Hybrid Security Engineer, Trust Assurance Security Engineer, Trust Assurance with verification
Shopify · NAMER (Remote) · nan, · Hybrid
About the job
About Shopify
Opportunity is not evenly distributed. Shopify puts independence within reach for anyone with a dream to start a business. We propel entrepreneurs and enterprises to scale the heights of their potential. Since 2006, we’ve grown to over 8,300 employees and generated over $1 trillion in sales for millions of merchants in 175 countries.
This is life-defining work that directly impacts people’s lives as much as it transforms your own. This is putting the power of the few in the hands of the many, is a future with more voices rather than fewer, and is creating more choices instead of an elite option.
About You
Moving at our pace brings a lot of change, complexity, and ambiguity—and a little bit of chaos. Shopifolk thrive on that and are comfortable being uncomfortable. That means Shopify is not the right place for everyone.
Before you apply, consider if you can:
This role is ideal for you if you are someone who enjoys being hands-on and building technical things to support your work. You must also be able to organize others as you build and manage complex security compliance programs for a fast paced engineering focused environment.
In this role, you have autonomy to discover, analyse, and solve security and compliance problems at scale. Resourcefulness is key - you’ll need to be able to quickly gather context on infrastructure, systems, software, and safeguards to help Shopify continue shipping and scaling while staying secure, trustworthy, and usable.
A ‘day in the life’ of this role may include any, or all, of the following:
The role's core focus is on building and managing Shopify's compliance programs for our advanced IT systems, it offers a unique opportunity to work in a flexible compliance environment where expertise, innovation, and unconventional approaches are highly valued.
We are looking for someone with experience and skills such as:
We want a dynamic technical expert capable of managing projects, solving complex problems, simplifying solutions, and inspiring and upskilling the team.
Some examples of responsibilities of this role are:
Opportunity is not evenly distributed. Shopify puts independence within reach for anyone with a dream to start a business. We propel entrepreneurs and enterprises to scale the heights of their potential. Since 2006, we’ve grown to over 8,300 employees and generated over $1 trillion in sales for millions of merchants in 175 countries.
This is life-defining work that directly impacts people’s lives as much as it transforms your own. This is putting the power of the few in the hands of the many, is a future with more voices rather than fewer, and is creating more choices instead of an elite option.
About You
Moving at our pace brings a lot of change, complexity, and ambiguity—and a little bit of chaos. Shopifolk thrive on that and are comfortable being uncomfortable. That means Shopify is not the right place for everyone.
Before you apply, consider if you can:
- Care deeply about what you do and about making commerce better for everyone
- Excel by seeking professional and personal hypergrowth
- Keep up with an unrelenting pace (the week, not the quarter)
- Be resilient and resourceful in face of ambiguity and thrive on (rather than endure) change
- Bring critical thought and opinion
- Embrace differences and disagreement to get shit done and move forward
- Work digital-first for your daily work
This role is ideal for you if you are someone who enjoys being hands-on and building technical things to support your work. You must also be able to organize others as you build and manage complex security compliance programs for a fast paced engineering focused environment.
In this role, you have autonomy to discover, analyse, and solve security and compliance problems at scale. Resourcefulness is key - you’ll need to be able to quickly gather context on infrastructure, systems, software, and safeguards to help Shopify continue shipping and scaling while staying secure, trustworthy, and usable.
A ‘day in the life’ of this role may include any, or all, of the following:
- Writing and updating code that automates and supports audit and compliance programs.
- Meeting with SMEs from Production Engineering, Security Engineering, Product, Legal, and other areas to learn how Shopify works and ensure that the compliance programs accurately reflect what we do and how we do it.
- Engaging with external auditors to design and perform audits for programs such as SOC, SOX, PCI and others.
- Providing expert advice to Shopify teams with regard to security and compliance domains you manage
The role's core focus is on building and managing Shopify's compliance programs for our advanced IT systems, it offers a unique opportunity to work in a flexible compliance environment where expertise, innovation, and unconventional approaches are highly valued.
We are looking for someone with experience and skills such as:
- Proven experience performing assurance and advisory roles relating to Information Technology with particular emphasis on system implementations, technical security configurations, and cloud native environments.
- Hands-on experience building data analytics, reporting solutions and task automation tooling.
- Experience evaluating IT, security and application controls in the context of a compliance program for a company of similar size and complexity of Shopify.
- Strong knowledge of industry risk and compliance frameworks such as NIST, ISO, SOX, SOC, and PCI-DSS.
- Excellent analytical and problem-solving skills, with the ability to think strategically and identify innovative solutions to complex challenges.
- Strong project management skills, with the ability to prioritize and manage multiple initiatives simultaneously using agile project management methodologies.
- Exceptional communication and interpersonal skills, with the ability to effectively collaborate with stakeholders.
- Self-motivated and adaptable, with a strong drive for continuous learning and professional growth.
We want a dynamic technical expert capable of managing projects, solving complex problems, simplifying solutions, and inspiring and upskilling the team.
Some examples of responsibilities of this role are:
- Be a security expert responsible for owning and building compliance activities for standards such as: SOC, PCI, SOX and others.
- Dive deep into new products or initiatives to surface and analyse the impact on security compliance engineering.
- Leverage data and visualization tools to identify areas for improvement, track progress and inform trusted decisions.
- Be a strong and credible influencer among cross functional engineering and business teams.
- Actively seek out opportunities to develop and deploy automations that will increase team efficiency.
- Anticipate changes in our trust and security posture as the technical footprint and company operations change, and help propose solutions to adapt to change.
- Develop safeguards, systems and policies that meet compliance requirements while balancing the need to move fast and stay innovative.
