Governance, Risk & Compliance - Lead

1 Month ago • 7-10 Years • Risk Management

Job Summary

Job Description

Smarsh is seeking a Governance, Risk & Compliance Lead to manage its Information Security Management System (ISMS) aligned with ISO 27001, overseeing control assurance and supporting audits like SOC 2, ISO 27001, FedRAMP, and customer audits. The role involves driving cybersecurity risk management, enhancing risk methodologies, and supporting risk acceptance and remediation. Responsibilities also include monitoring emerging regulations, managing customer security assessments, coordinating client responses, leading third-party security reviews, and managing the InfoSec policy lifecycle. The position requires developing security governance metrics for executive reporting and promoting a security-aware culture. Additionally, the role focuses on GRC operations, refining workflows, and maintaining GRC tooling integrations.
Must have:
  • Lead ISMS governance and controls assurance
  • Drive cybersecurity risk management
  • Manage regulatory, contractual & client assurance
  • Lead third-party & supply chain risk
  • Manage policy governance & stakeholder reporting
  • Deliver security awareness & culture programs
  • Manage GRC operations & enablement
  • 7-10 years in GRC roles within SaaS/regulated industries
  • Experience operationalizing ISMS frameworks
  • Hands-on experience with GRC platforms
  • Ability to work across business, engineering, legal teams
  • Familiarity with ISO 27001, SOC 2, GDPR, DORA, FedRAMP, SEC Cyber
  • Strong communication and executive reporting skills
Good to have:
  • Experience leading client assurance programs
  • Professional certifications (CISA, CISM, ISO 27001 LA, CISSP, CRISC)

Job Details

Who are we?

Smarsh empowers its customers to manage risk and unleash intelligence in their digital communications. Our growing community of over 6500 organizations in regulated industries counts on Smarsh every day to help them spot compliance, legal or reputational risks in 80+ communication channels before those risks become regulatory fines or headlines.  Relentless innovation has fueled our journey to consistent leadership recognition from analysts like Gartner and Forrester, and our sustained, aggressive growth has landed Smarsh in the annual Inc. 5000 list of fastest-growing American companies since 2008.

Core Responsibilities

    • ISMS Governance & Controls Assurance
    • Lead the maintenance and continuous improvement of Smarsh’s ISO 27001-aligned ISMS.
    • Oversee the control assurance programme, ensuring robust evidence collection, control testing, and continuous monitoring.
    • Own key internal and external audit workstreams, including SOC 2, ISO 27001, FedRAMP  and customer audits.
    • Cybersecurity Risk Management
    • Drive the risk assessment lifecycle, embedding business, technical, and supply chain risk perspectives.
    • Enhance risk methodologies and tools, integrating real-time risk metrics into dashboards and governance forums.
    • ·Support risk acceptance processes and facilitate cross-functional remediation plans.
    • Regulatory, Contractual & Client Assurance
    • Monitor emerging regulations (e.g. DORA, SEC, UK AI Act) and translate them into actionable internal obligations.
    • Manage customer security assessments and DDQs, enabling frictionless trust through reusable assurance artefacts.
    • Coordinate timely, high-quality client responses and external assurance artefacts in the Smarsh Trust Center.
    • Third-Party & Supply Chain Risk
    • Lead third-party security reviews and ensure governance controls are extended across the vendor lifecycle.
    • Partner with Procurement and Legal to align contractual security requirements and risk acceptance criteria.
    • Policy Governance & Stakeholder Reporting
    • Maintain the InfoSec policy lifecycle and track compliance across business units.
    • Develop and maintain security governance metrics and reporting for the CISO and wider executive team.
    • Support the operation of governance forums and steering committees.
    • Security Awareness & Culture
    • Deliver targeted security training and awareness campaigns aligned to regulatory and business needs.
    • Promote a security-aware culture of governance accountability and enablement across teams.
    • GRC Operations & Enablement
    • Own and refine core GRC workflows, including documentation, issue tracking, evidence management, and status reporting.
    • Maintain and expand GRC tooling integrations, ensuring high-quality automation and reporting outputs.

Essential Experience

    • 7–10 years’ experience in security governance, risk, or compliance roles within SaaS or regulated industries.
    • Strong track record operationalising ISMS frameworks, managing control assurance, and supporting external audits.
    • Hands-on experience with GRC platforms, security metrics reporting, and risk assessments.
    • Proven ability to work across business, engineering, and legal teams to embed governance effectively.
    • Familiarity with modern regulatory landscapes and frameworks such as ISO 27001, SOC 2, GDPR, DORA, FedRAMP and SEC Cyber rules.
    • Strong communication skills, with the ability to create executive-level reporting and artefacts.
    • Experience leading client assurance programmes or third-party risk management.
    • Professional certifications (CISA, CISM, ISO 27001 LA, CISSP, CRISC) preferred.
About our culture

Smarsh hires lifelong learners with a passion for innovating with purpose, humility and humor. Collaboration is at the heart of everything we do. We work closely with the most popular communications platforms and the world’s leading cloud infrastructure platforms. We use the latest in AI/ML technology to help our customers break new ground at scale. We are a global organization that values diversity, and we believe that providing opportunities for everyone to be their authentic self is key to our success. Smarsh leadership, culture, and commitment to developing our people have all garnered Comparably.com Best Places to Work Awards. Come join us and find out what the best work of your career looks like.

Similar Jobs

Brillio - Technical Product Owner – Twilio & IVR Solutions

Brillio

Edison, New Jersey, United States (Remote)
1 Month ago
Salesforce - Marketing Security Lead

Salesforce

San Francisco, California, United States (Remote)
1 Year ago
LMArena - Enterprise Engineer

LMArena

San Francisco, California, United States (Hybrid)
3 Months ago
HHA Exchange - Customer Success Manager

HHA Exchange

New York, New York, United States (On-Site)
3 Months ago
ARHS - Application Security Expert

ARHS

Amsterdam, North Holland, Netherlands (On-Site)
10 Months ago
Interactive Brokers - Risk Assessment Analyst

Interactive Brokers

London, England, United Kingdom (Hybrid)
1 Month ago
binance - Risk Manager

binance

Istanbul, İstanbul, Türkiye (Hybrid)
2 Months ago
LeoVegas - UK Risk, Fraud & Payments Manager

LeoVegas

Leeds, England, United Kingdom (On-Site)
3 Months ago
PayPal - Director, Head of Risk & Compliance

PayPal

Hong Kong Island, Hong Kong (Hybrid)
2 Months ago
OKX - Senior Associate, Risk Operations (Fraud Risk, Mandarin & English Support)

OKX

Kuala Lumpur, Federal Territory Of Kuala Lumpur, Malaysia (On-Site)
10 Months ago

Get notifed when new similar jobs are uploaded

Similar Skill Jobs

Zuora - Technical Implementation Consultant - Enterprise SaaS Software

Zuora

Heredia, Heredia Province, Costa Rica (Hybrid)
3 Months ago
Dialpad AI - Account Executive, Majors

Dialpad AI

United States (On-Site)
1 Month ago
EMA - DevOps Engineering Lead

EMA

California, United States (Hybrid)
5 Months ago
Arkose Labs - Platform Engineer

Arkose Labs

San José Province, Costa Rica (Remote)
3 Months ago
GoMotive - Director of Strategic Accounts, Western U.S.

GoMotive

United States (Remote)
1 Month ago
Take-Two Interactive - Senior Architect II - AI

Take-Two Interactive

Canada (Remote)
1 Month ago
zeta - Engagement Owner

zeta

Mumbai, Maharashtra, India (On-Site)
2 Months ago
Bright Machines - Senior Site Reliability Engineer (DevOps Engineer)

Bright Machines

Guadalajara, Jalisco, Mexico (On-Site)
1 Month ago
Veeam Software - Virtualization Backup Engineer (Italian speaker)

Veeam Software

Poland (Remote)
3 Months ago
SparkCognition - Senior DevOps Engineer

SparkCognition

Bengaluru, Karnataka, India (On-Site)
11 Months ago

Get notifed when new similar jobs are uploaded

Jobs in India

Addepar - Software Engineer - Trading Platform

Addepar

Pune, Maharashtra, India (On-Site)
4 Weeks ago
Assystems - BIM Architect

Assystems

Gurugram, Haryana, India (On-Site)
9 Months ago
Nagarro - Senior Staff Engineer, .Net Fullstack

Nagarro

India (Remote)
10 Months ago
Capgemini - Service Delivery Manager

Capgemini

Bengaluru, Karnataka, India (On-Site)
3 Months ago
Qualcomm - Staff ASIC Design Verification Engineer

Qualcomm

Bengaluru, Karnataka, India (On-Site)
3 Months ago
Capgemini - API Testing

Capgemini

Mumbai, Maharashtra, India (On-Site)
3 Months ago
Capgemini - M&C Delivery Professional

Capgemini

Kolkata, West Bengal, India (On-Site)
2 Months ago
Ruselle Investments - Portfolio Analyst

Ruselle Investments

Mumbai, Maharashtra, India (On-Site)
4 Weeks ago
velotio technologies  - Senior Engineer (React Native)

velotio technologies

India (Remote)
2 Months ago
NVIDIA - Intellectual Property Security Engineer

NVIDIA

Bengaluru, Karnataka, India (On-Site)
4 Months ago

Get notifed when new similar jobs are uploaded

Risk Management Jobs

Interactive Brokers - APAC Risk Assessment Analyst

Interactive Brokers

Kowloon, Hong Kong (On-Site)
1 Month ago
PwC - Senior Associate - Risk Assurance Services (Business Solution)

PwC

Ho Chi Minh City, Ho Chi Minh City, Vietnam (On-Site)
9 Months ago
PwC - Senior Manager - Cyber Risk Advisory

PwC

Saint Helier, St Helier, Jersey (On-Site)
2 Months ago
Ion - Senior Consultant - Risk Advisory, Italy

Ion

Turin, Piedmont, Italy (On-Site)
10 Months ago
GoMotive - Underwriting Manager, Risk Operations Management

GoMotive

United States (Remote)
3 Months ago
Ion - Junior Consultant - Risk Advisory, Italy

Ion

Milan, Lombardy, Italy (On-Site)
10 Months ago
PwC - Risk Assurance Services - Associate

PwC

Port Of Spain, Port Of Spain Corporation, Trinidad And Tobago (On-Site)
2 Months ago
Imanage - CX Risk Enablement Strategist

Imanage

Chicago, Illinois, United States (Hybrid)
4 Weeks ago
PwC - Insurance Transformation Director - Risk & Reg - Sectors (Insurance)

PwC

Dublin, County Dublin, Ireland (On-Site)
2 Months ago
Visa - Director, Go-to-Market Strategy – Risk Solutions

Visa

Atlanta, Georgia, United States (Hybrid)
1 Month ago

Get notifed when new similar jobs are uploaded

About The Company

Heredia, Costa Rica (Remote)

United Kingdom (Remote)

Bengaluru, Karnataka, India (Hybrid)

Atlanta, Georgia, United States (Remote)

Atlanta, Georgia, United States (Hybrid)

Bengaluru, Karnataka, India (Hybrid)

Heredia, Costa Rica (Hybrid)

Boca Raton, Florida, United States (Remote)

Portland, Oregon, United States (Hybrid)

United States (Remote)

View All Jobs

Get notified when new jobs are added by smarsh

Level Up Your Career in Game Development!

Transform Your Passion into Profession with Our Comprehensive Courses for Aspiring Game Developers.

Job Common Plug