SmartsheetRemote
Director, GRC, Engineering (Remote Eligible)
United States
Full Time
1 hour ago
$235,000 - $315,000 USD
H1B Sponsor Likely
Key skills
AIAWSTerraformCloudFormationSDLCCI/CDLeadershipTeam LeadershipCommunicationNegotiationSales
About this role
Smartsheet has been empowering teams for over 20 years to achieve their goals through innovative work management solutions. They are seeking an experienced GRC leader with a strong engineering background to oversee their Governance, Risk, and Compliance (GRC) program, ensuring continuous improvement and maintaining customer trust through effective audits and team leadership.
Responsibilities:
- Build automation into GRC
- Deploy GRC-as-Code / Policy-as-Code
- Deploy AI into our GRC processes where appropriate
- Own, manage and be accountable for supporting our revenue team by reviewing contracts both on net new deals as well as renewals
- Lead and build a high performing team
- Maintain a high level of customer service for both internal and external stakeholders and customers
- Lead our annual external audits such as SOC2, ISO 27001, ISO 27701, FedRAMP and others and serve as primary point of contact for external auditors
- Lead our internal audits and readiness assessments
- Work closely with procurement teams and manage vendor security reviews
- Manage all cybersecurity related policies, procedures, and standards
- Partner closely with Product Security & Privacy, Engineering and Product teams on security reviews and evidence collection for audits
- Define and track key performance indicators (KPIs) and key risk indicators (KRIs) from engineering and cloud telemetry data to provide measurable, risk-based insights to leadership
Requirements:
- 5+ years of people leadership experience
- 10+ years general GRC experience
- Ability to delegate and dive deep with your team to solve problems quickly
- Define and execute the multi-year vision, strategy, and roadmap for the GRC Engineering function, aligning it with overall business objectives and the security program's evolution
- Mentor and coach team members, fostering a culture of continuous learning, automation-first thinking, and professional growth in both GRC and technical engineering skills
- Manage the GRC Engineering budget, external vendor relationships, and resource allocation to ensure optimal efficiency and effectiveness of the compliance program
- Drive a proactive, security-minded, and compliance-aware culture across the entire engineering and product organization
- Strong experience in reviewing and redlining contracts
- Ability to strike a balance between customer requirements and organizational risk when considering contracting
- Strong negotiation skills when managing vendor and supply chain risks
- Proven ability to build business-centric Third Party Risk programs
- Experience with and deep knowledge of NIST 800-53
- Understanding of product development, SDLC and CI/CD
- Deep knowledge of AWS and container architecture
- Familiarity with tools like Terraform or CloudFormation for managing and auditing infrastructure configuration as code
- Experience integrating GRC processes with vulnerability management and security configuration tools to track remediation and ensure control coverage
- Strong communication (written and verbal) and diplomatic skills in building consensus from dispersed teams with competing priorities
- Build and nurture strong cross-business relationships with Engineering, IT, Product, Legal, Sales and the broader cybersecurity team