Slack, Notion, and other platforms to document work, improve transparency, and support operations. • Maintain project continuity across shifts and ensure responsiveness during core hours.

• Own the Client Experience: Serve as the dedicated primary contact for a portfolio of high-complexity, long-term client accounts, ensuring consistent delivery, proactive communication, and strong relationships at every stage of the engagement. • Lead Client Engagements: Conduct regular client meetings, deliver progress updates, set expectations, and guide clients through audits, assessments, and compliance milestones with clarity and confidence. • Communicate with Care: Engage directly with U.S.-based clients via phone, email, and text to address compliance concerns, provide expert guidance, and ensure clients always feel supported and informed. • Handle Escalations: Resolve complex client issues swiftly and professionally, applying a solution-oriented approach that reinforces client trust and satisfaction. • Be a Trusted Advisor: Build long-term relationships by understanding each client's unique business context and delivering compliance guidance that is practical, relevant, and actionable. • Manage and Develop a Pod of Analysts: Provide day-to-day direction, constructive feedback, and professional development support to a small team of junior analysts, fostering a high-performance and collaborative culture. • Drive Accountability: Ensure the pod delivers high-quality work on time across all active client engagements, stepping in to support and coach where needed. • Interpret Regulatory Frameworks: Analyze and apply cybersecurity compliance requirements under SOC 2, ISO 27001, HIPAA, NIST CSF, and related standards. • Lead Compliance Projects: Oversee multiple client engagements simultaneously, including audits, evidence collection, control mapping, and due diligence or incident response activities. • Develop Compliance Programs: Create, implement, and maintain cybersecurity policies, procedures, and supporting documentation to meet audit and certification objectives. • Collaborate on Risk Management: Work with internal and external teams to identify, assess, and mitigate cybersecurity and compliance risks. • Drive Process Improvement: Enhance standard operating procedures, playbooks, and compliance frameworks to strengthen operational effectiveness.

• Engineer Security via IaC: Design and maintain reusable Terraform modules for IAM, networking, and logging. • Build Cloud Architecture: Deploy and manage AWS multi-account structures and Azure Hub-Spoke/Landing Zone architectures. • Own Identity & Access: Implement least-privilege IAM and automate identity lifecycles. • Direct Remediation: Own the remediation of vulnerabilities through engineering changes and patch automation. • Automate Security Ops: Develop automated remediation workflows. • Configure Native Security Stacks: Implement AWS GuardDuty, Azure Sentinel, etc. • Network & Encryption Engineering: Design VPCs, security groups, and implement WAFs. • Technical Compliance Implementation: Hands-on implementation of NIST 800-53 controls.

The Opportunity We are seeking a Senior Manager, GRC Engineering who leads with a client-first philosophy and brings a proven track record of managing high-stakes client relationships with professionalism, care, and strategic insight. The ideal candidate is an experienced client relationship leader who understands that exceptional service is the foundation of everything we do — and who pairs that client focus with 8+ years of deep expertise in cybersecurity compliance frameworks, including SOC 2, ISO 27001, and NIST CSF. The successful candidate will be able to come up to speed quickly, integrate into the organization, and take on clients within their first 15 days. You will serve as the primary point of contact for a portfolio of clients, leading engagements end-to-end, managing escalations with composure and urgency, and ensuring every client interaction reflects the highest standard of service. What You'll Do Client Relationship Management (Primary Focus) - Own Executive-Level Client Relationships: Serve as the senior point of contact for a portfolio of strategic accounts, building long-term trust and ensuring clients receive an exceptional, high-touch experience at every stage of the engagement. - Lead and Guide Client Engagements: Provide strategic oversight of multiple compliance engagements, ensuring clients are well-informed, prepared, and confident throughout audits, certifications, and assessments. - Manage Escalations at the Executive Level: Address complex, high-stakes client concerns with professionalism, urgency, and composure — turning challenging situations into opportunities to reinforce trust and loyalty. - Be a Strategic Trusted Advisor: Understand the broader business goals of each client and deliver compliance guidance that is not just technically sound, but strategically aligned with their objectives. - Ensure Quality Across All Client Touchpoints: Conduct regular reviews of client communications, deliverables, and quality metrics to maintain consistency and excellence across all engagements. - Engage Directly with US-Based Clients: Communicate proactively via phone, email, and meetings to address compliance concerns and deliver expert, personalized guidance. Team Leadership - Lead and Develop a High-Performing Team: Supervise and mentor managers and analysts across various accounts, fostering a culture of performance, accountability, collaboration, and professional growth. - Drive Resource Strategy: Guide staffing, hiring, and resource allocation to optimize delivery efficiency and support department scalability as the business grows. - Set and Uphold Standards: Establish and enforce quality benchmarks across the team, ensuring every client-facing output meets Workstreet's high standards. GRC & Compliance Execution - Oversee Compliance Programs: Manage and coordinate multiple cybersecurity compliance engagements simultaneously, ensuring timely completion and adherence to relevant standards and frameworks. - Implement Compliance Policies: Develop, execute, and maintain cybersecurity compliance policies and procedures aligned with industry best practices. - Collaborate on Risk Mitigation: Partner with internal and external teams to identify, assess, and remediate cybersecurity risks. - Interpret Regulatory Frameworks: Analyze and apply cybersecurity regulations and standards, including SOC 2, ISO 27001, GDPR, HIPAA, PCI DSS, HiTRUST, and NIST 800-171/CMMC. Who You Are Required - Demonstrated experience managing client relationships at a senior or executive level — you are skilled at owning high-complexity accounts, navigating escalations, and delivering a consistently outstanding client experience - Exceptional professionalism in all client-facing communication, with outstanding written and verbal English skills - 5+ years of proven experience leading and developing mid-sized teams in a fast-paced, results-driven environment - 8+ years of experience in cybersecurity compliance, including SOC 2, ISO 27001, GDPR, HIPAA, PCI DSS, HiTRUST, and NIST 800-171/CMMC frameworks - 8+ years of experience creating and enforcing cybersecurity policies - Strong strategic thinking skills with experience driving cross-functional collaboration and aligning team goals with business objectives - Strong organizational skills with the ability to manage multiple compliance projects concurrently - Experience working in a tech company with a focus on cybersecurity - Thrives in a fast-paced startup environment Nice to Have - Experience at a Big 4 firm (e.g., Deloitte, PwC, EY, KPMG) in an advisory or assurance capacity - Experience managing GRC functions within a managed security services or consulting environment - Certifications such as CISA, CISSP, CISM, ISO 27001 Lead Implementer, or CRISC - Familiarity with compliance automation platforms such as Vanta, Drata, or Secureframe - Exposure to risk management or audit methodologies across multiple regulatory frameworks What We Offer - Career Development: Clear growth path with mentorship and training opportunities - Technical Training: Comprehensive onboarding on security and compliance frameworks - Competitive Compensation: Competitive base salary with regular performance reviews, merit-based appraisals, and bonus opportunities - Growth Opportunity: Early-stage company with significant room for career advancement - Remote-First Culture: Flexibility to work from anywhere while collaborating with a global team Work Environment Requirements - Reliable high-speed internet connection - Quiet, professional home office setup - Must be amenable to working UK time zone hours - Fluency in written and verbal English communication skills Workstreet Is An Equal Opportunity Employer As an equal opportunity employer, Workstreet is committed to providing employment opportunities to all individuals. All applicants for positions at Workstreet will be treated without regard to race, color, ethnicity, religion, sex, gender, gender identity and expression, sexual orientation, national origin, disability, age, marital status, veteran status, pregnancy, or any other basis prohibited by applicable law. Employment with Workstreet is contingent upon the successful completion of a background check, which may include verification of employment history, education, and other relevant information, in compliance with applicable laws.