Principal Security Engineer – GRC Team Lead (Remote Eligible)

56 minutes ago
Full-time
Lead
Cybersecurity
Smartsheet

Smartsheet

Smartsheet provides an enterprise work management platform that enables teams to efficiently manage projects, automate processes, and enhance collaboration through a user-friendly interface that combines spreadsheet functionality with advanced workflow...

Internet Software & Services
1K-5K
Founded 2005

Description

  • Own the end-to-end GRC strategy and roadmap to improve compliance maturity, reduce audit risk, and increase operational efficiency.
  • Design and implement policy-as-code systems that translate frameworks such as SOC 2, ISO 27001, FedRAMP, and HIPAA into enforceable controls.
  • Build custom control frameworks aligned to Smartsheet’s cloud architecture, multi-framework needs, and risk appetite.
  • Lead full audit cycles, including preparation, execution, evidence gathering, remediation, and continuous monitoring.
  • Evaluate, select, configure, and integrate GRC tooling with cloud infrastructure, identity systems, ticketing systems, and CI/CD pipelines.
  • Design automated evidence collection and validation pipelines across AWS, application logs, identity systems, and operational tools.
  • Translate compliance requirements into technical implementations that engineering and security teams can execute and monitor.
  • Establish risk management and governance processes, including risk registers, control assessments, monitoring workflows, and escalation paths.
  • Build and lead the GRC team by mentoring staff, defining playbooks, and driving a culture of continuous improvement.

Requirements

  • 10+ years of experience in GRC, compliance, security engineering, or related roles.
  • 5+ years in a technical or leadership capacity managing compliance programs at scale.
  • Bachelor’s degree in Computer Science, Computer Engineering, Cybersecurity, or a related field, or equivalent practical experience.
  • Deep hands-on experience running full audit cycles across SOC 2 Type II, ISO 27001, and FedRAMP.
  • Working knowledge of AWS, GCP, or Azure, plus infrastructure-as-code tools such as Terraform, CI/CD pipelines, IAM, encryption, and logging.
  • Hands-on experience with GRC platforms such as Vanta, Drata, ServiceNow GRC, or equivalent.
  • Experience with policy-as-code and compliance-as-code principles, including automated controls and continuous compliance validation.
  • Deep knowledge of SOC 2 Trust Service Criteria, ISO 27001, NIST 800-53 or 800-171, and familiarity with HIPAA, GDPR, and related frameworks.
  • Scripting and automation experience with Python, Bash, or similar languages.
  • Strong communication and program management skills with the ability to align technical and business stakeholders.
  • U.S. citizenship or U.S. national status is required to meet federal compliance requirements.
  • Federal or government sector experience is valuable but not required.
  • Professional certifications such as CISSP, CISM, CISA, CRISC, GRCP, or AWS Certified Security – Specialty are preferred.
  • Experience with AI governance frameworks such as NIST AI RMF or ISO 42001 is preferred.
  • Background in DevSecOps or security operations with hands-on CI/CD and Infrastructure-as-Code experience is preferred.

Benefits

  • US base salary range of $205,000 to $275,000.
  • Market-competitive incentive opportunity.
  • Employer-subsidized medical, vision, and dental coverage for full-time employees.
  • 401(k) match of 50% of contributions up to the first 6% of eligible pay.
  • Monthly stipend to support work and productivity.
  • Flexible Time Away Program plus sick time off.
  • 12 paid holidays per year for US employees.
  • Up to 24 weeks of parental leave.
  • Personal paid Volunteer Day.
  • Opportunities for professional growth and development, including access to Udemy courses.
  • Company-funded perks including a counseling membership, local retail discounts, and a personal Smartsheet account.
  • Teleworking options from any registered U.S. location, role dependent.
  • Company-sponsored life insurance, short-term disability, and long-term disability for US employees.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Sr. Information Systems Security Engineer III (6695)

MetroStar 251-1K IT Services

MetroStar is hiring a Sr. Information Systems Security Engineer to help design, implement, and maintain cybersecurity controls and monitoring for protecting sensitive digital assets and ensuring compliance.

Cybersecurity Encryption Splunk
26 minutes ago

Chief Engineer, Advanced Effects

Anduril Industries 1K-5K Aerospace & Defense

Anduril Industries is hiring a Chief Engineering leader for its Air Dominance and Strike programs to drive end-to-end technical execution of large aircraft from concept through production and sustainment.

System Design
26 minutes ago

Sr. Operational Excellence Consultant

MetroStar 251-1K IT Services

MetroStar is hiring a Sr. Operational Excellence Consultant to support enterprise-wide initiatives that improve operations, customer and employee experience, and organizational readiness for growth.

41 minutes ago

Program Manager, Vendor Management Operations

Oscar 1K-5K Insurance

Oscar Health is hiring a remote Program Manager, Vendor Management Operations to support vendor management and operational improvements within its Workforce Management team.

41 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers