Who are we?
Smarsh empowers its customers to manage risk and unleash intelligence in their digital communications. Our growing community of over 6500 organizations in regulated industries counts on Smarsh every day to help them spot compliance, legal or reputational risks in 80+ communication channels before those risks become regulatory fines or headlines. Relentless innovation has fueled our journey to consistent leadership recognition from analysts like Gartner and Forrester, and our sustained, aggressive growth has landed Smarsh in the annual Inc. 5000 list of fastest-growing American companies since 2008.
Smarsh is a global leader in digital communications capture, archiving, and oversight. Our Governance, Risk, and Compliance function is built to scale through systems, automation, and engineering-driven control frameworks.
This role focuses on building and operating the systems that make governance real in a production environment. You will work at the intersection of Security, Engineering, and GRC to design, implement, and validate controls as part of normal system operation rather than after-the-fact compliance activities.
You will be responsible for developing control validation workflows, improving evidence automation, and ensuring strong alignment between policy intent and system behavior. The role requires strong systems thinking and the ability to translate compliance requirements into practical, testable implementations.
Core Responsibilities
Control Engineering & Validation
Design and implement security controls as testable, system-aligned mechanisms across cloud and application environments
Translate regulatory and framework requirements into measurable control logic and validation checks
Build and operate control validation workflows, including continuous testing and monitoring
Identify and resolve gaps between documented controls and actual system behavior
GRC Automation & Tooling
Develop and improve GRC tooling integrations and platform capabilities
Automate evidence collection from cloud platforms, security tools, and internal systems
Design scalable workflows for continuous control monitoring and audit readiness
Improve data quality, structure, and traceability across GRC systems
Evidence & Audit Engineering
Design reusable, structured evidence models aligned to control requirements
Build automated evidence pipelines that support audit readiness
Ensure evidence is generated at the source and remains consistent over time
Maintain audit trails that demonstrate control effectiveness
Risk & Control Integration
Integrate control assurance outputs into risk management systems
Maintain clear linkage between controls, risks, and remediation activities
Improve visibility into control health and organizational risk posture
Support structured remediation workflows with clear ownership and tracking
Governance Systems & Process Design
Design and refine governance workflows that align with engineering practices
Contribute to Policy as Code and structured governance approaches
Standardize how policies and controls are implemented across systems
Improve consistency and repeatability across GRC operations
Regulatory & Compliance Engineering
Translate regulatory requirements into system-aligned control implementations
Ensure compliance obligations are implemented as measurable and testable mechanisms
Partner with Legal and Security to align regulatory interpretation with technical execution
Third-Party & External Assurance
Support third-party security assessments using scalable and repeatable evaluation approaches
Align vendor risk processes with internal control frameworks
Contribute to client assurance through standardized, automation-ready evidence
What We’re Looking For
Experience
6 to 8 years of experience in GRC, security engineering, or control assurance within SaaS or regulated environments
Experience designing and implementing security controls in technical environments
Hands-on experience with automation, evidence systems, or control validation workflows
Strong understanding of cloud platforms and modern application architectures
Technical & Analytical Capability
Ability to translate compliance frameworks such as ISO 27001, SOC 2, and NIST into system-level implementations
Experience working with APIs, logs, or structured data to validate controls
Comfort with scripting or automation such as Python or similar
Strong systems thinking and ability to connect controls, risks, and infrastructure
Ways of Working
Focus on building scalable, repeatable solutions instead of manual processes
Ability to collaborate across Engineering, Security, and GRC teams
Clear and structured communication in both technical and governance contexts
Bias toward ownership and continuous improvement
About our culture
Smarsh hires lifelong learners with a passion for innovating with purpose, humility and humor. Collaboration is at the heart of everything we do. We work closely with the most popular communications platforms and the world’s leading cloud infrastructure platforms. We use the latest in AI/ML technology to help our customers break new ground at scale. We are a global organization that values diversity, and we believe that providing opportunities for everyone to be their authentic self is key to our success. Smarsh leadership, culture, and commitment to developing our people have all garnered Comparably.com Best Places to Work Awards. Come join us and find out what the best work of your career looks like.