Senior IRAP Compliance Analyst

This position reports to:  Head of SecEng or CISO

We’re looking for a highly motivated, collaborative and technically experienced Cyber Security Professional with the ability to understand and influence cloud operational and security processes, effectively communicate our organisation’s controls including intent, and drive changes within the organisation through effective testing. The successful candidate must be reliable, resourceful and have a positive attitude.  

In this position, you will be involved in leading and managing the IRAP compliance program for our organization. This will include liaising with government agencies, third party auditors, internal engagement with SMEs. So it requires a holistic level understanding of regulatory requirements and how it can be implemented within a cloud environment.

You will be a key member of our team and you will play an important role in defining the framework for the Smartsheet IRAP compliance effort, including identification of documentation requirements and a schedule for continuous monitoring. In this role you will be required to demonstrate the ability to analyse difficult problems, think out-of-box and provide pragmatic solutions and recommendations.   

Our current compliance initiatives are focused on, but not limited to Spain’s ENS, Germany’s TISAX, Japan’s ISMAP, Australia’s IRAP, Singapore MTCS, and other important global programs such as ISO 27001, ISO 27002, ISO 27017, ISO 27018, PCI, SSAE 18, and SOC 2.  

 
You Will: 

• Perform activities to help measure and monitor IRAP compliance with company policies and procedures 
• Perform gap analysis of IRAP requirements in comparison with our existing NIST 800.53 security controls
• Facilitate certifier and assessor requests and information gathering for audit activities and lead the audit process
• Craft and revise security policies and procedures to enhance compliance with IRAP and other relevant security frameworks.
• Conduct activities to comply with the various Government Cyber Security requirements within the Australia and wider APAC region
• Successfully drive security compliance testing activities across various teams within the organisation 
• Coordinate with various internal teams (IT, legal, CorpIT, etc.) and external stakeholders to ensure alignment and understanding of compliance requirements and strategies.
• Contribute by enhancing and maturing the existing common control framework
• Liaise with Risk Management team and assist with security risk assessment activities and development of security controls and documentation, as needed
• Monitor regulatory changes relevant to IRAP and adjust compliance strategies as necessary.
• Advocate for best practices in security and compliance
• Contribute towards enhancing the policies and processes that are a part of our compliance requirements to and understand how they meet compliance business needs
  
  

You Have: 

• 8+ years working in the field of cyber security compliance, security risk or audit 
• Direct and current working experience with Australian IRAP and at least one other compliance program from among the following: UK Cyber Essentials Plus, ISO 27001, PCI, MTCS, SSAE18, and/or SOC2
• Prior experience working in the Security and Compliance group at a SaaS/Cloud company or with Security and Risk practice of a reputable auditing firm 
• Relevant professional certifications such as CISSP, CISA, CISM are desirable
• Demonstrated experience working on large projects
• Experience using a GRC tool or system is desirable
• Excellent writing skills, ability to prepare and deliver compliance presentations and delivery of associated metrics 
• Excellent verbal and written communication skills 
• Ability to work effectively as a member of the Compliance Team to drive results for the Information Security Program

  
The candidate must be an Australian citizen currently holding a baseline security clearance, or willing to obtain a baseline security clearance. 

Get to Know Us

At Smartsheet, we’ve created a place where everyone is welcome — people from all over the world, all backgrounds, all ages, all colours, and all beliefs working side by side. Here, everyone can make a difference and empower others to do the same. You’re encouraged to apply even if your experience doesn’t precisely match our job description—if your career path has been nontraditional, that will set you apart. At Smartsheet, we empower everyone, everywhere to change the way the world works—join us

Equal Opportunity Employer:

Smartsheet is an Equal Opportunity Employer committed to fostering an inclusive environment with the best employees. We provide employment opportunities without regard to any legally protected status in accordance with applicable laws in the US, UK, Australia, Japan, Costa Rica, and Germany. If there are preparations we can make to help ensure you have a comfortable and positive interview experience, please let us know.

#BI-Remote

#LI-Remote