Governance, Risk & Compliance (GRC) Engineer

11 Minutes ago • 2-5 Years • $93,000 PA - $105,000 PA
Cyber Security

Job Description

Smarsh empowers organizations in regulated industries to manage risk and gain intelligence from digital communications. As a GRC Engineer, you will be crucial in advancing Smarsh’s governance, risk, and compliance programs, defining and optimizing security controls and risk processes. This role focuses on scaling governance through automation, control validation, and 'Policy as Code' principles, collaborating with various teams to mature GRC practices.
Must Have:
  • Lead the ongoing maintenance and enhancement of Smarsh’s ISO 27001-aligned ISMS
  • Author and maintain security control narratives
  • Oversee the Control Assurance Program, ensuring effective evidence collection, control testing, and continuous monitoring
  • Coordinate internal and external audit readiness (SOC 2, ISO 27001, FedRAMP, customer audits)
  • Manage the risk assessment lifecycle and facilitate risk acceptance workflows
  • Translate emerging regulations (e.g., DORA, SEC Cyber Rules, UK AI Act) into internal governance requirements
  • Manage customer security assessments and DDQs
  • Lead third-party security reviews and ensure governance controls are extended across the vendor lifecycle
  • Own the policy lifecycle process, ensuring policies are regularly reviewed, updated, and tracked for compliance
  • Develop governance reporting and dashboards
  • Lead the continual refinement of GRC workflows, ensuring operational efficiency
  • Collaborate with Engineering and Security teams to ensure controls are practically enforceable
  • Bring forward ideas and experience around scaling governance processes through automation and control validation techniques
Perks:
  • Lifelong learners with a passion for innovating with purpose, humility and humor
  • Collaboration at the heart of everything we do
  • Work closely with the most popular communications platforms and the world’s leading cloud infrastructure platforms
  • Use the latest in AI/ML technology
  • Global organization that values diversity
  • Providing opportunities for everyone to be their authentic self
  • Comparably.com Best Places to Work Awards

Add these skills to join the top 1% applicants for this job

communication
risk-management
risk-assessment
game-texts

Who are we?

Smarsh empowers its customers to manage risk and unleash intelligence in their digital communications. Our growing community of over 6500 organizations in regulated industries counts on Smarsh every day to help them spot compliance, legal or reputational risks in 80+ communication channels before those risks become regulatory fines or headlines. Relentless innovation has fueled our journey to consistent leadership recognition from analysts like Gartner and Forrester, and our sustained, aggressive growth has landed Smarsh in the annual Inc. 5000 list of fastest-growing American companies since 2008.

Summary

Smarsh is a global leader in digital communications capture, archiving, and oversight. Smarsh is committed to embedding security as a business enabler through governance process excellence and scalable control frameworks. As a GRC Engineer, you will play a critical role in advancing our governance, risk, and compliance programs. You’ll be responsible for defining, implementing, and optimizing security controls and risk processes that support operational alignment across the organization. This role requires an understanding of how governance can scale through automation, control validation workflows, and "Policy as Code" principles. You’ll collaborate closely with engineering, security, legal, and business teams to ensure our GRC practices mature in step with our growth.

How will you contribute?

  • ISMS Governance & Controls Assurance: Lead the ongoing maintenance and enhancement of Smarsh’s ISO 27001-aligned ISMS, ensuring policies, controls, and governance processes are clear, actionable, and aligned with business operations. Author and maintain security control narratives, working closely with technical teams to ensure controls are designed with enforceability and operational alignment in mind. Oversee the Control Assurance Program, ensuring effective evidence collection, control testing, and continuous monitoring practices. Coordinate internal and external audit readiness (SOC 2, ISO 27001, FedRAMP, customer audits) through structured governance workflows.
  • Risk Management & Governance: Manage the risk assessment lifecycle, ensuring comprehensive engagement across business, technical, and third-party risk domains. Facilitate risk acceptance workflows, maintaining governance rigor through well-defined documentation and approval processes. Ensure effective governance of risk treatment plans, enabling clear tracking and status reporting.
  • Regulatory, Contractual & Client Assurance: Translate emerging regulations (e.g., DORA, SEC Cyber Rules, UK AI Act) into internal governance requirements and operational processes. Manage customer security assessments and DDQs, utilizing standardized assurance artefacts to deliver efficient, high-quality responses. Ensure external assurance artefacts are maintained and accessible through the Smarsh Trust Center.
  • Third-Party & Supply Chain Risk: Lead third-party security reviews and ensure governance controls are extended across the vendor lifecycle. Partner with Procurement and Legal to align contractual security requirements and risk acceptance criteria.
  • Policy Lifecycle & Governance Metrics: Own the policy lifecycle process, ensuring policies are regularly reviewed, updated, and tracked for compliance. Develop governance reporting and dashboards that provide clear visibility into control effectiveness, risk posture, and audit readiness. Support governance forums and leadership committees with data-driven insights and structured governance reports.
  • GRC Operations & Enablement: Lead the continual refinement of GRC workflows, ensuring operational efficiency in documentation, evidence management, and status tracking. Collaborate with Engineering and Security teams to ensure controls are practically enforceable within operational workflows. Bring forward ideas and experience around scaling governance processes through automation and control validation techniques, supporting Smarsh’s long-term governance maturity.

What will you bring?

  • 2–5 years’ experience in information security, risk management, or compliance.
  • Working knowledge of security frameworks such as ISO 27001, SOC 2, GDPR, NIST CSF, or similar.
  • Familiarity with GRC platforms and evidence lifecycle management
  • Strong organizational skills with attention to detail in documentation and reporting.
  • Effective communication skills with both technical and non-technical stakeholders.
  • Curiosity and drive to grow into GRC Engineering with a focus on automation and scalability.

The above salary range represents Smarsh's good faith and reasonable estimate of the range of possible base compensation at the time of posting. Any applicable bonus programs will be discussed during the recruiting process.

The salary for this role will be set based on a variety of factors, including but not limited to, internal equity, experience, education, location, specialty and training.

Local cost of living assessments are done for each new hire at the time of offer.

About our culture

Smarsh hires lifelong learners with a passion for innovating with purpose, humility and humor. Collaboration is at the heart of everything we do. We work closely with the most popular communications platforms and the world’s leading cloud infrastructure platforms. We use the latest in AI/ML technology to help our customers break new ground at scale. We are a global organization that values diversity, and we believe that providing opportunities for everyone to be their authentic self is key to our success. Smarsh leadership, culture, and commitment to developing our people have all garnered Comparably.com Best Places to Work Awards. Come join us and find out what the best work of your career looks like.

Set alerts for more jobs like Governance, Risk & Compliance (GRC) Engineer
Set alerts for new jobs by smarsh
Set alerts for new Cyber Security jobs in United States
Set alerts for new jobs in United States
Set alerts for Cyber Security (Remote) jobs

Contact Us
hello@outscal.com
Made in INDIA 💛💙