Search by job, company or skills

Smarsh

Governance, Risk and Compliance -Lead

Save
  • Posted 14 hours ago
  • Be among the first 10 applicants
Early Applicant

Job Description

Smarsh is a global leader in digital communications capture, archiving, and oversight. Our Governance, Risk, and Compliance function is built to scale through systems, automation, and engineering-driven control frameworks.

This role focuses on building and operating the systems that make governance real in a production environment. You will work at the intersection of Security, Engineering, and GRC to design, implement, and validate controls as part of normal system operation rather than after-the-fact compliance activities.

You will be responsible for developing control validation workflows, improving evidence automation, and ensuring strong alignment between policy intent and system behavior. The role requires strong systems thinking and the ability to translate compliance requirements into practical, testable implementations.

Core Responsibilities

Control Engineering & Validation

  • Design and implement security controls as testable, system-aligned mechanisms across cloud and application environments
  • Translate regulatory and framework requirements into measurable control logic and validation checks
  • Build and operate control validation workflows, including continuous testing and monitoring
  • Identify and resolve gaps between documented controls and actual system behavior

GRC Automation & Tooling

  • Develop and improve GRC tooling integrations and platform capabilities
  • Automate evidence collection from cloud platforms, security tools, and internal systems
  • Design scalable workflows for continuous control monitoring and audit readiness
  • Improve data quality, structure, and traceability across GRC systems

Evidence & Audit Engineering

  • Design reusable, structured evidence models aligned to control requirements
  • Build automated evidence pipelines that support audit readiness
  • Ensure evidence is generated at the source and remains consistent over time
  • Maintain audit trails that demonstrate control effectiveness

Risk & Control Integration

  • Integrate control assurance outputs into risk management systems
  • Maintain clear linkage between controls, risks, and remediation activities
  • Improve visibility into control health and organizational risk posture
  • Support structured remediation workflows with clear ownership and tracking

Governance Systems & Process Design

  • Design and refine governance workflows that align with engineering practices
  • Contribute to Policy as Code and structured governance approaches
  • Standardize how policies and controls are implemented across systems
  • Improve consistency and repeatability across GRC operations

Regulatory & Compliance Engineering

  • Translate regulatory requirements into system-aligned control implementations
  • Ensure compliance obligations are implemented as measurable and testable mechanisms
  • Partner with Legal and Security to align regulatory interpretation with technical execution

Third-Party & External Assurance

  • Support third-party security assessments using scalable and repeatable evaluation approaches
  • Align vendor risk processes with internal control frameworks
  • Contribute to client assurance through standardized, automation-ready evidence

What We're Looking For

Experience

  • 6 to 8 years of experience in GRC, security engineering, or control assurance within SaaS or regulated environments
  • Experience designing and implementing security controls in technical environments
  • Hands-on experience with automation, evidence systems, or control validation workflows
  • Strong understanding of cloud platforms and modern application architectures

Technical & Analytical Capability

  • Ability to translate compliance frameworks such as ISO 27001, SOC 2, and NIST into system-level implementations
  • Experience working with APIs, logs, or structured data to validate controls
  • Comfort with scripting or automation such as Python or similar
  • Strong systems thinking and ability to connect controls, risks, and infrastructure

Ways of Working

  • Focus on building scalable, repeatable solutions instead of manual processes
  • Ability to collaborate across Engineering, Security, and GRC teams
  • Clear and structured communication in both technical and governance contexts
  • Bias toward ownership and continuous improvement

Why Smarsh

Smarsh hires lifelong learners with a passion for innovating with purpose, humility, and humor. Collaboration is at the heart of everything we do.

Our GRC function is evolving toward automation, control validation, and engineering-driven governance. This role offers the opportunity to work on systems that directly impact how governance operates at scale.

More Info

Job Type:
Industry:
Employment Type:

About Company

Job ID: 151077645

Similar Jobs

Bengaluru, India

Skills:

Data ManagementPower BiPysparkSqlData QualityData ProfilingData GovernancePythonDQ Rule DesignOneLakeMedallion ArchitectureMicrosoft PurviewADLSAttaccama ONEMicrosoft Fabric

Bengaluru, India

Skills:

snowflake Power BiAzureSqlPythonELTAWSEtlSolidatusPower Apps

Bengaluru, India

Skills:

data movementData ProtectionDistributed Systemspolicy enforcementAI toolsdeveloper toolsaudit logsAuthorizationLLM gatewaysidentity systemsMCP

Bengaluru, India

Skills:

JavaPowerShellLdapSqlOktaAzure AdSailpointPythonSaviyntIdentity AdministrationIdentity GovernanceActive DirectoryBeyondTrustMicrosoft Entra

Bengaluru, India

Skills:

OWASP Top 10 for LLMsNeMo GuardrailsSIEM integrationsguardrail frameworksdata sanitization techniquesPython for automationLLM observability platformsSecurity testing toolsLlama GuardDeep knowledge of LLM vulnerabilities