Compliance Engineer - GRC Solutions na Costco Wholesale

Costco IT is responsible for the technical future of Costco Wholesale, the third largest retailer in the world with wholesale operations in fourteen countries. Despite our size and explosive international expansion, we continue to provide a family, employee centric atmosphere in which our employees thrive and succeed.

This is an environment unlike anything in the high-tech world and the secret of Costco’s success is its culture. The value Costco puts on its employees is well documented in articles from a variety of publishers including Bloomberg and Forbes. Our employees and our members come FIRST.  Costco is well known for its generosity and community service and has won many awards for its philanthropy. The company joins with its employees to take an active role in volunteering by sponsoring many opportunities to help others. 

Come join the Costco Wholesale IT family. Costco IT is a dynamic, fast-paced environment, working through exciting transformation efforts. We are building the next generation retail environment where you will be surrounded by dedicated and highly professional employees.

Compliance Engineers support the overarching values and business goals of Costco as they relate to meeting legal and regulatory obligations, identifying technical risks to the business, protecting member data and privacy, and ensuring continued compliance with Costco’s policies. Compliance Engineers work cross functionally to define and set guidance in response to emerging standards and legislations, ensure policies and procedures are implemented and well documented, perform technical architecture, network and system reviews, ensure compliance requirements and controls are designed and implemented prior to go-live and identify compliance problems that require formal attention. Compliance Engineers speak both technical and business language interchangeably to effectively communicate and lead.

The Engineer - GRC Solutions is a key member of the Information Security & Compliance team, reporting to the AVP of Security Compliance. In this position, we are seeking an experienced Engineer to lead the development, implementation, and management of our cybersecurity Governance, Risk, and Compliance (GRC) solutions. This role is pivotal to our GRC as a Product strategy, focusing on delivering scalable, user-centric, and innovative GRC solutions that drive business value and align with our enterprise security goals.

Engineers have deep knowledge and hands-on experience in enterprise-wide platforms, and solve technical problems while working on technology initiatives. Engineers have strong architectural, leadership, and technical skills. They ensure delivery of high-quality artifacts, and adhere to and follow Costco’s best practices. Engineers interact in a highly effective manner with other team members and management, drive innovation, and influence delivery and performance. Engineers will also guide initiatives while working with and mentoring fellow team members and Compliance Analysts.

If you want to be a part of one of the worldwide BEST companies “to work for”, simply apply and let your career be reimagined.

ROLE

●      Plans, designs, builds, and optimizes scalable GRC platforms tailored to organizational cybersecurity needs.

●      Integrates GRC platforms with security tools, frameworks, and enterprise systems.

●      Automates and configures workflows for risk assessment, compliance tracking, and security reporting.

●      Ability to work in an agile environment to show incremental value and output.

●      Engages with 3rd party vendors to help customize the product to meet customer requirements.

●      Leads the development of innovative cybersecurity GRC solutions, fostering collaboration with cross-functional teams (Security, Compliance, Legal).

●      Acts as a thought leader by establishing best practices and continuously enhancing the security GRC architecture.

●      Aligns platform development and deliverables with our GRC as a Product strategy, ensuring solutions meet the evolving needs of the organization.

●      Stays updated on emerging technologies, regulations, and frameworks impacting GRC programs.

●      Provides technical expertise to ensure compliance with standards such as ISO 27001, NIST CSF, and CIS18.

●      Supports risk analysis, identification, and mitigation by engineering tailored GRC solutions.

●      Collaborates with stakeholders to configure the ability to manage audit findings and drive remediation efforts.

●      Supports the development of dashboards and analytics capabilities to monitor and report on cybersecurity posture.

●      Supports the delivery of insights for informed decision-making through risk trends and compliance metrics.

●      Automates, documents, shares, educates, delegates, and improves processes.

●      Creates conceptual and detailed technical design documents and standards.

●      Collaborates with architects to plan, design, implement, and improve new capabilities, enhancements, and solutions.

●      Applies knowledge to practical and sustainable applications and capabilities.

●      Partners with project managers, solution leads, and other stakeholders to establish the rough order of magnitude estimates to create and maintain a robust framework to support applications, and to deliver quality solutions.

●      Contributes, interprets, and communicates enterprise, technical, project, and operational strategies to the team.

●      Ensures that proposed and existing systems are aligned with organizational standards, goals, and objectives.

●      Works with teams, management, and stakeholders to conceptualize, design, build, test, and release products

●      Integrates diverse solution components across multiple platforms using industry standard interfaces.

●      Tests and resolves problems, performs root cause analysis, identifies gaps, recommends solutions and preventative measures, and leads team members to solution delivery plans.

●      Orchestrates reviews and testing for system additions and/or enhancements.

●      Promotes and supports a culture of compliance, risk avoidance/mitigation, and corporate accountability throughout the

organization through technical leadership, knowledge of business need, development and communication of policies,

procedures, and plans, and assurance of solution designs that are in compliance with architecture standards, technology

guardrails, security, and operational guidelines.

●      Provides technical leadership in implementation of applications, strategic planning sessions, documentation of requirements, tool implementation, database query languages, and programming languages.

●      Uses subject matter expertise to support industry standard source control and source change management techniques.

●      Presents technical designs and solutions to management and other audiences to gain consensus and/or project approval.

Required:

●      8 -12+ years of directly related experience

●      7+ years’ IT or technical compliance/security engineering experience; GRC platform delivery recommended

●      Proficiency in designing and implementing GRC platforms (e.g., Onspring, ServiceNow GRC, Archer, etc.).

●      Strong knowledge of cybersecurity frameworks, risk management, and compliance regulations.

●      Experience with platform integrations and configurations.

●      Strong communication and relationship skills, especially the ability to understand and articulate advanced technical topics and build consensus and influence stakeholders.

●      Demonstrates a positive attitude, is self-motivated, responsible, conscientious, and detail oriented.

Recommended:

●      Bachelor’s degree in Computer Science, Cybersecurity, or a related field (or equivalent work experience).

●      Architectural level experience in information security, compliance, and risk management.

●      Current certifications in one of the following areas: CISSP, CISA, CISM, or similar

●      Proficient in Google Workspace applications, including Sheets, Docs, Slides, and Gmail.

Required Documents

●      Cover Letter

●      Resume

California applicants, please click here to review the Costco Applicant Privacy Notice.

Pay Ranges: 

Level SR  - $150,000 - $190,000, Bonus and Restricted Stock Unit (RSU) eligible

Level Staff  - $180,000 - $225,000, Bonus and Restricted Stock Unit (RSU) eligible

We offer a comprehensive package of benefits including paid time off, health benefits - medical/dental/vision/hearing aid/pharmacy/behavioral health/employee assistance, health care reimbursement account, dependent care assistance plan, short-term disability and long-term disability insurance, AD&D insurance, life insurance, 401(k), stock purchase plan to eligible employees.

Costco is committed to a diverse and inclusive workplace. Costco is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or any other legally protected status. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to [email protected]

If hired, you will be required to provide proof of authorization to work in the United States.