Workstreet

Sr. GRC Engineer (Government)

Workstreet · United States

  • Hybrid
  • Full-time
  • $120,000 / year
  • United States

Job highlights

  • Analyze CMMC and NIST requirements for DoD compliance.
  • Develop security plans and conduct gap assessments.
  • Guide clients through CMMC assessments and remediation.
  • Manage multiple compliance projects and mentor team.
  • Requires 5+ years defense contractor compliance experience.

About the role

About Workstreet

At Workstreet, we’re on an exciting journey to help businesses scale securely by designing and implementing cutting-edge security and compliance programs. As a fast-growing startup, we specialize in frameworks such as CMMC, NIST 800-171, NIST 800-53, FedRAMP, enabling companies to meet regulatory requirements and strengthen their cybersecurity posture from day one. We are seeking a Sr. GRC Engineer (Government) who is highly motivated, detail-oriented, and experienced with these compliance frameworks. The ideal candidate will have strong communication skills, proven ability to manage multiple projects, and experience leading or mentoring a small team.

What You'll Do

  • Analyze and interpret CMMC requirements and NIST SP 800-171 controls to ensure client compliance with Department of Defense cybersecurity standards.
  • Develop, implement, and maintain System Security Plans (SSPs), Plans of Action & Milestones (POA&Ms), and other CMMC-required documentation.
  • Conduct gap assessments and readiness reviews for organizations pursuing CMMC certification.
  • Collaborate with defense contractors to identify and remediate gaps in their cybersecurity programs to meet CMMC Level 1 and Level 2 requirements.
  • Guide clients through the CMMC assessment process and coordinate with Certified Third-Party Assessment Organizations (C3PAOs).
  • Manage and coordinate multiple CMMC compliance projects across various defense contractors, ensuring timely completion before contract deadlines.
  • Lead and mentor a small team of compliance professionals to effectively deliver on CMMC objectives.
  • Stay current with evolving CMMC requirements, CMMC 2.0 rulemaking, and DoD cybersecurity policies.

Who You Are

  • Strong organizational skills with the ability to manage multiple CMMC compliance projects concurrently.
  • 5+ years of experience in defense contractor compliance, CMMC, NIST 800-171, NIST 800-53, or FedRAMP implementation.
  • 3+ years of leadership experience managing or guiding a small team.
  • Deep understanding of CUI handling requirements and DFARS clauses (252.204-7012, 252.204-7019, 252.204-7020, 252.204-7021).
  • Experience with NIST SP 800-171 control implementation and assessment.
  • Familiarity with DoD supply chain requirements and defense contractor workflows.
  • Experience working with small to mid-sized defense contractors.
  • Knowledge of common GCC High, Azure Government, or AWS GovCloud environments.
  • Experience thriving in a fast-paced startup environment.

Preferred Qualifications

  • CMMC Registered Practitioner (RP), CMMC Certified Professional (CCP), or CMMC Certified Assessor (CCA) certification.
  • Security+ or CISSP certification.
  • Experience with SPRS reporting and maintaining scores of 110.
  • Familiarity with ITAR compliance requirements.
  • Ability to obtain U.S public trust security clearance.
  • Previous experience working directly with C3PAOs or as part of assessment teams.

Requirements

  • Must be a US citizen or permanent resident (due to potential access to CUI).
  • Must be located in the United States.
  • Ability to obtain security clearance if required by client engagements.
  • Available for occasional travel to client sites within the US (estimated 10-20%).

Work Environment Requirements

  • Reliable high-speed internet connection.
  • Quiet, professional home office setup.
  • Must be amenable to work US Eastern Time zone hours.
  • Fluency in written and verbal English communication skills.

Workstreet Is An Equal Opportunity Employer

As an equal opportunity employer, Workstreet is committed to providing employment opportunities to all individuals. All applicants for positions at Workstreet will be treated without regard to race, color, ethnicity, religion, sex, gender, gender identity and expression, sexual orientation, national origin, disability, age, marital status, veteran status, pregnancy, or any other basis prohibited by applicable law.

Key skills/competency

  • Sr. GRC Engineer Government
  • CMMC
  • NIST 800-171
  • NIST 800-53
  • FedRAMP
  • System Security Plans (SSPs)
  • Plans of Action & Milestones (POA&Ms)
  • DFARS
  • CUI
  • DoD Cybersecurity

Skills & topics

  • GRC Engineer
  • Government Compliance
  • CMMC
  • NIST 800-171
  • NIST 800-53
  • FedRAMP
  • Cybersecurity
  • Defense Contractor
  • System Security Plan
  • POA&M
  • DFARS
  • CUI
  • Startup
  • Compliance
  • Security+
  • CISSP
  • US Citizen

How to get hired

  • Tailor your resume: Highlight your experience with CMMC, NIST 800-171, NIST 800-53, FedRAMP, and DFARS clauses. Quantify achievements in compliance projects.
  • Craft a compelling cover letter: Emphasize your leadership skills and understanding of CUI handling and DoD cybersecurity standards.
  • Prepare for technical questions: Be ready to discuss your experience with SSPs, POA&Ms, gap assessments, and C3PAO coordination.
  • Showcase startup adaptability: Demonstrate your ability to thrive in a fast-paced environment and manage multiple projects.
  • Highlight certifications: Mention any CMMC, Security+, or CISSP certifications you hold.

Technical preparation

Master CMMC and NIST 800-171 controls.,Practice writing SSPs and POA&Ms.,Familiarize with DFARS clauses.,Understand CUI handling and GCC High.

Behavioral questions

Describe managing multiple compliance projects.,How have you led or mentored a team?,Share an experience identifying compliance gaps.,How do you stay updated on regulations?

Frequently asked questions

What are the key CMMC and NIST frameworks for the Sr. GRC Engineer role at Workstreet?
The Sr. GRC Engineer role at Workstreet heavily focuses on CMMC, NIST SP 800-171, NIST SP 800-53, and FedRAMP. You'll be analyzing and implementing controls related to these frameworks to ensure defense contractors meet Department of Defense cybersecurity standards.
What type of documentation will I be responsible for as a Sr. GRC Engineer at Workstreet?
As a Sr. GRC Engineer, you will develop, implement, and maintain crucial documentation such as System Security Plans (SSPs), Plans of Action & Milestones (POA&Ms), and other documents required for CMMC certification.
What is the expected level of client interaction for this Government GRC Engineer position?
This role involves significant client interaction. You will be guiding defense contractors through CMMC assessments, collaborating to identify and remediate cybersecurity gaps, and coordinating with Certified Third-Party Assessment Organizations (C3PAOs).
Does Workstreet require specific certifications for the Sr. GRC Engineer role?
While preferred, Workstreet highly values certifications such as CMMC Registered Practitioner (RP), CMMC Certified Professional (CCP), CMMC Certified Assessor (CCA), Security+, or CISSP. These demonstrate a strong commitment to cybersecurity and compliance.
What are the eligibility requirements for the Sr. GRC Engineer position at Workstreet?
To be eligible for this role, you must be a US citizen or permanent resident, located in the United States, and able to obtain a security clearance if required by client engagements. Occasional travel within the US is also expected.
How does Workstreet support its employees in a startup environment?
Workstreet is a fast-growing startup that offers an exciting environment for growth. The Sr. GRC Engineer role emphasizes collaboration, project management, and leadership, providing opportunities to make a significant impact.
What is the CMMC Level requirement for the clients this role will support?
The Sr. GRC Engineer will collaborate with defense contractors to help them meet CMMC Level 1 and Level 2 requirements. This involves identifying and remediating cybersecurity gaps to achieve the necessary certification levels.
What is the expected travel percentage for the Sr. GRC Engineer role?
The Sr. GRC Engineer role requires occasional travel to client sites within the US, estimated to be around 10-20% of the time. This travel is necessary for direct engagement and assessments.