VP, Information Security (CISO)

Smartsheet is a tech company with a human story to tell. We’re here to empower teams to manage projects, automate workflows, and rapidly build new secure solutions, using simple no-code tools. We’re revolutionaries – so for us changing the way the world works is all in a day’s work.

We are looking for a strong, recognized Information Security industry leader to join us on this mission as our VP of Information Security (CISO). In this critical leadership position, you will define and execute a comprehensive, forward-looking information security strategy aligned with company goals and investor expectations, leading a world-class team of security professionals. You will report directly to the Chief Technology Officer and be a crucial member of our Executive Leadership Team. This role may be remote from anywhere in the US where Smartsheet is a registered employer.

• Develop and implement a comprehensive information security strategy and roadmap aligned with business objectives and investor expectations for a SaaS organization.
• Lead, mentor, and scale a high-performing team of information security professionals (engineers, analysts, architects).
• Serve as a trusted advisor to the CTO, Board of Directors, and PE sponsors on cyber risk and compliance matters.
• Engage and build trust with CIOs, CISOs, and other Enterprise IT leaders across customer organizations.
• Drive a culture of security across the organization through cross-functional initiatives and security awareness programs.
• Oversee the security of our SaaS platform, addressing multi-tenancy, data isolation, encryption, API security, and IAM for customers and internal users.
• Implement and manage secure DevOps/DevSecOps practices and ensure secure SDLC for SaaS products.
• Secure cloud environments (AWS, Azure), manage cloud-native security tools, and implement Infrastructure-as-Code (IaC) and container security.
• Establish and maintain compliance with relevant frameworks (SOC 2 Type II, ISO 27001/27017/27018, GDPR, CCPA, FedRAMP), lead audits, and manage our GRC program.
• Develop and execute data protection strategies, including DLP, encryption, and backup/disaster recovery.
• Build and manage an incident response program, oversee threat detection and response (SIEM, EDR, XDR), and utilize threat intelligence.
• Conduct security risk assessments, manage mitigation plans, and oversee third-party risk management.
• Address customer security concerns, support sales with security questionnaires, and manage customer-facing security resources.
• Stay current with emerging threats and technologies, evaluating and implementing new security solutions.
• Define and track key security metrics (KPIs) and present reports to executive leadership.
• Manage the security budget and justify security investments.
• Maintain deep knowledge of the SaaS industry landscape, leveraging security for competitive advantage and customer trust.
• Develop and test business continuity and disaster recovery plans, leading the company through security incidents and crises.

• 15+ years of hands-on experience in Information Security, encompassing network, application, cryptography, SDLC security, threat management, pentesting, abuse/fraud prevention, security compliance, and incident response.
• 10+ years of progressive leadership experience building, mentoring, and managing high-performing InfoSec teams.
• Proven success leading security in a SaaS or technology-driven company, with experience in a PE-backed environment preferred.
• Excellent communication and presentation skills, with the ability to articulate complex security concepts to technical and non-technical audiences.
• Strong leadership, collaboration, and stakeholder management skills.
• Deep understanding of cloud security (AWS, Azure, GCP), application security, and DevSecOps best practices.
• Demonstrated experience with compliance frameworks relevant to SaaS companies (SOC 2, ISO 27001, NIST, GDPR, CCPA, FedRAMP).
• Relevant security certifications (CISSP, CISM, CISA, CCSP).
• Strong problem-solving skills and a proactive approach to security.
• Experience managing security budgets and justifying investments.