Governance, Risk & Compliance - Lead

Belfast, Northern Ireland, United Kingdom

Apply with AI Apply

Not SpecifiedCompensation

Senior (5 to 8 years), Expert & Leadership (9+ years)Experience Level

Full TimeJob Type

UnknownVisa

Biotechnology, Information Services, Financial ServicesIndustries

Requirements

Candidates should possess 7-10 years of experience in security governance, risk, or compliance roles, preferably within SaaS or regulated industries. A strong track record of operationalizing ISMS frameworks, managing control assurance, and supporting security governance programs is required. Experience with ISO 27001, SOC 2, and FedRAMP is beneficial, along with knowledge of emerging regulations like DORA, SEC, and the UK AI Act. Familiarity with GRC tooling and a global team environment is also expected.

Responsibilities

The GRC Lead will maintain and improve the ISO 27001-aligned ISMS, oversee the control assurance program, and manage internal and external audit workstreams. Responsibilities include driving the cybersecurity risk assessment lifecycle, enhancing risk methodologies, and supporting risk acceptance processes. The role involves monitoring regulations, managing customer security assessments, and leading third-party security reviews. Additionally, the GRC Lead will maintain the InfoSec policy lifecycle, develop governance metrics and reporting, deliver security training, and refine GRC workflows and tooling.

Skills

ISO 27001

ISMS

Risk Management

Compliance

Governance

Controls Assurance

Third-Party Risk Management

Regulatory Compliance

Information Security

Smarsh

Archiving and compliance solutions provider

About Smarsh

Smarsh provides archiving and compliance solutions specifically designed for financial services, government agencies, and other regulated industries. Their main product is a cloud-based archive that allows organizations to securely store, search, and manage their communications data, including emails, text messages, and social media interactions. This system helps businesses meet complex security, data privacy, and regulatory requirements. Smarsh differentiates itself from competitors by offering a scalable Software-as-a-Service (SaaS) model that caters to both large enterprises and smaller organizations, ensuring that clients can adapt to evolving regulations. Their goal is to help organizations efficiently manage their communication data, identify risks, and maintain compliance, particularly through tools like Connected Capture for Microsoft Teams, which supports remote workforces.

Portland, OregonHeadquarters

2001Year Founded

$42.4MTotal Funding

BUYOUTCompany Stage

Enterprise Software, Cybersecurity, Financial ServicesIndustries

1,001-5,000Employees

Benefits

Health Insurance

Dental Insurance

Life Insurance

Disability Insurance

Unlimited Paid Time Off

Paid Vacation

Paid Sick Leave

Paid Holidays

Hybrid Work Options

Stock Options

401(k) Company Match

Employee Assistance Programme

Wellness Program

Adoption Assistance

Group Income Protection

Group Life Assurance

Maternity Leave

Paternity Leave

Workplace Pension Scheme

Monthly Wellness Allowance

Company Bonus

Risks

Integration with OpenAI's API may pose compliance and security challenges.

EU's AI Act requires significant adjustments to Smarsh's AI systems.

Expansion into Latin America may expose Smarsh to regional instability.

Differentiation

Smarsh offers cloud-native, context-aware archiving solutions for regulated industries.

The company integrates with popular tools like Microsoft Teams for seamless compliance.

Smarsh serves 9 of the top 10 banks, showcasing its industry trust.

Upsides

Smarsh's global expansion includes a new office in Costa Rica for enhanced support.

Integration with OpenAI's ChatGPT API enhances Smarsh's AI compliance capabilities.

Partnership with Verizon simplifies mobile compliance procurement for Verizon's clients.

Land your dream remote job 3x faster with AI

Try Jobo Free