Analyst, Governance, Risk & Compliance

Job Description

Smartsheet is looking for an outstanding team member to drive results and build and operate a next generation Governance, Risk & Compliance (GRC) program at Smartsheet. You will support and collaborate with team members in the development and implementation of new and existing GRC capabilities aligned with our goals. You are someone that is motivated, innovative , team-oriented and ready for both challenge and opportunity in a fast-paced growing environment.

In 2005, Smartsheet was founded on the idea that teams and millions of people worldwide deserve a better way to deliver their very best work. Today, we deliver a leading cloud-based platform for work execution, empowering organizations to plan, capture, track, automate, and report on work at scale, resulting in more efficient processes and better business outcomes. Trust is one of our core values, and as an organization, we execute that core value by maintaining and innovating on systems, processes and programs that secure our customers’ data.

This position reports to the Senior Manager, Governance, Risk & Compliance located in WA state and is remote eligible.

You Will:

• Support the execution of Quarterly User Access Reviews (QUAR), recertifying existing access to critical systems and applications, while supporting the development of Identity Governance & Administration (IGA) for Smartsheet, enabling automation and scalability for the user access recertification process.
• Support the development of technology-enabled GRC solutions to improve automation, scalability, and end-user experience for the GRC programs and our stakeholders.
• Collaborate with GRC team members and support the delivery of the core GRC programs and capabilities, including Compliance Management (NIST, SOC 1/2/3, ISO27001, ISO27701, ISO27018, ISO27017, CSA, HiTRUST, PCI, etc.), Enterprise Risk Management (ERM), Policy & Governance, Business Continuity & Disaster Recovery (BC/DR), Security Behavior & Awareness Training (SBAT), and Third Party Risk Management (TPRM)
• Collaborate with key stakeholders, including Legal, Privacy, IT, and Engineering teams, to help develop new, and improve existing, GRC programs for Smartsheet products, customers, and operations.
• Support the capturing, reporting, and rollup mechanisms for delivering key GRC metrics and results to management.
• Support the maintenance of internal and external-facing Security and Compliance documentation and collateral, including corporate security policies, audit reports, internal reports and workspaces, online Trust Center, and other customer-facing materials.
• Support sales and support teams with Security and Compliance related customer inquiries for customers and potential customers alike.

You Have:

• 2+ years of relevant experience in risk management, information security, audit and/or compliance
• Experience in source code development and scripting to help automate manual processes.
• Familiar with developing, implementing, harmonizing, and improving upon processes supporting Security Compliance frameworks (NIST, SOC 1/2/3, ISO27001, ISO27701, ISO27018, ISO27017, CSA, HiTRUST, PCI, etc.).
• Experience working with organizations governed by various regulatory requirements
• An understanding of cloud native technologies and architectures used by the SaaS industry.
• The ability to communicate risk in a meaningful manner to different areas of a business.
• The desire to have significant impact in a hyper-growth environment that is rapidly defining its industry.
• A bias towards doing and building, rather than hypothesizing, while recognizing that some ideas must fail fast.

Perks & Benefits:

• Fully paid Health & Life insurance for full-time employees and family members
• Monthly stipend to support your work and productivity
• 12 days paid Vacation + Flexible Time Away Program
• 20 weeks fully paid Maternity Leave
• 12 weeks fully paid Paternity/Adoption Leave
• Personal paid Volunteer Day to support our community
• Opportunities for professional growth and development including access to LinkedIn Learning online courses
• Company Funded Perks including a counseling membership and your own personal Smartsheet account
• Teleworking options from any registered location in Costa Rica (role specific)

Equal Opportunity Employer:

Smartsheet is an Equal Opportunity Employer committed to fostering an inclusive environment with the best employees. We provide employment opportunities without regard to any legally protected status in accordance with applicable laws in the US, UK, Australia, Costa Rica and Germany. If there are preparations we can make to help ensure you have a comfortable and positive interview experience, please let us know.

At Smartsheet, we strive to build an inclusive environment that encourages, supports, and celebrates the diverse voices of our team members who also represent the diverse needs of our customers. We're looking for people who are driven, authentic, supportive, effective, and honest. You're encouraged to apply even if your experience doesn't precisely match our job description—if your career path has been nontraditional, that will set you apart. At Smartsheet, we welcome diverse perspectives and people who aren't afraid to be innovative—join us!

#BI-Remote

#LI-Remote