Smarsh Belfast, United Kingdom Full Time Reference: ISMS Governance & Controls Assurance Lead the ongoing maintenance and enhancement of Smarsh's ISO 27001-aligned ISMS, ensuring policies, controls, and governance processes are clear, actionable, and aligned with business operations. Author and maintain security control narratives, working closely with technical teams to ensure controls are designed with enforceability and operational alignment in mind. Oversee the Control Assurance Program, ensuring effective evidence collection, control testing, and continuous monitoring practices. Coordinate internal and external audit readiness (SOC 2, ISO 27001, FedRAMP, customer audits) through structured governance workflows. Risk Management & Governance Manage the risk assessment lifecycle, ensuring comprehensive engagement across business, technical, and third-party risk domains. Facilitate risk acceptance workflows, maintaining governance rigor through well-defined documentation and approval processes. Ensure effective governance of risk treatment plans, enabling clear tracking and status reporting. Regulatory, Contractual & Client Assurance Translate emerging regulations (e.g., DORA, SEC Cyber Rules, UK AI Act) into internal governance requirements and operational processes. Manage customer security assessments and DDQs, utilizing standardized assurance artefacts to deliver efficient, high-quality responses. Ensure external assurance artefacts are maintained and accessible through the Smarsh Trust Center. Third-Party & Supply Chain Risk Lead third-party security reviews and ensure governance controls are extended across the vendor lifecycle. Partner with Procurement and Legal to align contractual security requirements and risk acceptance criteria. Policy Lifecycle & Governance Metrics Own the policy lifecycle process, ensuring policies are regularly reviewed, updated, and tracked for compliance. Develop governance reporting and dashboards that provide clear visibility into control effectiveness, risk posture, and audit readiness. Support governance forums and leadership committees with data-driven insights and structured governance reports. GRC Operations & Enablement Lead the continual refinement of GRC workflows, ensuring operational efficiency in documentation, evidence management, and status tracking. Collaborate with Engineering and Security teams to ensure controls are practically enforceable within operational workflows. Bring forward ideas and experience around scaling governance processes through automation and control validation techniques, supporting Smarsh's long-term governance maturity. 7-10 years of experience in GRC leadership, security governance, or compliance process roles within SaaS or regulated industries. Proven experience writing security controls, managing control assurance programs, and leading external audit preparation. Deep understanding of how security controls are designed, enforced, and validated within technical and business environments. Experience translating regulatory frameworks (ISO 27001, SOC 2, GDPR, FedRAMP, DORA, SEC Cyber Rules) into scalable governance processes and workflows. Ability to collaborate cross-functionally across Security, Engineering, Legal, and Product teams to embed governance effectively. Exceptional documentation and reporting skills, with the ability to produce executive-level governance artefacts and metrics dashboards. Strong background with GRC tooling, control validation workflows, and scalable governance process design.