This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more.

Role Description

We are looking for an experienced GRC leader with a strong engineering background. Governance, risk and compliance is key to ensuring the cybersecurity program we’ve built is continuously improving. This leader will be responsible for maintaining a high level of trust with our customers through our GRC program. You will also be able to interact with customers and auditors on a regular basis to build and maintain that trust directly. You’ll also ensure our numerous annual audits are completed on time and minimal impact to the rest of the business.

You’ll lead our existing GRC team members and support their continued growth to achieve the vision you set for GRC at Smartsheet. You will also collaborate across the entire business and be a customer-minded champion for cyber compliance. You’ll also partner closely with our Privacy and Legal team. This role reports directly to our CISO.

Responsibilities

• Build automation into GRC
• Deploy GRC-as-Code / Policy-as-Code
• Deploy AI into our GRC processes where appropriate
• Own, manage and be accountable for supporting our revenue team by reviewing contracts both on net new deals as well as renewals
• Lead and build a high performing team
• Maintain a high level of customer service for both internal and external stakeholders and customers
• Lead our annual external audits such as SOC2, ISO 27001, ISO 27701, FedRAMP and others and serve as primary point of contact for external auditors
• Lead our internal audits and readiness assessments
• Work closely with procurement teams and manage vendor security reviews
• Manage all cybersecurity related policies, procedures, and standards
• Partner closely with Product Security & Privacy, Engineering and Product teams on security reviews and evidence collection for audits
• Define and track key performance indicators (KPIs) and key risk indicators (KRIs) from engineering and cloud telemetry data to provide measurable, risk-based insights to leadership

Qualifications

• 5+ years of people leadership experience
• 10+ years general GRC experience
• Ability to delegate and dive deep with your team to solve problems quickly
• Define and execute the multi-year vision, strategy, and roadmap for the GRC Engineering function, aligning it with overall business objectives and the security program's evolution
• Mentor and coach team members, fostering a culture of continuous learning, automation-first thinking, and professional growth in both GRC and technical engineering skills
• Manage the GRC Engineering budget, external vendor relationships, and resource allocation to ensure optimal efficiency and effectiveness of the compliance program
• Drive a proactive, security-minded, and compliance-aware culture across the entire engineering and product organization

Requirements

• Strong experience in reviewing and redlining contracts
• Ability to strike a balance between customer requirements and organizational risk when considering contracting
• Strong negotiation skills when managing vendor and supply chain risks
• Proven ability to build business-centric Third Party Risk programs
• Experience with and deep knowledge of NIST 800-53
• Understanding of product development, SDLC and CI/CD
• Deep knowledge of AWS and container architecture
• Familiarity with tools like Terraform or CloudFormation for managing and auditing infrastructure configuration as code
• Experience integrating GRC processes with vulnerability management and security configuration tools to track remediation and ensure control coverage

Operational & Collaboration Skills

• Strong communication (written and verbal) and diplomatic skills in building consensus from dispersed teams with competing priorities
• Build and nurture strong cross-business relationships with Engineering, IT, Product, Legal, Sales and the broader cybersecurity team

Benefits

• Medical/vision and dental coverage options for full-time employees
• 401k Match to help you save for your future (50% of your contribution up to the first 6% of your eligible pay)
• Monthly stipend to support your work and productivity
• Flexible Time Away Program, plus Sick Time Off
• US employees are automatically covered under Smartsheet-sponsored life insurance, short-term, and long-term disability plans
• US employees receive 12 paid holidays per year
• Up to 24 weeks of Parental Leave
• Personal paid Volunteer Day to support our community
• Opportunities for professional growth and development including access to Udemy online courses
• Company Funded Perks, including a counseling membership, local retail discounts, and your own personal Smartsheet account
• Teleworking options from any registered location in the U.S. (role specific)
• Smartsheet provides a competitive base salary range for roles that may be hired in different geographic areas we are licensed to operate our business from. Actual compensation is determined by several factors including, but not limited to, level of professional, educational experience, skills, and specific candidate location. In addition, this role will be eligible for a market competitive incentive opportunity.
• US Base Salary Pay Range: $235,000 — $315,000 USD

Equal Opportunity Employer

Smartsheet is an Equal Opportunity (EEO) employer committed to fostering an inclusive environment with the best employees. It is our policy to provide equal employment opportunities to all qualified applicants in accordance with applicable laws in the US, UK, Australia, Germany, Costa Rica, Japan, Bulgaria, and India. All qualified applicants will receive consideration without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.

If there are preparations we can make to help ensure you have a comfortable and positive interview experience, please let us know.