Director, GRC, Engineering (Remote Eligible)

We are looking for an experienced GRC leader with a strong engineering background. Governance, risk and compliance is key to ensuring the cybersecurity program we’ve built is continuously improving. This leader will be responsible for maintaining a high level of trust with our customers through our GRC program. You will also be able to interact with customers and auditors on a regular basis to build and maintain that trust directly. You’ll also ensure our numerous annual audits are completed on time and minimal impact to the rest of the business.

You’ll lead our existing GRC team members and support their continued growth to achieve the vision you set for GRC at Smartsheet. You will also collaborate across the entire business and be a customer minded champion for cyber compliance. You’ll also partner closely with our Privacy and Legal team. This role reports directly to our CISO.

• →Build automation into GRC
• →Deploy GRC-as-Code / Policy-as-Code
• →Deploy AI into our GRC processes where appropriate
• →Own, manage and be accountable for supporting our revenue team by reviewing contracts both on net new deals as well as renewals.
• →Lead and build a high performing team
• →Maintain a high level of customer service for both internal and external stakeholders and customers.
• →Lead our annual external audits such as SOC2, ISO 27001, ISO 27701, FedRAMP and others and serve as primary point of contact for external auditors.
• →Lead our internal audits and readiness assessments
• →Work closely with procurement teams and manage vendor security reviews
• →Manage all cybersecurity related policies, procedures, and standards.
• →Partner closely with Product Security & Privacy, Engineering and Product teams on security reviews and evidence collection for audits
• →Define and track key performance indicators (KPIs) and key risk indicators (KRIs) from engineering and cloud telemetry data to provide measurable, risk-based insights to leadership

• Leadership & Management:
• 5+ years of people leadership experience
• 10+ years general GRC experience
• Ability to delegate and dive deep with your team to solve problems quickly
• Define and execute the multi-year vision, strategy, and  roadmap for the GRC Engineering function, aligning it with overall business objectives and the security program's evolution.
• Mentor and coach team members, fostering a culture of continuous learning, automation-first thinking, and professional growth in both GRC and technical engineering skills.
• Manage the GRC Engineering budget, external vendor relationships, and resource allocation to ensure optimal efficiency and effectiveness of the compliance program.
• Drive a proactive, security-minded, and compliance-aware culture across the entire engineering and product organization.
• Technical Expertise:
• Strong experience in reviewing and redlining contracts
• Ability to strike a balance between customer requirements and organizational risk when considering contracting
• Strong negotiation skills when managing vendor and supply chain risks
• Proven ability to to build business-centric Third Party Risk programs
• Experience with and deep knowledge of NIST 800-53
• Understanding of product development, SDLC and CI/CD
• Deep knowledge of AWS and container architecture
• Familiarity with tools like Terraform or CloudFormation for managing and auditing infrastructure configuration as code.
• Experience integrating GRC processes with vulnerability management and security configuration tools to track remediation and ensure control coverage.
• Operational & Collaboration Skills:
• Strong communication (written and verbal) and diplomatic skills in building consensus from dispersed teams with competing priorities.
• Build and nurture strong cross-business relationships with Engineering, IT, Product, Legal, Sales and the broader cybersecurity team.

At Smartsheet, your ideas are heard, your potential is supported, and your contributions have real impact. You’ll have the freedom to explore, push boundaries, and grow beyond your role. We welcome diverse perspectives and nontraditional paths—because we know that impact comes from individuals who care deeply and challenge thoughtfully. When you’re doing work that stretches you, excites you, and connects you to something bigger, that’s magic at work. Let’s build what’s next, together.

Smartsheet is an Equal Opportunity (EEO) employer committed to fostering an inclusive environment with the best employees. It is our policy to provide equal employment opportunities to all qualified applicants in accordance with applicable laws in the US, UK, Australia, Germany, Costa Rica, Japan, Bulgaria, and India. All qualified applicants will receive consideration without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information. 

If there are preparations we can make to help ensure you have a comfortable and positive interview experience, please let us know.

#LI-Remote