The Senior Compliance Engineer is responsible for ensuring the organization's compliance with relevant regulations, standards, and policies related to Smartsheet Information Systems operations. The ideal candidate has extensive experience in FedRAMP, SOC, and ISO audit practices and standards. They will be responsible for maintaining continuous compliance with various regulations, policies, and standards, as well as identifying and mitigating risks associated with Information Systems operations. In this role, they will work closely with internal and external stakeholders to develop, implement, and maintain our security controls, assess and manage risks, and provide recommendations for process improvements. This role also involves conducting assessments, identifying gaps, and recommending solutions to increase the maturity of the compliance program at Smartsheet.
In 2005, Smartsheet was founded on the idea that teams and millions of people worldwide deserve a better way to deliver their very best work. Today, we deliver a leading cloud-based platform for work execution, empowering organizations to plan, capture, track, automate, and report on work at scale, resulting in more efficient processes and better business outcomes.
You will report to our Manager, Governance, Risk & Compliance located in our Bellevue, WA office, or you may work remotely from anywhere in the US where Smartsheet is a registered employer.
You Will:
Develop and maintain IT compliance programs in accordance with FedRamp, SOC, and ISO standards
Conduct and direct external audits to assess compliance with policies, procedures, and standards
Plan and execute end-to-end compliance initiatives in accordance with the Security Functional Plan
Continuously maintain and improve Smartsheet’s security control framework
Draft and implement procedures, guides, whitepapers, and other documentation related to our compliance program
Build and maintain security controls that map to NIST 800.53 security compliance requirements and provide implementation recommendations for new controls
Identify areas where compliance, and specifically security compliance controls, can be improved through automation
Design requirements for security compliance automation tasks
Recommend new security compliance metrics and automate reporting of existing metrics
Conduct periodic assessments of the organization's IT systems and operations to ensure compliance with regulatory requirements, industry standards, and internal policies
Identify and document gaps and potential risks in the organization's IT practices and recommend appropriate solutions to address these issues
Develop and implement policies, procedures, and controls to ensure compliance with regulatory requirements and industry standards
Collaborate with internal and external stakeholders to provide guidance on compliance requirements and assist with audit preparations and responses
Monitor changes in regulatory requirements and industry standards and recommend updates to policies and procedures accordingly
Provide training where necessary to employees on compliance requirements and best practices
Maintain documentation and tracking of compliance-related activities, including reports, audit findings, and remediation plans
Assist with the development and implementation of Information Systems governance frameworks
You Have:
5+ years of experience in IT compliance, information security, or related field
Bachelor’s degree in Computer Science, Information Systems, Information Technology, or related field, or equivalent work experience
Experience in FedRAMP audit standards, practices, and controls
Knowledge of industry standards such as ISO 27001, NIST, and COBIT
Deep understanding of audit standards and practices, and security control frameworks
Extensive knowledge and understanding of information security policies, standards, procedures, and guidelines
Knowledge and understanding of end-user computing tools, hardware, application software, networks, communications, and mobile device technologies
Ability to work with Security Operations Engineers to identify gaps in technology tools, policies, and procedures
Understanding of concepts and philosophies regarding the design and implementation of information technologies and associated architectural concepts, principles, and tools
Experience with regulatory requirements such as PCI-DSS, HIPAA, SOX, GDPR, and CCPA
Strong understanding of risk management principles, practices, and frameworks
Communication, analytical, and problem-solving skills
Relevant certifications such as CISA, CISSP, or CRISC are preferred, but not required
Perks & Benefits:
HSA, 100% employer-paid premiums, or buy-up medical/vision and dental coverage options for full-time employees
Equity - Restricted Stock Units (RSUs) with all offers
Lucrative Employee Stock Purchase Program (15% discount)
401k Match to help you save for your future (50% of your contribution up to the first 6% of your eligible pay)
Monthly stipend to support your work and productivity
Flexible Time Away Program, plus Incidental Sick Leave
Up to 24 weeks of Parental Leave
Personal paid Volunteer Day to support our community
Opportunities for professional growth and development including access to LinkedIn Learning online courses
Company Funded Perks, including a counseling membership, local retail discounts, and your own personal Smartsheet account
Teleworking options from any registered location in the U.S. (role specific)
US employees are automatically covered under Smartsheet-sponsored life insurance, short-term, and long-term disability plans
US employees receive 12 paid holidays per year
Smartsheet provides a reasonable range of compensation for roles that may be hired in different geographic areas we are licensed to operate our business from. Actual compensation is determined by several factors including, but not limited to, level of professional, educational experience, skills, and specific candidate location. In addition, this role will be eligible for a market competitive bonus and RSU stock grant upon accepted offer. California & New York: $118,800-$172,800, all other US States: $110,000-$160,000
Equal Opportunity Employer:
Smartsheet is an Equal Opportunity Employer committed to fostering an inclusive environment with the best employees. We provide employment opportunities without regard to any legally protected status in accordance with applicable laws in the US, UK, Germany, Costa Rica, and Australia. If there are preparations we can make to help ensure you have a comfortable and positive interview experience, please let us know.
At Smartsheet, we strive to build an inclusive environment that encourages, supports, and celebrates the diverse voices of our team members who also represent the diverse needs of our customers. We’re looking for people who are driven, authentic, supportive, effective, and honest. You’re encouraged to apply even if your experience doesn’t precisely match our job description—if your career path has been nontraditional, that will set you apart. At Smartsheet, we welcome diverse perspectives and people who aren’t afraid to be innovative—join us!
#BI-Remote
#LI-Remote
View Original Job Posting