Smartsheet is hiring a Director, GRC, Engineering (Remote Eligible)

Smartsheet is looking for a Director, GRC, Engineering to lead our Governance, Risk, and Compliance function. You will maintain customer trust and ensure continuous improvement of our cybersecurity program by building a high-performing team and integrating automation.

What You'll Do

• Build automation into GRC processes and deploy GRC-as-Code.
• Deploy AI into GRC processes where appropriate.
• Own, manage, and be accountable for supporting the revenue team by reviewing contracts for new deals and renewals.
• Lead and build a high-performing team.
• Maintain a high level of customer service for internal and external stakeholders.
• Lead annual external audits (SOC2, ISO 27001, ISO 27701, FedRAMP) as primary point of contact.
• Lead internal audits and readiness assessments.
• Work closely with procurement teams and manage vendor security reviews.
• Manage all cybersecurity-related policies, procedures, and standards.
• Partner with Product Security & Privacy, Engineering, and Product teams on security reviews and evidence collection.
• Define and track KPIs and KRIs from engineering and cloud telemetry data to provide risk-based insights.

What We're Looking For

• 5+ years of people leadership experience.
• 10+ years general GRC experience.
• Ability to delegate and dive deep with your team to solve problems quickly.
• Define and execute the multi-year vision, strategy, and roadmap for the GRC Engineering function.
• Mentor and coach team members, fostering a culture of continuous learning and automation-first thinking.
• Manage the GRC Engineering budget, external vendor relationships, and resource allocation.
• Drive a proactive, security-minded, and compliance-aware culture across engineering and product.
• Strong experience in reviewing and redlining contracts.
• Ability to balance customer requirements and organizational risk in contracting.
• Strong negotiation skills for managing vendor and supply chain risks.
• Proven ability to build business-centric Third Party Risk programs.
• Experience with and deep knowledge of NIST 800-53.
• Understanding of product development, SDLC and CI/CD.
• Deep knowledge of AWS and container architecture.
• Familiarity with tools like Terraform or CloudFormation for managing infrastructure as code.
• Experience integrating GRC processes with vulnerability management and security configuration tools.
• Strong communication (written and verbal) and diplomatic skills in building consensus.
• Build and nurture strong cross-business relationships with Engineering, IT, Product, Legal, Sales, and cybersecurity.

Technical Stack

• AWS
• Terraform
• CloudFormation

Team & Environment

You will lead existing GRC team members and collaborate across the entire business, reporting directly to the CISO.

Benefits & Compensation

• Medical/vision and dental coverage options for full-time employees.
• 401k Match (50% of your contribution up to the first 6% of your eligible pay).
• Monthly stipend to support work and productivity.
• Flexible Time Away Program, plus Sick Time Off.
• Smartsheet-sponsored life insurance, short-term, and long-term disability plans.
• 12 paid holidays per year.
• Up to 24 weeks of Parental Leave.
• Personal paid Volunteer Day to support our community.
• Opportunities for professional growth and development including access to Udemy online courses.
• Company Funded Perks, including a counseling membership, local retail discounts, and a personal Smartsheet account.
• Compensation Range: $235,000 - $315,000 USD

Work Mode

This role is remote eligible, with optional locations including Bellevue, WA, USA.

Smartsheet is an Equal Opportunity (EEO) employer committed to fostering an inclusive environment. All qualified applicants receive consideration without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.