Director, GRC, Engineering (Remote Eligible)

About The Position

Requirements

• 5+ years of people leadership experience
• 10+ years general GRC experience
• Ability to delegate and dive deep with your team to solve problems quickly
• Define and execute the multi-year vision, strategy, and roadmap for the GRC Engineering function, aligning it with overall business objectives and the security program's evolution.
• Mentor and coach team members, fostering a culture of continuous learning, automation-first thinking, and professional growth in both GRC and technical engineering skills.
• Manage the GRC Engineering budget, external vendor relationships, and resource allocation to ensure optimal efficiency and effectiveness of the compliance program.
• Drive a proactive, security-minded, and compliance-aware culture across the entire engineering and product organization.
• Strong experience in reviewing and redlining contracts
• Ability to strike a balance between customer requirements and organizational risk when considering contracting
• Strong negotiation skills when managing vendor and supply chain risks
• Proven ability to to build business-centric Third Party Risk programs
• Experience with and deep knowledge of NIST 800-53
• Understanding of product development, SDLC and CI/CD
• Deep knowledge of AWS and container architecture
• Familiarity with tools like Terraform or CloudFormation for managing and auditing infrastructure configuration as code.
• Experience integrating GRC processes with vulnerability management and security configuration tools to track remediation and ensure control coverage.
• Strong communication (written and verbal) and diplomatic skills in building consensus from dispersed teams with competing priorities.
• Build and nurture strong cross-business relationships with Engineering, IT, Product, Legal, Sales and the broader cybersecurity team.

Responsibilities

• Build automation into GRC
• Deploy GRC-as-Code / Policy-as-Code
• Deploy AI into our GRC processes where appropriate
• Own, manage and be accountable for supporting our revenue team by reviewing contracts both on net new deals as well as renewals.
• Lead and build a high performing team
• Maintain a high level of customer service for both internal and external stakeholders and customers.
• Lead our annual external audits such as SOC2, ISO 27001, ISO 27701, FedRAMP and others and serve as primary point of contact for external auditors.
• Lead our internal audits and readiness assessments
• Work closely with procurement teams and manage vendor security reviews
• Manage all cybersecurity related policies, procedures, and standards.
• Partner closely with Product Security & Privacy, Engineering and Product teams on security reviews and evidence collection for audits
• Define and track key performance indicators (KPIs) and key risk indicators (KRIs) from engineering and cloud telemetry data to provide measurable, risk-based insights to leadership

Benefits

• Medical/vision and dental coverage options for full-time employees
• 401k Match to help you save for your future (50% of your contribution up to the first 6% of your eligible pay)
• Monthly stipend to support your work and productivity
• Flexible Time Away Program, plus Sick Time Off
• US employees are automatically covered under Smartsheet-sponsored life insurance, short-term, and long-term disability plans
• US employees receive 12 paid holidays per year
• Up to 24 weeks of Parental Leave
• Personal paid Volunteer Day to support our community
• Opportunities for professional growth and development including access to Udemy online courses
• Company Funded Perks, including a counseling membership, local retail discounts, and your own personal Smartsheet account
• Teleworking options from any registered location in the U.S. (role specific)