Who are we?
Smarsh empowers its customers to manage risk and unleash intelligence in their digital communications. Our growing community of over 6500 organizations in regulated industries counts on Smarsh every day to help them spot compliance, legal or reputational risks in 80+ communication channels before those risks become regulatory fines or headlines. Relentless innovation has fueled our journey to consistent leadership recognition from analysts like Gartner and Forrester, and our sustained, aggressive growth has landed Smarsh in the annual Inc. 5000 list of fastest-growing American companies since 2008.
Smarsh is a global leader in digital communications capture, archiving, and oversight. Our Governance, Risk, and Compliance function is built to scale through systems, automation, and engineering-driven control frameworks.
This role focuses on building and operating the systems that make governance real in a production environment. You will work at the intersection of Security, Engineering, and GRC to design, implement, and validate controls as part of normal system operation rather than after-the-fact compliance activities.
You will be responsible for developing control validation workflows, improving evidence automation, and ensuring strong alignment between policy intent and system behavior. The role requires strong systems thinking and the ability to translate compliance requirements into practical, testable implementations.
Control Engineering & Validation
- Design and implement security controls as testable, system-aligned mechanisms across cloud and application environments
- Translate regulatory and framework requirements into measurable control logic and validation checks
- Build and operate control validation workflows, including continuous testing and monitoring
- Identify and resolve gaps between documented controls and actual system behavior
GRC Automation & Tooling
- Develop and improve GRC tooling integrations and platform capabilities
- Automate evidence collection from cloud platforms, security tools, and internal systems
- Design scalable workflows for continuous control monitoring and audit readiness
- Improve data quality, structure, and traceability across GRC systems
Evidence & Audit Engineering
- Design reusable, structured evidence models aligned to control requirements
- Build automated evidence pipelines that support audit readiness
- Ensure evidence is generated at the source and remains consistent over time
- Maintain audit trails that demonstrate control effectiveness
Risk & Control Integration
- Integrate control assurance outputs into risk management systems
- Maintain clear linkage between controls, risks, and remediation activities
- Improve visibility into control health and organizational risk posture
- Support structured remediation workflows with clear ownership and tracking
Governance Systems & Process Design
- Design and refine governance workflows that align with engineering practices
- Contribute to Policy as Code and structured governance approaches
- Standardize how policies and controls are implemented across systems
- Improve consistency and repeatability across GRC operations
Regulatory & Compliance Engineering
- Translate regulatory requirements into system-aligned control implementations
- Ensure compliance obligations are implemented as measurable and testable mechanisms
- Partner with Legal and Security to align regulatory interpretation with technical execution
Third-Party & External Assurance
- Support third-party security assessments using scalable and repeatable evaluation approaches
- Align vendor risk processes with internal control frameworks
- Contribute to client assurance through standardized, automation-ready evidence
Experience
- 6 to 8 years of experience in GRC, security engineering, or control assurance within SaaS or regulated environments
- Experience designing and implementing security controls in technical environments
- Hands-on experience with automation, evidence systems, or control validation workflows
- Strong understanding of cloud platforms and modern application architectures
Technical & Analytical Capability
- Ability to translate compliance frameworks such as ISO 27001, SOC 2, and NIST into system-level implementations
- Experience working with APIs, logs, or structured data to validate controls
- Comfort with scripting or automation such as Python or similar
- Strong systems thinking and ability to connect controls, risks, and infrastructure
Ways of Working
- Focus on building scalable, repeatable solutions instead of manual processes
- Ability to collaborate across Engineering, Security, and GRC teams
- Clear and structured communication in both technical and governance contexts
- Bias toward ownership and continuous improvement
About our culture
Smarsh hires lifelong learners with a passion for innovating with purpose, humility and humor. Collaboration is at the heart of everything we do. We work closely with the most popular communications platforms and the world’s leading cloud infrastructure platforms. We use the latest in AI/ML technology to help our customers break new ground at scale. We are a global organization that values diversity, and we believe that providing opportunities for everyone to be their authentic self is key to our success. Smarsh leadership, culture, and commitment to developing our people have all garnered Comparably.com Best Places to Work Awards. Come join us and find out what the best work of your career looks like.
