Information Security GRC Lead

at Smarsh
🇬🇧 United Kingdom - Remote
🔒 Cybersecurity🟣 Senior

Job description

Who are we?

Smarsh empowers its customers to manage risk and unleash intelligence in their digital communications. Our growing community of over 6500 organizations in regulated industries counts on Smarsh every day to help them spot compliance, legal or reputational risks in 80+ communication channels before those risks become regulatory fines or headlines.  Relentless innovation has fueled our journey to consistent leadership recognition from analysts like Gartner and Forrester, and our sustained, aggressive growth has landed Smarsh in the annual Inc. 5000 list of fastest-growing American companies since 2008.

Summary

Smarsh is committed to embedding security as a business enabler. As a senior member of the GRC team, you will be instrumental in ensuring that our security governance, risk, and compliance efforts are integrated, scalable, and proactive.

The GRC Lead plays a cross-functional leadership role, supporting the Senior Manager, GRC, and taking ownership of key programmes that span our ISMS, controls assurance, risk management, third-party oversight, and regulatory compliance. You’ll engage with stakeholders across InfoSec, Legal, Product, Engineering, and Customer teams to operationalise governance and build trust.

This is a strategic yet hands-on role, ideal for someone who thrives in driving governance initiatives, facilitating risk discussions, and ensuring compliance readiness while working closely with Engineering, Security, and Product teams. You must be comfortable working as part of a global team in a dynamic, fast-paced environment. Collaboration across time zones and geographies is a key part of our culture and success.

How will you contribute?

  • ISMS Governance & Controls Assurance

  • Lead the maintenance and continuous improvement of Smarsh’s ISO 27001-aligned ISMS.

  • Oversee the control assurance programme, ensuring robust evidence collection, control testing, and continuous monitoring.

  • Own key internal and external audit workstreams, including SOC 2, ISO 27001, FedRAMP and customer audits.

  • Cybersecurity Risk Management

  • Drive the risk assessment lifecycle, embedding business, technical, and supply chain risk perspectives.

  • Enhance risk methodologies and tools, integrating real-time risk metrics into dashboards and governance forums.

  • Support risk acceptance processes and facilitate cross-functional remediation plans.

  • Regulatory, Contractual & Client Assurance

  • Monitor emerging regulations (e.g. DORA, SEC, UK AI Act) and translate them into actionable internal obligations.

  • Manage customer security assessments and DDQs, enabling frictionless trust through reusable assurance artefacts.

  • Coordinate timely, high-quality client responses and external assurance artefacts.

  • Third-Party & Supply Chain Risk

  • Lead third-party security reviews and ensure governance controls are extended across the vendor lifecycle.

  • Partner with Procurement and Legal to align contractual security requirements and risk acceptance criteria.

  • Policy Governance & Stakeholder Reporting

  • Maintain the InfoSec policy lifecycle and track compliance across business units.

  • Develop and maintain security governance metrics and reporting for the CISO and wider executive team.

  • Support the operation of governance forums and steering committees.

  • Security Awareness & Culture

  • Deliver targeted security training and awareness campaigns aligned to regulatory and business needs.

  • Promote a security-aware culture of governance accountability and enablement across teams.

  • GRC Operations & Enablement

  • Own and refine core GRC workflows, including documentation, issue tracking, evidence management, and status reporting.

  • Maintain and expand GRC tooling integrations, ensuring high-quality automation and reporting outputs.

What will you bring?

  • 7–10 years’ experience in security governance, risk, or compliance roles within SaaS or regulated industries.
  • Strong track record operationalising ISMS frameworks, managing control assurance, and supporting external audits.
  • Hands-on experience with GRC platforms, security metrics reporting, and risk assessments.
  • Proven ability to work across business, engineering, and legal teams to embed governance effectively.
  • Familiarity with modern regulatory landscapes and frameworks such as ISO 27001, SOC 2, GDPR, DORA, FedRAMP and SEC Cyber rules.
  • Strong communication skills, with the ability to create executive-level reporting and artifacts.
  • Experience leading client assurance programmes or third-party risk management.
  • Professional certifications (CISA, CISM, ISO 27001 LA, CISSP, CRISC) preferred.

About our culture

Smarsh hires lifelong learners with a passion for innovating with purpose, humility and humor. Collaboration is at the heart of everything we do. We work closely with the most popular communications platforms and the world’s leading cloud infrastructure platforms. We use the latest in AI/ML technology to help our customers break new ground at scale. We are a global organization that values diversity, and we believe that providing opportunities for everyone to be their authentic self is key to our success. Smarsh leadership, culture, and commitment to developing our people have all garnered Comparably.com Best Places to Work Awards. Come join us and find out what the best work of your career looks like.

Share this job:
Please let Smarsh know you found this job on Remote First Jobs 🙏

Similar Remote Jobs

Latest Jobs at Smarsh

Benefits of using Remote First Jobs

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

Advanced Filters

Filter by category, benefits, seniority, and more.

Priority Job Alerts

Get timely alerts for new job openings every day.

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

Search remote, work from home, 100% online jobs

We help you connect with top remote-first companies.

Search jobs

Hiring remote talent? Post a job

Frequently Asked Questions

What makes Remote First Jobs different from other job boards?

Unlike other job boards that only show jobs from companies that pay to post, we actively scan over 20,000 companies to find remote positions. This means you get access to thousands more jobs, including ones from companies that don't typically post on traditional job boards. Our platform is dedicated to fully remote positions, focusing on companies that have adopted remote work as their standard practice.

How often are new jobs added?

New jobs are constantly being added as our system checks company websites every day. We process thousands of jobs daily to ensure you have access to the most up-to-date remote job listings. Our algorithms scan over 20,000 different sources daily, adding jobs to the board the moment they appear.

Can I trust the job listings on Remote First Jobs?

Yes! We verify all job listings and companies to ensure they're legitimate. Our system automatically filters out spam, junk, and fake jobs to ensure you only see real remote opportunities.

Can I suggest companies to be added to your search?

Yes! We're always looking to expand our listings and appreciate suggestions from our community. If you know of companies offering remote positions that should be included in our search, please let us know. We actively work to increase our coverage of remote job opportunities.

How do I apply for jobs?

When you find a job you're interested in, simply click the 'Apply Now' button on the job listing. This will take you directly to the company's application page. We kindly ask you to mention that you found the position through Remote First Jobs when applying, as it helps us grow and improve our service 🙏

Apply