[Remote] Security GRC Engineer

Remote Full-time
Note: The job is a remote job and is open to candidates in USA. CWILL is a post-purchase and retention suite built for Shopify & DTC brands, aiming to enhance customer loyalty and reduce support tickets. They are seeking a Security GRC Engineer to drive data compliance governance and audit execution, focusing on building practical controls around data access and lifecycle management.ResponsibilitiesSupport US data compliance requirements (e.g., CCPA, EO 14117)Perform gap analysis and define remediation plansDesign and implement controls for: sensitive data classification, access governance, data lifecycle managementBuild processes for data subject rights (deletion, access, portability)Participate in product and engineering reviews (e.g., DPIA)Support compliance for new features, data use cases, and vendor/cross-border scenariosSupport SOC 2 readiness and audit executionConduct access reviews, log validation, and anomaly detectionMaintain audit records and generate compliance reportsBuild or improve automated evidence collection (e.g., scripting)Work with internal teams and external auditors to provide audit evidenceSkillsAuthorized to work in the United StatesBachelor's degree or above in Computer Science, Information Security, or a related technical field3–5 years of experience in Security, GRC, Data Security, or Data ComplianceHands-on experience with at least one compliance framework (e.g., SOC 2, CCPA, GDPR, 14117), beyond policy or documentationPractical experience in data compliance governance, including: sensitive data identification and classification, access control and access governance, data lifecycle management (storage, usage, deletion, portability)Ability to work with data systems (e.g., databases, data flows, APIs) and translate compliance requirements into technical implementationsBasic technical capability (e.g., Python, Golang, or scripting) to support audit automation, data validation, or toolingStrong cross-functional communication skills, with the ability to work closely with engineering, product, data, and infra teamsMandarin (Required)Mandarin preferred for day-to-day collaborationRelevant certifications such as CISSP, CISM, or CIPP/USExperience in SaaS / e-commerce platforms (e.g., Shopify ecosystem) or third-party integrationsBackground in data governance, data platforms, or analyticsFamiliarity with cross-border data transfer complianceUnderstanding of web accessibility standards (e.g., WCAG, ADA) and related privacy/security considerationsBenefits401(k) matchingFlexible scheduleHealth insurancePaid time offVision insuranceCompany OverviewCWILL is an eCommerce growth platform offering unified SaaS tools for global DTC brands on Shopify. It was founded in 2014, and is headquartered in Cary, North Carolina, USA, with a workforce of 51-200 employees. Its website is https://www.cwill.com/.

Apply Now →

Similar Jobs

← Back