About Workstreet

At Workstreet, we’re on an exciting journey to help businesses scale securely by designing and implementing cutting-edge security and compliance programs. As a fast-growing startup, we specialize in a wide range of GRC (governance, risk, and compliance) services that support frameworks across SOC 2, ISO 27001, GDPR, CMMC, NIST 800-171, NIST 800-53, and FedRAMP.  We empower companies to meet regulatory requirements and enhance their cybersecurity posture from day one.

About the Trust Services Team

In addition to GRC services, we also have a Trust Services team. We move at a fast, focused, and reliable pace – completing deliverables within 1 to 3 business days for customers with 5 clients and customers with 500 clients. We work directly with our customers’ security and sales points of contact, meaning clarity, teamwork, and problem-solving are at the forefront of everything we do to help our customers drive sales and renewals by using security and compliance as differentiators. If you want to be part of a team that builds the bridge between sales and security, you’re in the right place.

The Opportunity

Workstreet is looking for a results-oriented Trust Services Engineer to support our Trust Services team. Your primary responsibility will be to complete customer security questionnaires and other due diligence requests. Your work will be reviewed by Senior Engineers and Managers, giving you exposure to on-the-job feedback. This role is primarily focused on efficiently and accurately entering information from our customers’ existing compliance resources into standardized responses.

What You'll Do

• Complete and submit security questionnaires - serve as the primary responder for customer due diligence requests, leveraging established response frameworks, internal policy documentation, and compliance control libraries to deliver accurate, on-time submissions.
• Research and validate responses - dig into client-specific questions that fall outside standard frameworks, sourcing supporting evidence from compliance platforms and coordinating with internal security and compliance teams to verify accuracy before submission.
• Maintain consistency and quality across all deliverables - ensure every response reflects current, approved language and aligns with the customer’s broader security posture; flag gaps or outdated documentation when identified.
• Collaborate with internal teams - coordinate with compliance and security teams to verify information and ensure consistency across all submissions.

Who You Are

• Energized by time-sensitive deliverables - you do your best work when there's a hard deadline on the horizon, moving quickly without sacrificing quality.
• Confidence in your decision making - ambiguity doesn't slow you down because you make a call, prepare yourself for any justification, and move on. Clear communication skills to escalate issues and identify gaps, rather than guessing.
• Strong sense of prioritization - you’re able to understand the work assigned to you and communicate blockers proactively. 
• Sharp attention to detail - you bring exceptional attention to detail and a consistent, disciplined approach to following established processes. 
• Ability to read and interpret security policies and documentation - comfortable navigating in-house technology to review dense technical documents to extract accurate, relevant answers on behalf of clients.
• Familiarity with vendor/third-party risk concepts - familiar with the purpose and structure of common security questionnaire formats (via Excel sheets and portals) and understands how responses feed into a client's vendor risk management process, including control domains, risk tiering, and subprocessor considerations.
• Basic understanding of cybersecurity concepts and frameworks - you have had exposure to at least one of the following: SOC 2, ISO 27001, HIPAA, GDPR; can explain the difference between basic data definitions (e.g., the difference between business confidential information vs. PII vs. PHI); and understand concepts around confidentiality, integrity, and availability (CIA) of data, including controls related to authentication, access management, encryption, physical controls vs. logical controls, etc.

Nice to have

• Familiarity with cloud environments such as AWS, GCP, or Azure.
• Experience using compliance automation tools (Drata, Vanta, SecureFrame, etc.).
• Experience with vendor risk management tools (OneTrust, ServiceNow, Whistic, Upguard, Zip, etc.)

What We Offer

• Career Development: Clear path with mentorship and training opportunities.
• Technical Training: Reimbursement for relevant successful certification completion. 
• Competitive Compensation: A competitive base salary with regular performance reviews linked to merit-based appraisals and bonus opportunities.
• Growth Opportunity: Early-stage company with significant room for career advancement.
• Remote-First Culture: Flexibility to work from anywhere while collaborating with a global team.

Work Environment Requirements

• Fluency in written and verbal English. 
• Reliable, high-speed internet connection.
• Quiet, professional home office setup.
• Able to work US Eastern Time zone hours, specifically 8 AM EST to 5 PM EST.
• Able to work on non-US public holidays in order to meet deadlines for US-based clients.

Workstreet Is An Equal Opportunity Employer

As an equal opportunity employer, Workstreet is committed to providing employment opportunities to all individuals. All applicants for positions at Workstreet will be treated without regard to race, color, ethnicity, religion, sex, gender, gender identity and expression, sexual orientation, national origin, disability, age, marital status, veteran status, pregnancy, or any other basis prohibited by applicable law.