Sr. IRAP Compliance Program Manager

Canberra or Sydney

Smartsheet is a leading platform for enterprise work management, empowering organizations to plan, capture, manage, automate, and report on work at scale, resulting in more efficient processes and better business outcomes. With headquarters in Bellevue, Washington, Smartsheet serves customers worldwide, enabling them to achieve more.

This is an exciting role where you’ll be leading and managing the IRAP compliance program for our organisation, including interpreting the requirements defined in the Australian Signals Directorate’s Information Security Manual, determining the scope of those requirements, assessing compliance with those requirements, liaising with an external IRAP assessor, and implements or remediates requirements not fully implemented. Your mission is to get Smartsheet IRAP compliant as soon as possible, and then maintain that compliance thereafter.

You Will:

Compliance Management:

• Interpretation and Implementation: The Sr. Manager will independently interpret and apply IRAP and other control frameworks (e.g., NIST SP 800-53), ensuring that all technical controls meet security and compliance standards. This includes creating and maintaining technical standards, developing Assessment Procedures for controls, and managing the overall IRAP Assessment Package.
• Control Implementation: Oversee the implementation of compliance controls with a focus on optimizing risk reduction, cost efficiency, and business agility, rather than just achieving basic compliance.
• Challenge Assertions: Independently evaluate and challenge Control Owner assertions related to control implementation, ensuring they align with company policy and regulatory requirements.
• Liaison with External Assessors: Act as the primary point of contact with external IRAP assessors, coordinating the assessment process and ensuring all necessary documentation is provided.

Performance and Program Measurement:

• Evaluation and Monitoring: Develop criteria to measure program performance, conduct evaluations, and verify data and reports for completeness and correctness. Monitor and analyze project progress, recommending improvements or corrective actions where necessary.
• Problem Resolution: Proactively identify and address issues in the IRAP compliance program, recommending solutions and adjustments to ensure continuous improvement.

Program Management:

• Operational Oversight: Gain a thorough understanding of the company’s operations and integrate this knowledge into the management of the IRAP program. This includes resolving stakeholder issues, managing program budgets, and analyzing program data for improvements.
• Risk Management: Identify potential risks to the IRAP program, develop effective risk management strategies, and track progress in mitigating or managing those risks. Ensure compliance with relevant regulations and policies.

Project Management:

• Execution and Monitoring:Oversee the execution of IRAP-related projects, ensuring milestones and deliverables are achieved on time and within budget. Adjust project plans and resources based on shifting priorities or unforeseen challenges.
• Schedule and Scope Management: Monitor and manage the program’s schedule and scope to ensure alignment with strategic goals and operational needs. Make necessary adjustments to resources, timelines, or objectives.
• Requirements Management:Develop clear, actionable compliance requirements and manage changes or updates to these requirements, ensuring they remain feasible and verifiable throughout the lifecycle of the program.

Stakeholder Management:

• Expectation Management: Establish clear expectations with stakeholders and provide a mechanism for ongoing feedback and engagement. Develop an effective stakeholder management plan that addresses both high-level and day-to-day stakeholder needs.
• Issue Resolution: Proactively resolve any issues raised by stakeholders and maintain strong relationships by managing expectations and driving consensus on program goals and deliverables.

You Have:

Must-Haves:

• Australian citizenship.
• Bachelor’s degree in IT/Technology
• Expert-level knowledge of the Australian Signal Directorate’s Information Security Manual
• 2+ years of experience creating IRAP authorization packages at the “Protected” Level or above
• Knowledge and experience with IRAP assessment methodology and requirements
• 2+ years of experience mapping and translating requirements from one control framework (such as IRAP) to another (such as NIST SP 800-53)
• Basic understanding of NIST SP 800-53
• Basic understanding of Service Oriented Architecture and how DevOps impacts a compliance program
• 7+ years of experience in program management, with at least 3+ years specifically in compliance program management

Nice-to-Haves (listed in order of value):

• Past experience in compliance-based roles for SaaS companies
• IRAP Assessor Certification
• Experience implementing or using a GRC tool
• A security- or compliance-related certification, such as Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), and/or Certified Information Security Manager (CISM)
• Smartsheet is dedicated to enabling organizations to work smarter, not harder, by providing innovative solutions for work management. As we continue to grow and evolve, we are looking for talented individuals to join us in shaping the future of work.

This role at Smartsheet provides an exciting opportunity to lead and shape the company's security, and privacy initiatives in a dynamic environment. If you are a compliance-minded leader with a strong sense of integrity and expertise in information security and data privacy, we encourage you to apply and be part of our mission to empower organizations to achieve more.