VP, Information Security (CISO) (Remote Eligible)

Smartsheet is a tech company with a human story to tell. We’re here to empower teams to manage projects, automate workflows, and rapidly build new secure solutions, using simple no-code tools. We’re revolutionaries – so for us changing the way the world works is all in a day’s work.

We are looking for a strong, recognized Information Security industry leader to join us on this mission as our VP of Information Security (CISO). In this critical leadership position, you will define and execute a comprehensive, forward-looking information security strategy aligned with company goals and investor expectations, leading a world-class team of security professionals. You will report directly to the Chief Technology Officer and be a crucial member of our Executive Leadership Team and may work remotely from anywhere in the US where Smartsheet is a registered employer.

You Will

• Develop and implement a comprehensive information security strategy and roadmap aligned with business objectives and investor expectations for a SaaS organization.
• Lead, mentor, and scale a high-performing team of information security professionals (engineers, analysts, architects).
• Serve as a trusted advisor to the CTO, Board of Directors, and PE sponsors on cyber risk and compliance matters.
• Engage and build trust with CIOs, CISOs, and other Enterprise IT leaders across customer organizations.
• Drive a culture of security across the organization through cross-functional initiatives and security awareness programs.
• Oversee the security of our SaaS platform, addressing multi-tenancy, data isolation, encryption, API security, and IAM for customers and internal users.
• Implement and manage secure DevOps/DevSecOps practices and ensure secure SDLC for SaaS products.
• Secure cloud environments (AWS, Azure), manage cloud-native security tools, and implement Infrastructure-as-Code (IaC) and container security.
• Establish and maintain compliance with relevant frameworks (SOC 2 Type II, ISO 27001/27017/27018, GDPR, CCPA, FedRAMP), lead audits, and manage our GRC program.
• Develop and execute data protection strategies, including DLP, encryption, and backup/disaster recovery.
• Build and manage an incident response program, oversee threat detection and response (SIEM, EDR, XDR), and utilize threat intelligence.
• Conduct security risk assessments, manage mitigation plans, and oversee third-party risk management.
• Address customer security concerns, support sales with security questionnaires, and manage customer-facing security resources.
• Stay current with emerging threats and technologies, evaluating and implementing new security solutions.
• Define and track key security metrics (KPIs) and present reports to executive leadership.
• Manage the security budget and justify security investments.
• Maintain deep knowledge of the SaaS industry landscape, leveraging security for competitive advantage and customer trust.
• Develop and test business continuity and disaster recovery plans, leading the company through security incidents and crises.

You Have:

• 15+ years of hands-on experience in Information Security, encompassing network, application, cryptography, SDLC security, threat management, pentesting, abuse/fraud prevention, security compliance, and incident response.
• 10+ years of progressive leadership experience building, mentoring, and managing high-performing InfoSec teams.
• Proven success leading security in a SaaS or technology-driven company, with experience in a PE-backed environment preferred.
• Excellent communication and presentation skills, with the ability to articulate complex security concepts to technical and non-technical audiences.
• Strong leadership, collaboration, and stakeholder management skills.
• Deep understanding of cloud security (AWS, Azure, GCP), application security, and DevSecOps best practices.
• Demonstrated experience with compliance frameworks relevant to SaaS companies (SOC 2, ISO 27001, NIST, GDPR, CCPA, FedRAMP).
• Relevant security certifications (CISSP, CISM, CISA, CCSP).
• Strong problem-solving skills and a proactive approach to security.
• Experience managing security budgets and justifying investments.

Get to Know Us:

At Smartsheet, we’ve created a place where everyone is welcome — people from all over the world, all backgrounds, all ages, all colors, and all beliefs working side by side. Here, everyone can make a difference and empower others to do the same. You’re encouraged to apply even if your experience doesn’t precisely match our job description—if your career path has been nontraditional, that will set you apart. At Smartsheet, we empower everyone, everywhere to change the way the world works—join us!

Equal Opportunity Employer:

Smartsheet is an Equal Opportunity (EEO) employer committed to fostering an inclusive environment with the best employees. It is our policy to provide equal employment opportunities to all qualified applicants in accordance with applicable laws in the US, UK, Australia, Germany, Costa Rica, Japan, Bulgaria, and India. All qualified applicants will receive consideration without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information. 

If there are preparations we can make to help ensure you have a comfortable and positive interview experience, please let us know.

#LI-Remote