Sr. Compliance Engineer

Bellevue, WA, USA


Smartsheet enables teams to manage projects, automate processes & scale programs in one powerful platform. Maintain visibility & keep distributed teams connected.

View company page

The Senior Compliance Engineer is responsible for ensuring the organization's compliance with relevant regulations, standards, and policies related to Smartsheet Information Systems operations. The ideal candidate has extensive experience in FedRAMP, SOC, and ISO audit practices and standards. They will be responsible for maintaining continuous compliance with various regulations, policies, and standards, as well as identifying and mitigating risks associated with Information Systems operations. In this role, they will work closely with internal and external stakeholders to develop, implement, and maintain our security controls, assess and manage risks, and provide recommendations for process improvements. This role also involves conducting assessments, identifying gaps, and recommending solutions to increase the maturity of the compliance program at Smartsheet. 

In 2005, Smartsheet was founded on the idea that teams and millions of people worldwide deserve a better way to deliver their very best work. Today, we deliver a leading cloud-based platform for work execution, empowering organizations to plan, capture, track, automate, and report on work at scale, resulting in more efficient processes and better business outcomes.

You will report to our Manager, Governance, Risk & Compliance located in our Bellevue, WA office, or you may work remotely from anywhere in the US where Smartsheet is a registered employer.

You Will:

  • Develop and maintain IT compliance programs in accordance with FedRamp, SOC, and ISO standards
  • Conduct and direct external audits to assess compliance with policies, procedures, and standards
  • Plan and execute end-to-end compliance initiatives in accordance with the Security Functional Plan
  • Continuously maintain and improve Smartsheet’s security control framework
  • Draft and implement procedures, guides, whitepapers, and other documentation related to our compliance program
  • Build and maintain security controls that map to NIST 800.53 security compliance requirements and provide implementation recommendations for new controls
  • Identify areas where compliance, and specifically security compliance controls, can be improved through automation
  • Design requirements for security compliance automation tasks
  • Recommend new security compliance metrics and automate reporting of existing metrics
  • Conduct periodic assessments of the organization's IT systems and operations to ensure compliance with regulatory requirements, industry standards, and internal policies 
  • Identify and document gaps and potential risks in the organization's IT practices and recommend appropriate solutions to address these issues 
  • Develop and implement policies, procedures, and controls to ensure compliance with regulatory requirements and industry standards  
  • Collaborate with internal and external stakeholders to provide guidance on compliance requirements and assist with audit preparations and responses 
  • Monitor changes in regulatory requirements and industry standards and recommend updates to policies and procedures accordingly  
  • Provide training where necessary to employees on compliance requirements and best practices 
  • Maintain documentation and tracking of compliance-related activities, including reports, audit findings, and remediation plans 
  • Assist with the development and implementation of Information Systems governance frameworks

You Have:

  • 5+ years of experience in IT compliance, information security, or related field
  • Bachelor’s degree in Computer Science, Information Systems, Information Technology, or related field, or equivalent work experience
  • Experience in FedRAMP audit standards, practices, and controls
  • Knowledge of industry standards such as ISO 27001, NIST, and COBIT 
  • Deep understanding of audit standards and practices, and security control frameworks
  • Extensive knowledge and understanding of information security policies, standards, procedures, and guidelines
  • Knowledge and understanding of end-user computing tools, hardware, application software, networks, communications, and mobile device technologies
  • Ability to work with Security Operations Engineers to identify gaps in technology tools, policies, and procedures
  • Understanding of concepts and philosophies regarding the design and implementation of information technologies and associated architectural concepts, principles, and tools
  • Experience with regulatory requirements such as PCI-DSS, HIPAA, SOX, GDPR, and CCPA 
  • Strong understanding of risk management principles, practices, and frameworks
  • Communication, analytical, and problem-solving skills 
  • Relevant certifications such as CISA, CISSP, or CRISC are preferred, but not required

Perks & Benefits:

  • HSA, 100% employer-paid premiums, or buy-up medical/vision and dental coverage options for full-time employees
  • Equity - Restricted Stock Units (RSUs) with all offers
  • Lucrative Employee Stock Purchase Program (15% discount)
  • 401k Match to help you save for your future (50% of your contribution up to the first 6% of your eligible pay)
  • Monthly stipend to support your work and productivity
  • 15 days PTO, plus Incidental Sick Leave
  • Up to 24 weeks of Parental Leave
  • Personal paid Volunteer Day to support our community
  • Opportunities for professional growth and development including access to LinkedIn Learning online courses
  • Company Funded Perks, including a counseling membership, local retail discounts, and your own personal Smartsheet account
  • Teleworking options from any registered location in the U.S. (role specific)
  • US employees are automatically covered under Smartsheet-sponsored life insurance, short-term, and long-term disability plans
  • US employees receive 12 paid holidays per year

Smartsheet provides a reasonable range of compensation for roles that may be hired in different geographic areas we are licensed to operate our business from. Actual compensation is determined by several factors including, but not limited to, level of professional, educational experience, skills, and specific candidate location. In addition, this role will be eligible for a market competitive bonus and RSU stock grant upon accepted offer. California & New York: $118,800-$172,800, all other US States: $110,000-$160,000

Equal Opportunity Employer:

Smartsheet is an Equal Opportunity Employer committed to fostering an inclusive environment with the best employees. We provide employment opportunities without regard to any legally protected status in accordance with applicable laws in the US, UK, Germany, Costa Rica, and Australia. If there are preparations we can make to help ensure you have a comfortable and positive interview experience, please let us know.

At Smartsheet, we strive to build an inclusive environment that encourages, supports, and celebrates the diverse voices of our team members who also represent the diverse needs of our customers. We’re looking for people who are driven, authentic, supportive, effective, and honest. You’re encouraged to apply even if your experience doesn’t precisely match our job description—if your career path has been nontraditional, that will set you apart. At Smartsheet, we welcome diverse perspectives and people who aren’t afraid to be innovative—join us! 



Tags: Audits Automation CCPA CISA CISSP Cloud CoBIT Compliance Computer Science CRISC FedRAMP GDPR Governance HIPAA ISO 27001 NIST Risk management SOC

Perks/benefits: 401(k) matching Career development Competitive pay Equity Health care Insurance Medical leave Parental leave Salary bonus

Regions: Remote/Anywhere North America
Country: United States
Job stats:  13  7  0
  • Share this job via
  • or

More jobs like this

Explore more InfoSec/Cybersecurity career opportunities

Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cyber Security in general, filtered by job title or popular skill, toolset and products used.