We are looking for an experienced GRC leader with a strong engineering background. Governance, risk and compliance is key to ensuring the cybersecurity program weve built is continuously improving. This leader will be responsible for maintaining a high level of trust with our customers through our GRC program. You will also be able to interact with customers and auditors on a regular basis to build and maintain that trust directly. Youll also ensure our numerous annual audits are completed on time and minimal impact to the rest of the business.

Youll lead our existing GRC team members and support their continued growth to achieve the vision you set for GRC at Smartsheet. You will also collaborate across the entire business and be a customer minded champion for cyber compliance. Youll also partner closely with our Privacy and Legal team. This role reports directly to our CISO.

Responsibilities:

• Build automation into GRC
• Deploy GRC-as-Code / Policy-as-Code
• Deploy AI into our GRC processes where appropriate
• Own, manage and be accountable for supporting our revenue team by reviewing contracts both on net new deals as well as renewals.
• Lead and build a high performing team
• Maintain a high level of customer service for both internal and external stakeholders and customers.
• Lead our annual external audits such as SOC2, ISO 27001, ISO 27701, FedRAMP and others and serve as primary point of contact for external auditors.
• Lead our internal audits and readiness assessments
• Work closely with procurement teams and manage vendor security reviews
• Manage all cybersecurity related policies, procedures, and standards.
• Partner closely with Product Security & Privacy, Engineering and Product teams on security reviews and evidence collection for audits
• Define and track key performance indicators (KPIs) and key risk indicators (KRIs) from engineering and cloud telemetry data to provide measurable, risk-based insights to leadership

Skills Required:

• Leadership & Management:
• 5+ years of people leadership experience
• 10+ years general GRC experience
• Ability to delegate and dive deep with your team to solve problems quickly
• Define and execute the multi-year vision, strategy, and roadmap for the GRC Engineering function, aligning it with overall business objectives and the security program's evolution.
• Mentor and coach team members, fostering a culture of continuous learning, automation-first thinking, and professional growth in both GRC and technical engineering skills.
• Manage the GRC Engineering budget, external vendor relationships, and resource allocation to ensure optimal efficiency and effectiveness of the compliance program.
• Drive a proactive, security-minded, and compliance-aware culture across the entire engineering and product organization.
• Technical Expertise:
• Strong experience in reviewing and redlining contracts
• Ability to strike a balance between customer requirements and organizational risk when considering contracting
• Strong negotiation skills when managing vendor and supply chain risks
• Proven ability to to build business-centric Third Party Risk programs
• Experience with and deep knowledge of NIST 800-53
• Understanding of product development, SDLC and CI/CD
• Deep knowledge of AWS and container architecture
• Familiarity with tools like Terraform or CloudFormation for managing and auditing infrastructure configuration as code.
• Experience integrating GRC processes with vulnerability management and security configuration tools to track remediation and ensure control coverage.
• Operational & Collaboration Skills:
• Strong communication (written and verbal) and diplomatic skills in building consensus from dispersed teams with competing priorities.
• Build and nurture strong cross-business relationships with Engineering, IT, Product, Legal, Sales and the broader cybersecurity team.

Our Candidate Privacy Notice describes how Smartsheet may process your personal data, including the use of a third party provider for application submissions.