Smarsh

Governance, Risk & Compliance - Lead

Smarsh  •  Bengaluru, IN (Onsite)  •  22 hours ago
Apply
AI can make mistakes so check important info. Chat history is never stored.

Job Description

Who are we?

Smarsh empowers its customers to manage risk and unleash intelligence in their digital communications. Our growing community of over 6500 organizations in regulated industries counts on Smarsh every day to help them spot compliance, legal or reputational risks in 80+ communication channels before those risks become regulatory fines or headlines. Relentless innovation has fueled our journey to consistent leadership recognition from analysts like Gartner and Forrester, and our sustained, aggressive growth has landed Smarsh in the annual Inc. 5000 list of fastest-growing American companies since 2008.

Smarsh is a global leader in digital communications capture, archiving, and oversight. Our Governance, Risk, and Compliance function is built to scale through systems, automation, and engineering-driven control frameworks.

This role focuses on building and operating the systems that make governance real in a production environment. You will work at the intersection of Security, Engineering, and GRC to design, implement, and validate controls as part of normal system operation rather than after-the-fact compliance activities.

You will be responsible for developing control validation workflows, improving evidence automation, and ensuring strong alignment between policy intent and system behavior. The role requires strong systems thinking and the ability to translate compliance requirements into practical, testable implementations.

Core Responsibilities

    Control Engineering & Validation

  • Design and implement security controls as testable, system-aligned mechanisms across cloud and application environments
  • Translate regulatory and framework requirements into measurable control logic and validation checks
  • Build and operate control validation workflows, including continuous testing and monitoring
  • Identify and resolve gaps between documented controls and actual system behavior
  • GRC Automation & Tooling

  • Develop and improve GRC tooling integrations and platform capabilities
  • Automate evidence collection from cloud platforms, security tools, and internal systems
  • Design scalable workflows for continuous control monitoring and audit readiness
  • Improve data quality, structure, and traceability across GRC systems
  • Evidence & Audit Engineering

  • Design reusable, structured evidence models aligned to control requirements
  • Build automated evidence pipelines that support audit readiness
  • Ensure evidence is generated at the source and remains consistent over time
  • Maintain audit trails that demonstrate control effectiveness
  • Risk & Control Integration

  • Integrate control assurance outputs into risk management systems
  • Maintain clear linkage between controls, risks, and remediation activities
  • Improve visibility into control health and organizational risk posture
  • Support structured remediation workflows with clear ownership and tracking
  • Governance Systems & Process Design

  • Design and refine governance workflows that align with engineering practices
  • Contribute to Policy as Code and structured governance approaches
  • Standardize how policies and controls are implemented across systems
  • Improve consistency and repeatability across GRC operations
  • Regulatory & Compliance Engineering

  • Translate regulatory requirements into system-aligned control implementations
  • Ensure compliance obligations are implemented as measurable and testable mechanisms
  • Partner with Legal and Security to align regulatory interpretation with technical execution
  • Third-Party & External Assurance

  • Support third-party security assessments using scalable and repeatable evaluation approaches
  • Align vendor risk processes with internal control frameworks
  • Contribute to client assurance through standardized, automation-ready evidence

What We’re Looking For

    Experience

  • 6 to 8 years of experience in GRC, security engineering, or control assurance within SaaS or regulated environments
  • Experience designing and implementing security controls in technical environments
  • Hands-on experience with automation, evidence systems, or control validation workflows
  • Strong understanding of cloud platforms and modern application architectures
  • Technical & Analytical Capability

  • Ability to translate compliance frameworks such as ISO 27001, SOC 2, and NIST into system-level implementations
  • Experience working with APIs, logs, or structured data to validate controls
  • Comfort with scripting or automation such as Python or similar
  • Strong systems thinking and ability to connect controls, risks, and infrastructure
  • Ways of Working

  • Focus on building scalable, repeatable solutions instead of manual processes
  • Ability to collaborate across Engineering, Security, and GRC teams
  • Clear and structured communication in both technical and governance contexts
  • Bias toward ownership and continuous improvement
About our culture

Smarsh hires lifelong learners with a passion for innovating with purpose, humility and humor. Collaboration is at the heart of everything we do. We work closely with the most popular communications platforms and the world’s leading cloud infrastructure platforms. We use the latest in AI/ML technology to help our customers break new ground at scale. We are a global organization that values diversity, and we believe that providing opportunities for everyone to be their authentic self is key to our success. Smarsh leadership, culture, and commitment to developing our people have all garnered Comparably.com Best Places to Work Awards. Come join us and find out what the best work of your career looks like.
Smarsh

About Smarsh

Smarsh is the global leader in communications data and intelligence — enabling companies worldwide to transform oversight into foresight.

Serving the top banks, insurers, investment firms, and government agencies since 2002, Smarsh delivers an innovative portfolio of AI-enabled solutions that help organizations stay compliant, mitigate risk, and unlock the value of their digital communications data.

Industry
IT & Software
Company Size
1,001-5,000 employees
Headquarters
Portland, OR
Year Founded
2002
Social Media