Governance, Risk & Compliance - Lead

1 Month ago • 7-10 Years • Risk Management

Job Summary

Job Description

Smarsh is seeking a Governance, Risk & Compliance (GRC) Lead to embed security as a business enabler. This role is crucial for integrating, scaling, and proactively managing security governance, risk, and compliance efforts. The GRC Lead will support the Senior Manager, GRC, and oversee key programs including ISMS, controls assurance, risk management, third-party oversight, and regulatory compliance. Responsibilities include maintaining the ISO 27001 ISMS, managing control assurance and audits (SOC 2, ISO 27001, FedRAMP), driving risk assessment lifecycles, enhancing risk methodologies, managing regulatory monitoring (DORA, SEC, UK AI Act), coordinating client security assessments, leading third-party security reviews, maintaining the InfoSec policy lifecycle, and developing security governance metrics. The role also involves delivering security awareness campaigns and refining GRC workflows and tooling. The ideal candidate will collaborate across InfoSec, Legal, Product, Engineering, and Customer teams in a dynamic, global environment.
Must have:
  • 7-10 years in security GRC roles
  • Operationalize ISMS, manage control assurance
  • Experience with GRC platforms
  • Work across business, engineering, legal teams
  • Familiarity with ISO 27001, SOC 2, GDPR, DORA, FedRAMP
  • Strong communication skills for executive reporting
  • Experience leading client assurance or third-party risk management
Good to have:
  • Professional certifications (CISA, CISM, ISO 27001 LA, CISSP, CRISC)

Job Details

Who are we?

Smarsh empowers its customers to manage risk and unleash intelligence in their digital communications. Our growing community of over 6500 organizations in regulated industries counts on Smarsh every day to help them spot compliance, legal or reputational risks in 80+ communication channels before those risks become regulatory fines or headlines.  Relentless innovation has fueled our journey to consistent leadership recognition from analysts like Gartner and Forrester, and our sustained, aggressive growth has landed Smarsh in the annual Inc. 5000 list of fastest-growing American companies since 2008.

Summary

Smarsh is committed to embedding security as a business enabler. As a senior member of the GRC team, you will be instrumental in ensuring that our security governance, risk, and compliance efforts are integrated, scalable, and proactive.

The GRC Lead plays a cross-functional leadership role, supporting the Senior Manager, GRC, and taking ownership of key programmes that span our ISMS, controls assurance, risk management, third-party oversight, and regulatory compliance. You’ll engage with stakeholders across InfoSec, Legal, Product, Engineering, and Customer teams to operationalise governance and build trust.

This is a strategic yet hands-on role, ideal for someone who thrives in driving governance initiatives, facilitating risk discussions, and ensuring compliance readiness while working closely with Engineering, Security, and Product teams. You must be comfortable working as part of a global team in a dynamic, fast-paced environment. Collaboration across time zones and geographies is a key part of our culture and success. 
 

How will you contribute?

  • ISMS Governance & Controls Assurance
  • Lead the maintenance and continuous improvement of Smarsh’s ISO 27001-aligned ISMS.
  • Oversee the control assurance programme, ensuring robust evidence collection, control testing, and continuous monitoring.
  • Own key internal and external audit workstreams, including SOC 2, ISO 27001, FedRAMP and customer audits.

  • Cybersecurity Risk Management
  • Drive the risk assessment lifecycle, embedding business, technical, and supply chain risk perspectives.
  • Enhance risk methodologies and tools, integrating real-time risk metrics into dashboards and governance forums.
  • Support risk acceptance processes and facilitate cross-functional remediation plans.

  • Regulatory, Contractual & Client Assurance
  • Monitor emerging regulations (e.g. DORA, SEC, UK AI Act) and translate them into actionable internal obligations.
  • Manage customer security assessments and DDQs, enabling frictionless trust through reusable assurance artefacts.
  • Coordinate timely, high-quality client responses and external assurance artefacts.

  • Third-Party & Supply Chain Risk
  • Lead third-party security reviews and ensure governance controls are extended across the vendor lifecycle.
  • Partner with Procurement and Legal to align contractual security requirements and risk acceptance criteria.

  • Policy Governance & Stakeholder Reporting
  • Maintain the InfoSec policy lifecycle and track compliance across business units.
  • Develop and maintain security governance metrics and reporting for the CISO and wider executive team.
  • Support the operation of governance forums and steering committees.

  • Security Awareness & Culture
  • Deliver targeted security training and awareness campaigns aligned to regulatory and business needs.
  • Promote a security-aware culture of governance accountability and enablement across teams.

  • GRC Operations & Enablement
  • Own and refine core GRC workflows, including documentation, issue tracking, evidence management, and status reporting.
  • Maintain and expand GRC tooling integrations, ensuring high-quality automation and reporting outputs.

What will you bring?

  • 7–10 years’ experience in security governance, risk, or compliance roles within SaaS or regulated industries.
  • Strong track record operationalising ISMS frameworks, managing control assurance, and supporting external audits.
  • Hands-on experience with GRC platforms, security metrics reporting, and risk assessments.
  • Proven ability to work across business, engineering, and legal teams to embed governance effectively.
  • Familiarity with modern regulatory landscapes and frameworks such as ISO 27001, SOC 2, GDPR, DORA, FedRAMP and SEC Cyber rules.
  • Strong communication skills, with the ability to create executive-level reporting and artifacts.
  • Experience leading client assurance programmes or third-party risk management.
  • Professional certifications (CISA, CISM, ISO 27001 LA, CISSP, CRISC) preferred.

About our culture

Smarsh hires lifelong learners with a passion for innovating with purpose, humility and humor. Collaboration is at the heart of everything we do. We work closely with the most popular communications platforms and the world’s leading cloud infrastructure platforms. We use the latest in AI/ML technology to help our customers break new ground at scale. We are a global organization that values diversity, and we believe that providing opportunities for everyone to be their authentic self is key to our success. Smarsh leadership, culture, and commitment to developing our people have all garnered Comparably.com Best Places to Work Awards. Come join us and find out what the best work of your career looks like.

Similar Jobs

Embrace - Business Development Lead

Embrace

United States (Remote)
1 Month ago
ISS Stoxx - Senior Python Full Stack Developer

ISS Stoxx

Mumbai, Maharashtra, India (On-Site)
2 Months ago
level ai - National Channel Manager

level ai

United States (Remote)
3 Months ago
bounteous - Manager Quality Automation - BOT

bounteous

India (Remote)
10 Months ago
Veeam Software - JavaScript Developer (React)

Veeam Software

Poland (Remote)
3 Months ago
PwC - Senior Manager - Cyber Risk Advisory

PwC

Saint Peter Port, Guernsey (On-Site)
2 Months ago
FalconX - Head of Risk

FalconX

Malta (On-Site)
3 Weeks ago
Ion - Junior Consultant - Risk Advisory, Italy

Ion

Pisa, Tuscany, Italy (On-Site)
10 Months ago
PhonePe - Risk Investigator - AML Operations (Transaction Monitoring & FIU Reporting)

PhonePe

Bengaluru, Karnataka, India (On-Site)
2 Months ago
Saviynt - Sr. Director (Application Access Governance) -  Governance Risk & Compliance

Saviynt

El Segundo, California, United States (Hybrid)
10 Months ago

Get notifed when new similar jobs are uploaded

Similar Skill Jobs

Lead Venture - Sales Enablement Content Specialist

Lead Venture

Belmopan, Cayo District, Belize (On-Site)
2 Months ago
Nice - Senior NOC Engineer

Nice

Sydney, New South Wales, Australia (On-Site)
1 Month ago
Alpha Sense - Global Strategic Account Leader

Alpha Sense

London, England, United Kingdom (On-Site)
1 Month ago
Plaid  - Sales Development Representative

Plaid

New York, United States (Hybrid)
1 Year ago
Lead Venture - Account Manager

Lead Venture

United States (Remote)
3 Weeks ago
Loyalty Juggernaut - Product Engineer (2025 Grads.)

Loyalty Juggernaut

Hyderabad, Telangana, India (On-Site)
3 Months ago
Loyalty Juggernaut - Project Manager -GRAVTY® Implementation

Loyalty Juggernaut

Hyderabad, Telangana, India (On-Site)
3 Weeks ago
Anthology  Inc  - Associate Software Engineer II

Anthology Inc

Bengaluru, Karnataka, India (On-Site)
2 Months ago
Yahoo - Senior Salesforce Engineer

Yahoo

Ireland (Hybrid)
1 Year ago
Axon - Senior Accountant, Revenue Policy & Enablement

Axon

Seattle, Washington, United States (Hybrid)
1 Month ago

Get notifed when new similar jobs are uploaded

Jobs in London, England, United Kingdom

version 1 - Technical Service Delivery Manager

version 1

Telford, England, United Kingdom (On-Site)
1 Month ago
Rockstar Games - Senior Network Programmer

Rockstar Games

Edinburgh, Scotland, United Kingdom (On-Site)
2 Months ago
Rebellion - Crowdfunding Manager

Rebellion

Oxford, England, United Kingdom (Hybrid)
3 Weeks ago
Gameplay Galaxy - UI/UX Designer

Gameplay Galaxy

United Kingdom (Remote)
1 Month ago
Take-Two Interactive - Privacy Paralegal

Take-Two Interactive

London, England, United Kingdom (Hybrid)
2 Months ago
ClearPoint Recruitment - Lead Generator Energy

ClearPoint Recruitment

Gateshead, England, United Kingdom (On-Site)
6 Years ago
Square - Cost Manager

Square

Bristol, England, United Kingdom (On-Site)
1 Month ago
Demandbase - Growth Account Director

Demandbase

United Kingdom (Remote)
2 Months ago
Ion - Trading Systems Engineer - 9320

Ion

London, England, United Kingdom (On-Site)
10 Months ago
Lighthouse Games - Principal Technical Artist

Lighthouse Games

Royal Leamington Spa, England, United Kingdom (Hybrid)
3 Months ago

Get notifed when new similar jobs are uploaded

Risk Management Jobs

PwC - Senior Associate - Risk Performance, Governance and Controls (RPGC)

PwC

Kuala Lumpur, Federal Territory Of Kuala Lumpur, Malaysia (On-Site)
10 Months ago
London stock Exchange - Senior Manager - Risk Coverage

London stock Exchange

London, England, United Kingdom (On-Site)
1 Month ago
Ion - Junior Consultant - Risk Advisory, Italy

Ion

Milan, Lombardy, Italy (On-Site)
10 Months ago
Aspire - Chief Risk Officer (CRO)

Aspire

Singapore, Singapore (Hybrid)
1 Month ago
Grab - Head, Credit Risk and Collections

Grab

Pasig, Metro Manila, Philippines (On-Site)
2 Months ago
PayPal - Risk & Compliance Oversight Analyst

PayPal

Omaha, Nebraska, United States (Hybrid)
1 Month ago
Rippling - Risk Strategy Manager

Rippling

Austin, Texas, United States (On-Site)
2 Months ago
Visa - Sr. Manager - Supervision and Regulatory Risk, CEMEA

Visa

Almaty, Almaty Region, Kazakhstan (Hybrid)
5 Months ago
Blazesoft - Risk and Fraud Analyst

Blazesoft

Vaughan, Ontario, Canada (On-Site)
2 Months ago
bytedance - Fraud Risk Strategy Expert - Global Payment

bytedance

Singapore (On-Site)
9 Months ago

Get notifed when new similar jobs are uploaded

About The Company

Heredia, Costa Rica (Remote)

United Kingdom (Remote)

Bengaluru, Karnataka, India (Hybrid)

Atlanta, Georgia, United States (Remote)

Atlanta, Georgia, United States (Hybrid)

Bengaluru, Karnataka, India (Hybrid)

Heredia, Costa Rica (Hybrid)

Boca Raton, Florida, United States (Remote)

Portland, Oregon, United States (Hybrid)

United States (Remote)

View All Jobs

Get notified when new jobs are added by smarsh