We are looking for an Information Security & Compliance Specialist to join our growing Smartsheet Compliance team. You will support the continued development of the rapidly growing Smartsheet Gov compliance program at Smartsheet. We are looking for motivated individuals who will iterate quickly on existing processes that support our Smartsheet Gov product offering.
In 2005, Smartsheet was founded on the idea that teams and millions of people worldwide deserve a better way to deliver their very best work. Today, we deliver a leading cloud-based platform for work execution, empowering organizations to plan, capture, track, automate, and report on work at scale, resulting in more efficient processes and better business outcomes.
You will report to our Manager of Compliance and Corporate Security located in our Bellevue, WA office.
- Collaborate frequently with our engineering and product teams to help deliver new Smartsheet technologies to our FedRAMP Moderate IL4 offering.
- Support the FedRAMP and DoD SRG IL4/5 program, coordinating with team members and agencies, facilitating audit processes, change requests, and remediation activities
- Facilitate and verify FedRAMP evidence and artifacts (monthly, quarterly, annually) per FedRAMP continuous monitoring requirements for each FedRAMP customer
- Contribute FedRAMP-specific input and assist with FedRAMP pre-audit and post-audit activities including the Security Assessment Plan, the 3PAO Rules of Engagement, and the 3PAO Security Assessment Report
- Contribute FedRAMP-specific input to the System Security Plan (SSP). Ensure SSP is updated to reflect changes as they arise and that the changes are reviewed and approved before incorporated in the SSP.
- Work with Smartsheet leadership in developing FedRAMP Moderate POA&M, Compliance POA&M, Significant Change Requests, Operational Requirement Requests, and any other documentation required by a sponsoring agency or the FedRAMP PMO.
- Demonstrate expertise in FedRAMP (Federal Risk Authorization Management Program) requirements and their implementation originating from NIST SP 800-53 Rev 4, NIST SP 800-37, FISMA (Federal Information Systems Management Act), NIST RMF (Risk Management Framework), NIST FIPS 199 & Data Classification
- Be based in the U.S.
- 2+ years of relevant experience in information security or compliance in a FedRAMP environment with experience supporting certification programs for the US public sector, specifically FedRAMP (NIST SP800-53 R4, SP800-37, STIGs, etc.)
- Hands-On experience working with AWS solutions to monitor and enforce compliance in compliance governed or regulated environments (AWS Config, AWS Inspector, AWS Orgs, etc)
- Understanding of information security and security governance, risk and compliance frameworks, methodologies, and practices especially those unique to the FedRAMP space
- Experience communicating compliance requirements with technical and non-technical individuals within a business
- Working knowledge of IT processes, IT compliance, IT frameworks, such as SOX, SSAE 16 - SOC 1 & SOC 2, PCI compliance, NIST, DIACAP, FedRAMP, ISO 27001 & ISO 27002
- Evaluating risk and communicating risk in a fact-based manner
- Cloud or SaaS experience
- Ability to handle confidential matters discreetly
Perks & Benefits:
- 100% employer-paid medical, dental, and vision coverage for full-time employees
- Equity - Restricted Stock Units (RSUs) Equity with all offers
- Lucrative Employee Stock Purchase Program (15% discount)
- 401k Match to help you save for your future (50% of your contribution up to the first 6% of your eligible pay)
- Monthly stipend to support your work and productivity
- 15 days PTO to start, plus Flexible Sick Leave
- Teleworking options from any registered location in the U.S. (role specific)
- Up to 24 weeks of Parental Leave
- Personal paid Volunteer Day to support our community
- Opportunities for professional growth and development including access to LinkedIn Learning online courses
- Company Funded Perks, including a counseling membership, primary care membership, local retail discounts, and your own personal Smartsheet account
Equal Opportunity Employer:
Smartsheet is an Equal Opportunity Employer committed to fostering an inclusive environment with the best employees. We provide employment opportunities without regard to any legally protected status in accordance with applicable laws in the US, UK, and Australia. If there are preparations we can make to help ensure you have a comfortable and positive interview experience, please let us know.
At Smartsheet, we strive to build an inclusive environment that encourages, supports, and celebrates the diverse voices of our team members who also represent the diverse needs of our customers. We're looking for people who are driven, authentic, supportive, effective, and honest. You're encouraged to apply even if your experience doesn't precisely match our job description—if your career path has been nontraditional, that will set you apart. At Smartsheet, we welcome diverse perspectives and people who aren't afraid to be innovative—join us!