This position reports to: Head of SecEng or CISOWe're looking for a highly motivated, collaborative and technically experienced Cyber Security Professional with the ability to understand and influence cloud operational and security processes, effectively communicate our organisation's controls including intent, and drive changes within the organisation through effective testing. The successful candidate must be reliable, resourceful and have a positive attitude.In this position, you will be involved in leading and managing the IRAP compliance program for our organization. This will include liaising with government agencies, third party auditors, internal engagement with SMEs. So it requires a holistic level understanding of regulatory requirements and how it can be implemented within a cloud environment.You will be a key member of our team and you will play an important role in defining the framework for the Smartsheet IRAP compliance effort, including identification of documentation requirements and a schedule for continuous monitoring. In this role you will be required to demonstrate the ability to analyse difficult problems, think out-of-box and provide pragmatic solutions and recommendations.Our current compliance initiatives are focused on, but not limited to Spain's ENS, Germany's TISAX, Japan's ISMAP, Australia's IRAP, Singapore MTCS, and other important global programs such as ISO 27001, ISO 27002, ISO 27017, ISO 27018, PCI, SSAE 18, and SOC 2.You Will:
- Perform activities to help measure and monitor IRAP compliance with company policies and procedures
- Perform gap analysis of IRAP requirements in comparison with our existing NIST 800.53 security controls
- Facilitate certifier and assessor requests and information gathering for audit activities and lead the audit process
- Craft and revise security policies and procedures to enhance compliance with IRAP and other relevant security frameworks.
- Conduct activities to comply with the various Government Cyber Security requirements within the Australia and wider APAC region
- Successfully drive security compliance testing activities across various teams within the organisation
- Coordinate with various internal teams (IT, legal, CorpIT, etc.) and external stakeholders to ensure alignment and understanding of compliance requirements and strategies.
- Contribute by enhancing and maturing the existing common control framework
- Liaise with Risk Management team and assist with security risk assessment activities and development of security controls and documentation, as needed
- Monitor regulatory changes relevant to IRAP and adjust compliance strategies as necessary.
- Advocate for best practices in security and compliance
- Contribute towards enhancing the policies and processes that are a part of our compliance requirements to and understand how they meet compliance business needs
You Have:- 8+ years working in the field of cyber security compliance, security risk or audit
- Direct and current working experience with Australian IRAP and at least one other compliance program from among the following: UK Cyber Essentials Plus, ISO 27001, PCI, MTCS, SSAE18, and/or SOC2
- Prior experience working in the Security and Compliance group at a SaaS/Cloud company or with Security and Risk practice of a reputable auditing firm
- Relevant professional certifications such as CISSP, CISA, CISM are desirable
- Demonstrated experience working on large projects
- Experience using a GRC tool or system is desirable
- Excellent writing skills, ability to prepare and deliver compliance presentations and delivery of associated metrics
- Excellent verbal and written communication skills
- Ability to work effectively as a member of the Compliance Team to drive results for the Information Security Program
The candidate must be an Australian citizen currently holding a baseline security clearance, or willing to obtain a baseline security clearance.
Get to Know UsAt Smartsheet, we've created a place where everyone is welcome - people from all over the world, all backgrounds, all ages, all colours, and all beliefs working side by side. Here, everyone can make a difference and empower others to do the same. You're encouraged to apply even if your experience doesn't precisely match our job description-if your career path has been nontraditional, that will set you apart. At Smartsheet, we empower everyone, everywhere to change the way the world works-join us
Equal Opportunity Employer:Smartsheet is an Equal Opportunity Employer committed to fostering an inclusive environment with the best employees. We provide employment opportunities without regard to any legally protected status in accordance with applicable laws in the US, UK, Australia, Japan, Costa Rica, and Germany. If there are preparations we can make to help ensure you have a comfortable and positive interview experience, please let us know.#BI-Remote#LI-RemoteApply for this Job
First Name *Last Name *
Email *PhoneLocation (City) *Resume/CVDrop files hereAttach or enter manually(File types: pdf, doc, docx, txt, rtf)Cover LetterDrop files hereAttach or enter manually(File types: pdf, doc, docx, txt, rtf)Applicant Privacy Notice *Before you submit your application, please read and acknowledge receipt of the .Do you have full working rights in Australia? *Voluntary EEOC DemographicsAt Smartsheet, we strive to build an inclusive environment that encourages, supports, and celebrates the diverse voices of our team members. Individuals seeking employment at Smartsheet are considered without regards to race, ethnicity, color, age, sex, religion, national origin, ancestry, pregnancy, sexual orientation, gender, gender identity, gender expression, genetic information, physical or mental disability, registered domestic partner status, caregiver status, marital status, veteran or military status, citizenship status, or any other legally protected category in the US, UK, and Australia.Below is a set of voluntary demographic questions. If you choose to complete them, your responses will be used in aggregate to help us identify areas for improvement in our programs. Your responses, or your choice to not respond, will not be considered in the hiring process. Any information that you provide will be recorded and maintained confidentially.For definitions of any of the following terms or to read more about your rights, please visit the .I identify my gender as: *MaleFemaleNon-binary (inclusive of bigender, agender, androgynous, gender fluid, or gender non-conforming)I don't wish to answerI identify as transgender: *NoYesI don't wish to answerI identify my race / ethnicity as (select all that apply): *Alaska Native / American Indian / Indigenous/Aboriginal / Native AmericanBlack / African-American / Black-British / CaribbeanHispanic / LatinxEast Asian (Chinese / Hong-Kong / Japanese / Korean / Mongolian / Tibetan / Taiwanese)Middle Eastern / North AfricanNative Hawaiian / Pacific IslanderSouth Asian (Bangladeshi / Bhutanese / Indian / Nepali / Pakistani / Sri Lankan)Southeast Asian (Burmese / Cambodian / Filipino / Hmong / Indonesian / Laotian / Malaysian / Mien / Singaporean / Thai / Vietnamese)White / EuropeanI don't wish to answerMy veteran status is: *Yes, I am a veteranNo, I am not a veteranI don't wish to answerMy disability status is: *Yes, I have a disability (or previously had a disability)No, I do not have a disabilityI don't wish to answerOur system has flagged this application as potentially being associated with bot traffic. Please turn off any VPNs, clear your browser cache and cookies, or try submitting your application in a different browser. If this issue persists, please reach out to our support team via our
Address
Salary
