Costco IT is responsible for the technical future of Costco Wholesale, the third largest retailer in the world with wholesale operations in fourteen countries. Despite our size and explosive international expansion, we continue to provide a family, employee centric atmosphere in which our employees thrive and succeed. As proof, Costco ranks eighth in Forbes “World’s Best Employers”.
This is an environment unlike anything in the high-tech world and the secret of Costco’s success is its culture. The value Costco puts on its employees is well documented in articles from a variety of publishers including Bloomberg and Forbes. Our employees and our members come FIRST. Costco is well known for its generosity and community service and has won many awards for its philanthropy. The company joins with its employees to take an active role in volunteering by sponsoring many opportunities to help others.
Come join the Costco Wholesale IT family. Costco IT is a dynamic, fast-paced environment, working through exciting transformation efforts. We are building the next generation retail environment where you will be surrounded by dedicated and highly professional employees.
Compliance Engineers support the overarching values and business goals of Costco as they relate to meeting legal and regulatory obligations, identifying technical risks to the business, protecting member data and privacy, and ensuring continued compliance with Costco’s policies. Compliance Engineers work cross functionally to define, and set guidance in response to emerging standards and legislations, ensure policies and procedures are implemented and well documented, perform technical architecture, network and system reviews, ensure compliance requirements and controls are designed and implemented prior to go-live, and identify compliance problems that require formal attention. Compliance Engineers speak both technical and business language interchangeably to effectively communicate and lead.
Costco is seeking a Compliance Engineer to join our team. We’re looking for a highly motivated and talented Engineer with a passion for governance, risk, and compliance. The ideal candidate will have experience creating, defining, and managing data-driven activities in large enterprise environments. They will work collaboratively with the wider GRC and InfoSec teams to define and create solutions for assuring compliance is understood, disseminated, and evangelized across the company as well as identify areas of opportunity to automate testing and data collection. In addition, the Engineer will be required to work to quantify and measure maturity across the organization. This role will require the applicant to have good verbal and written skills, and a willingness to learn.
If you want to be a part of one of the worldwide BEST companies “to work for”, simply apply and let your career be reimagined.
ROLE
● Promotes and supports a culture of compliance, risk avoidance/mitigation, and corporate accountability throughout the organization through technical leadership, knowledge of business need, development and communication of policies, procedures, plans, and assurance of solution designs that are in compliance with architecture standards, technology guardrails, security, and operational guidelines.
● Provides governance for the identification, validation, and remediation of information technology controls for any applicable regulatory compliance frameworks.
● Establishes, builds, and implements methodologies designed to identify general system and business controls, and identifies and prioritizes risks.
● Designs testing procedures, including building or designing automation, to identify and evaluate risk exposures and determine the effectiveness and efficiency of controls.
● Engages and collaborates cross functionally to understand current divisional roadmaps and future strategies to ensure compliance has a seat at the table and compliance requirements are built in by default.
● Presents technical concepts, designs, and solutions to executives, management, and other audiences to gain consensus and/or drive appropriate outcomes.
● Establishes and meets deadlines to ensure adherence to rules, regulations, and/or Costco policy.
● Promotes and supports a culture of compliance, risk avoidance/mitigation, and corporate accountability throughout the organization.
● Audits information system activities and systems to confirm compliance and provides management with compliance assessments.
● Develops, manages, and executes plans to communicate and remediate all known material weaknesses, significant deficiencies and control deficiencies, and minimize findings noted by either internal or external auditors or assessors.
● Manages Internal Audit and external assessor engagement to ensure clear understanding of expectations and to ensure evidence is collected and provided in a timely manner.
● Serves as a subject matter expert for governance and compliance frameworks for IT and business process regulations and requirements.
● Works with stakeholders in execution of risk management and data compliance corporate initiatives across the business.
● Promotes, supports, and evangelizes a culture of compliance, risk avoidance/mitigation and corporate accountability throughout the organization.
● Manages the business relationships with internal and external auditors/assessors.
● Develops and executes creation of compliance programs and drives maturity.
● Reviews data, designs, network, and data flows to identify compliance concerns or opportunities to improve control implementation.
● Supports long-term design and operational work efforts to validate and drive control alignment and requirements.
● Defines and maps common compliance controls and implement in GRC tool.
● Ensures regulatory and industry requirements are correctly mapped to common compliance controls.
● Coordinates with Information Security Teams to review new projects and programs to ensure compliance.
● Identifies control requirements, pass conditions, and evidence needs for common compliance controls.
● Identifies areas of opportunity to automate evidence collection as well as provide feedback on areas of opportunity for control streamlining; implement automation opportunities.
● Logs identified issues, concerns, audit findings, and exceptions into the database; works with teams to ensure draft solutions meet compliance requirements.
● Prepares automated reports to showcase current compliance state and summarizes measurement data and trends.
● Participates in the development and update of IT policies and standards, ensures alignment with known regulatory requirements, identifies areas lacking controls coverage, and validates exceptions.
● Represents compliance with IT teams to translate and support ability to meet updated policies, standards, controls, and/or regulatory requirements. Drives updating existing processes to meet new requirements.
● Leads the evaluation and implementation of other new compliance solutions and technologies.
● Participates in lines of business and enterprise cross-functions compliance strategic planning.
REQUIRED
● 7+ years’ experience in a compliance or GRC team.
● Deep understanding in all aspects of risk management, data compliance, information privacy strategy, technologies and tools.
● Deep understanding of controls, measuring effectiveness, and evaluating maturity of processes.
● Experience with regulatory compliance and industry standards, such as HIPAA, GDPR, SOX, and PCI.
● Demonstrated leadership skills with ability to work effectively at executive levels. Working knowledge of Information Security best practices, policies, standards, and baselines, including industry standards and guidelines from ISO 27001/27002, NIST CSF, CIS, and OWASP.
● Technical working experience/knowledge of operating systems, databases, web applications, middleware, and other computing devices/software components.
● Experience in computer software or computer networking.
● Strong analytical, problem-solving, and critical-thinking skills.
● Strong communication skills and attention to detail.
Recommended
● Bachelor’s degree in Information Security, Computer Science, or equivalent experience.
● Compliance and security certifications preferred (e.g., Security+, GCIA, GCIH, CISSP, CEH, CCSP, CISA, CISM, etc.).
● Ability to work with cross-business and cross-functional teams in a geographically distributed environment.
● Ability to work independently, as well as part of the team.
● Ability to conduct root cause analysis against identified controls gaps and aid in solutioning, process creation.
● Ability to examine issues both strategically and analytically.
● Ability to work on multiple, simultaneous initiatives.
● Ability to research and present topics.
Required Documents
● Cover Letter
● Resume
California applicants, please click here to review the Costco Applicant Privacy Notice.
Pay Ranges:
Level SR - $150,000 - $190,000, Bonus and Restricted Stock Unit (RSU) eligible
Level 4 - $180,000 - $225,000, Bonus and Restricted Stock Unit (RSU) eligible
We offer a comprehensive package of benefits including paid time off, health benefits - medical/dental/vision/hearing aid/pharmacy/behavioral health/employee assistance, health care reimbursement account, dependent care assistance plan, short-term disability and long-term disability insurance, AD&D insurance, life insurance, 401(k), stock purchase plan to eligible employees.
Costco is committed to a diverse and inclusive workplace. Costco is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or any other legally protected status. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to IT-Recruiting@costco.com
If hired, you will be required to provide proof of authorization to work in the United States.