Director, GRC, Engineering (Remote Eligible)
Company: Smartsheet
Location: Bellevue
Posted on: April 2, 2026
|
|
|
Job Description:
For over 20 years, Smartsheet has helped people and teams
achieve–well, anything. From seamless work management to smart,
scalable solutions, we’ve always worked with flow. We’re building
tools that empower teams to automate the manual, uncover insights,
and scale smarter. But more than that, we’re creating space– space
to think big, take action, and unlock the kind of work that truly
matters. Because when challenge meets purpose, and passion turns
into progress, that’s magic at work, and it’s what we show up for
everyday. We are looking for an experienced GRC leader with a
strong engineering background. Governance, risk and compliance is
key to ensuring the cybersecurity program we’ve built is
continuously improving. This leader will be responsible for
maintaining a high level of trust with our customers through our
GRC program. You will also be able to interact with customers and
auditors on a regular basis to build and maintain that trust
directly. You’ll also ensure our numerous annual audits are
completed on time and minimal impact to the rest of the business.
You’ll lead our existing GRC team members and support their
continued growth to achieve the vision you set for GRC at
Smartsheet. You will also collaborate across the entire business
and be a customer minded champion for cyber compliance. You’ll also
partner closely with our Privacy and Legal team. This role reports
directly to our CISO. Responsibilities: Build automation into GRC
Deploy GRC-as-Code / Policy-as-Code Deploy AI into our GRC
processes where appropriate Own, manage and be accountable for
supporting our revenue team by reviewing contracts both on net new
deals as well as renewals. Lead and build a high performing team
Maintain a high level of customer service for both internal and
external stakeholders and customers. Lead our annual external
audits such as SOC2, ISO 27001, ISO 27701, FedRAMP and others and
serve as primary point of contact for external auditors. Lead our
internal audits and readiness assessments Work closely with
procurement teams and manage vendor security reviews Manage all
cybersecurity related policies, procedures, and standards. Partner
closely with Product Security & Privacy, Engineering and Product
teams on security reviews and evidence collection for audits Define
and track key performance indicators (KPIs) and key risk indicators
(KRIs) from engineering and cloud telemetry data to provide
measurable, risk-based insights to leadership Skills Required:
Leadership & Management: 5 years of people leadership experience 10
years general GRC experience Ability to delegate and dive deep with
your team to solve problems quickly Define and execute the
multi-year vision, strategy, and roadmap for the GRC Engineering
function, aligning it with overall business objectives and the
security program's evolution. Mentor and coach team members,
fostering a culture of continuous learning, automation-first
thinking, and professional growth in both GRC and technical
engineering skills. Manage the GRC Engineering budget, external
vendor relationships, and resource allocation to ensure optimal
efficiency and effectiveness of the compliance program. Drive a
proactive, security-minded, and compliance-aware culture across the
entire engineering and product organization. Technical Expertise:
Strong experience in reviewing and redlining contracts Ability to
strike a balance between customer requirements and organizational
risk when considering contracting Strong negotiation skills when
managing vendor and supply chain risks Proven ability to to build
business-centric Third Party Risk programs Experience with and deep
knowledge of NIST 800-53 Understanding of product development, SDLC
and CI/CD Deep knowledge of AWS and container architecture
Familiarity with tools like Terraform or CloudFormation for
managing and auditing infrastructure configuration as code.
Experience integrating GRC processes with vulnerability management
and security configuration tools to track remediation and ensure
control coverage. Operational & Collaboration Skills: Strong
communication (written and verbal) and diplomatic skills in
building consensus from dispersed teams with competing priorities.
Build and nurture strong cross-business relationships with
Engineering, IT, Product, Legal, Sales and the broader
cybersecurity team. Current US Perks & Benefits: Medical/vision and
dental coverage options for full-time employees 401k Match to help
you save for your future (50% of your contribution up to the first
6% of your eligible pay) Monthly stipend to support your work and
productivity Flexible Time Away Program, plus Sick Time Off US
employees are automatically covered under Smartsheet-sponsored life
insurance, short-term, and long-term disability plans US employees
receive 12 paid holidays per year Up to 24 weeks of Parental Leave
Personal paid Volunteer Day to support our community Opportunities
for professional growth and development including access to Udemy
online courses Company Funded Perks, including a counseling
membership, local retail discounts, and your own personal
Smartsheet account Teleworking options from any registered location
in the U.S. (role specific) Smartsheet provides a competitive base
salary range for roles that may be hired in different geographic
areas we are licensed to operate our business from. Actual
compensation is determined by several factors including, but not
limited to, level of professional, educational experience, skills,
and specific candidate location. In addition, this role will be
eligible for a market competitive incentive opportunity. US Base
Salary Pay Range $235,000 - $315,000 USD Get to Know Us: At
Smartsheet, your ideas are heard, your potential is supported, and
your contributions have real impact. You’ll have the freedom to
explore, push boundaries, and grow beyond your role. We welcome
diverse perspectives and nontraditional paths—because we know that
impact comes from individuals who care deeply and challenge
thoughtfully. When you’re doing work that stretches you, excites
you, and connects you to something bigger, that’s magic at work.
Let’s build what’s next, together. Equal Opportunity Employer:
Smartsheet is an Equal Opportunity (EEO) employer committed to
fostering an inclusive environment with the best employees. It is
our policy to provide equal employment opportunities to all
qualified applicants in accordance with applicable laws in the US,
UK, Australia, Germany, Costa Rica, Japan, Bulgaria, and India. All
qualified applicants will receive consideration without regard to
race, color, religion, sex, sexual orientation, gender identity,
national origin, age, protected veteran or disabled status, or
genetic information. If there are preparations we can make to help
ensure you have a comfortable and positive interview experience,
please let us know. LI-Remote
Keywords: Smartsheet, Lacey , Director, GRC, Engineering (Remote Eligible), IT / Software / Systems , Bellevue, Washington
