Director, GRC, Engineering (Remote Eligible)

For over 20 years, Smartsheet has helped people and teams achieve–well, anything. From seamless work management to smart, scalable solutions, we’ve always worked with flow. We’re building tools that empower teams to automate the manual, uncover insights, and scale smarter. But more than that, we’re creating space– space to think big, take action, and unlock the kind of work that truly matters. Because when challenge meets purpose, and passion turns into progress, that’s magic at work, and it’s what we show up for everyday. We are looking for an experienced GRC leader with a strong engineering background. Governance, risk and compliance is key to ensuring the cybersecurity program we’ve built is continuously improving. This leader will be responsible for maintaining a high level of trust with our customers through our GRC program. You will also be able to interact with customers and auditors on a regular basis to build and maintain that trust directly. You’ll also ensure our numerous annual audits are completed on time and minimal impact to the rest of the business. You’ll lead our existing GRC team members and support their continued growth to achieve the vision you set for GRC at Smartsheet. You will also collaborate across the entire business and be a customer minded champion for cyber compliance. You’ll also partner closely with our Privacy and Legal team. This role reports directly to our CISO. Responsibilities: Build automation into GRC Deploy GRC-as-Code / Policy-as-Code Deploy AI into our GRC processes where appropriate Own, manage and be accountable for supporting our revenue team by reviewing contracts both on net new deals as well as renewals. Lead and build a high performing team Maintain a high level of customer service for both internal and external stakeholders and customers. Lead our annual external audits such as SOC2, ISO 27001, ISO 27701, FedRAMP and others and serve as primary point of contact for external auditors. Lead our internal audits and readiness assessments Work closely with procurement teams and manage vendor security reviews Manage all cybersecurity related policies, procedures, and standards. Partner closely with Product Security Privacy, Engineering and Product teams on security reviews and evidence collection for audits Define and track key performance indicators (KPIs) and key risk indicators (KRIs) from engineering and cloud telemetry data to provide measurable, risk-based insights to leadership Skills Required: Leadership Management: 5+ years of people leadership experience 10+ years general GRC experience Ability to delegate and dive deep with your team to solve problems quickly Define and execute the multi-year vision, strategy, and roadmap for the GRC Engineering function, aligning it with overall business objectives and the security program's evolution. Mentor and coach team members, fostering a culture of continuous learning, automation-first thinking, and professional growth in both GRC and technical engineering skills. Manage the GRC Engineering budget, external vendor relationships, and resource allocation to ensure optimal efficiency and effectiveness of the compliance program. Drive a proactive, security-minded, and compliance-aware culture across the entire engineering and product organization. Technical Expertise: Strong experience in reviewing and redlining contracts Ability to strike a balance between customer requirements and organizational risk when considering contracting Strong negotiation skills when managing vendor and supply chain risks Proven ability to to build business-centric Third Party Risk programs Experience with and deep knowledge of NIST 800-53 Understanding of product development, SDLC and CI/CD Deep knowledge of AWS and container architecture Familiarity with tools like Terraform or CloudFormation for managing and auditing infrastructure configuration as code. Experience integrating GRC processes with vulnerability management ... (truncated, view full listing at source)