Sr. Compliance Engineer
Confirmed live in the last 24 hours
Bellevue, WA, USA
- 5+ years of experience in IT compliance, information security, or related field
- Bachelor's degree in Computer Science, Information Systems, Information Technology, or related field, or equivalent work experience
- Experience in FedRAMP audit standards, practices, and controls
- Knowledge of industry standards such as ISO 27001, NIST, and COBIT
- Deep understanding of audit standards and practices, and security control frameworks
- Extensive knowledge and understanding of information security policies, standards, procedures, and guidelines
- Knowledge and understanding of end-user computing tools, hardware, application software, networks, communications, and mobile device technologies
- Ability to work with Security Operations Engineers to identify gaps in technology tools, policies, and procedures
- Understanding of concepts and philosophies regarding the design and implementation of information technologies and associated architectural concepts, principles, and tools
- Experience with regulatory requirements such as PCI-DSS, HIPAA, SOX, GDPR, and CCPA
- Strong understanding of risk management principles, practices, and frameworks
- Communication, analytical, and problem-solving skills
- Relevant certifications such as CISA, CISSP, or CRISC are preferred, but not required
- Develop and maintain IT compliance programs in accordance with FedRamp, SOC, and ISO standards
- Conduct and direct external audits to assess compliance with policies, procedures, and standards
- Plan and execute end-to-end compliance initiatives in accordance with the Security Functional Plan
- Continuously maintain and improve Smartsheet's security control framework
- Draft and implement procedures, guides, whitepapers, and other documentation related to our compliance program
- Build and maintain security controls that map to NIST 800.53 security compliance requirements and provide implementation recommendations for new controls
- Identify areas where compliance, and specifically security compliance controls, can be improved through automation
- Design requirements for security compliance automation tasks
- Recommend new security compliance metrics and automate reporting of existing metrics
- Conduct periodic assessments of the organization's IT systems and operations to ensure compliance with regulatory requirements, industry standards, and internal policies
- Identify and document gaps and potential risks in the organization's IT practices and recommend appropriate solutions to address these issues
- Develop and implement policies, procedures, and controls to ensure compliance with regulatory requirements and industry standards
- Collaborate with internal and external stakeholders to provide guidance on compliance requirements and assist with audit preparations and responses
- Monitor changes in regulatory requirements and industry standards and recommend updates to policies and procedures accordingly
- Provide training where necessary to employees on compliance requirements and best practices
- Maintain documentation and tracking of compliance-related activities, including reports, audit findings, and remediation plans
- Assist with the development and implementation of Information Systems governance frameworks
Cloud-based collaboration platform
Smartsheet's mission is to empower anyone to drive meaningful change - for themselves, their businesses and even for the world.
- Health and wellness benefits - From sick days to mental health services, we support you. We provide company-sponsored comprehensive healthcare coverage and well-being benefit programs so you can take care of your whole self.
- Time away - We want you to find time for what matters to you. We offer a variety of programs so you can recharge and reconnect, including paid time off for company holidays, vacation, volunteering, military leave, and parental bonding.
- An investment in your future - We help you plan for the dreams you’re working toward. We offer every employee competitive pay, retirement contributions, stock awards, and an employee stock purchase program.
- Perks and discounts - It's the details that make life easier. From discount programs and an allowance for work-related expenses, to medical concierge (U.S. only) and caregiver services, we help set you up for success both at work and outside of it.
- An inclusive environment - We strive to foster a culture of belonging that is rooted in respect for all people. We believe that by celebrating diversity of voices and experiences, and by creating equitable opportunities for our team, customers, and communities, we enable people to do and be their best.
- Continuous learning - We know that when you’re growing, so are we. That's why we provide opportunities to develop on the job through internal mobility, virtual learning, and a variety of development programs.
Company Core Values
- Value-driven culture - We don’t just talk the talk. Our award-winning culture stems from having a core set of values that are lived daily from the top down.
- Meaningful impact - Smartsheet helps employees achieve more by providing a supportive, respectful culture that pushes its people to excel and innovate.
- Investing in employees - From wide-ranging benefits to on-site development programs, Smartsheet is truly invested in its employees' well-being — both in and outside of the workplace.