[Remote] Senior Security Compliance Engineer

Remote Full-time
Note: The job is a remote job and is open to candidates in USA. UniUni is a late-stage last-mile logistics company moving millions of parcels across the United States and Canada for major e-commerce platforms. They are seeking a Senior Security Compliance Engineer to manage their governance, risk, and compliance functions, ensuring the health of their ISO 27001 certification and SOC 2 Type II attestation while automating compliance processes and supporting regulatory obligations.ResponsibilitiesRun the ISO 27001 program operations, including surveillance audit prep, internal audits, the annual risk assessment, management reviews, and corrective action trackingRun the SOC 2 Type II program operations, including continuous control monitoring, evidence collection, auditor coordination, and remediation trackingOperate the information security policy lifecycle: drafting, stakeholder review, approval workflows, annual reviews, version control, and employee attestationsMaintain the risk register, drive risk treatment plans through to closure, and prepare risk reporting for the ISO and the executive teamBuild and maintain compliance automation, including evidence collection workflows, control testing, and dashboarding. Treat the GRC platform as a system you actively engineer, not a passive system of recordPlan and run security awareness training and phishing simulation cycles, and report on outcomesOperate UniUni's privacy program in partnership with legal, including data inventories, data flow mapping, retention schedules, and privacy impact assessmentsExecute on regulatory obligations relevant to our business, including the DOJ Data Security Program, Canadian PIPEDA, and applicable US state privacy lawsCoordinate the response to data subject access requests (DSARs) and privacy inquiries within statutory timelinesTrack regulatory developments across the jurisdictions in which UniUni operates and translate them into concrete control changes, evidence requirements, and policy updatesSupport data residency and data minimization commitments, working with engineering and the data security team to verify they hold in practiceLead the response to customer security questionnaires, RFP security sections, and prospect security reviews, in partnership with sales, legal, and the ISOReview and negotiate the security and privacy clauses in customer and vendor contracts, escalating material issues to the ISO and legalRun UniUni's third-party risk management program: vendor inventory, tiering by risk, due diligence, security review of new vendors, periodic reassessment of existing vendors, and remediation trackingOperate the trust center and the security artifact library (SOC 2 reports, ISO certificates, pen test summaries, security overviews) and keep customer-facing materials current and accurateBe a credible representative of UniUni's security posture in front of customers, auditors, and regulatorsWrite clearly and precisely. The work product of this role lands in front of customers, auditors, regulators, and executives, and it has to hold upPartner with engineering, IT, legal, HR, and finance to make compliance a normal part of how the business runs, not an interruptSkills5 to 8 years in security GRC, audit, or a closely related discipline, with hands-on ownership of ISO 27001 and SOC 2 program operations in a cloud-native organizationDirect experience driving SOC 2 Type II audit cycles end to end, including auditor coordination, evidence collection, and remediationWorking knowledge of common control frameworks beyond ISO and SOC (NIST CSF, NIST 800-53, CIS) and the ability to map between themExperience operating a GRC platform (e.g., Vanta, Drata, Secureframe, Hyperproof, ServiceNow GRC, OneTrust) as a power user, including building automated evidence pipelines and control testsExperience leading customer security questionnaires and security reviews for enterprise customers, including reviewing security and privacy clauses in contractsFamiliarity with privacy regulation in North America, including PIPEDA and US state privacy laws, and a working understanding of cross-border data transfer requirementsExperience operating a third-party risk management program at meaningful vendor volumeStrong written communication. You can produce auditor-ready documentation, customer-ready security narratives, and executive-ready risk summaries, and you know which is whichA pragmatic, automation-first mindset. You are bothered by manual evidence collection and you do something about itExperience in logistics, supply chain, marketplaces, or other high-volume operational businessesFamiliarity with the DOJ Data Security Program and bulk data transfer rulesLight scripting ability (Python, SQL) for automating evidence collection or building control queries against AWS, identity providers, and SaaS platformsRelevant certifications such as ISO 27001 Lead Auditor or Lead Implementer, CISA, CISM, CIPP, or CRISCPrior experience supporting a company through a customer-driven security maturation, an investor due diligence cycle, or IPO readinessCompany OverviewUniUni is a transportation company that offers services in freight and package transportation with logistics services. It was founded in 2019, and is headquartered in Richmond, British Columbia, CAN, with a workforce of 501-1000 employees. Its website is https://www.uniuni.com.Company H1B SponsorshipUniUni has a track record of offering H1B sponsorships, with 4 in 2026, 30 in 2025, 12 in 2024, 2 in 2023. Please note that this does not guarantee sponsorship for this specific role.

Apply Now →

Similar Jobs

Experienced Registered Behavior Technician for In-Home ABA Therapy - Atlanta, GA

Remote

Immediate Hiring: Experienced Registered Behavioral Technician (RBT) for Clinic-Based ABA Therapy Services

Remote

Experienced Registered Behavioral Technician (RBT) - ABA Therapy for Children with Autism Spectrum Disorder

Remote

Experienced Registered Nurse - Telehealth: Providing Remote Care Coordination and Patient Support

Remote

Experienced Substitute Teacher for Riverside County Schools - Join Scoot Education's Innovative Team

Remote

Experienced Substitute Teacher for San Bernardino County - Flexible Schedules & Competitive Pay

Remote

Experienced School Year Instructional Coach for High-Dosage Tutoring Programs in Edgewater Park, NJ

Remote

Experienced School Year Tutor for K-8 Students in Math and Literacy - Mickleton, NJ

Remote

Experienced Secondary Social Studies Teacher for Kansas - Flexible Hybrid Remote Arrangement

Remote

USPS Office Helper

Remote

Senior Service Engineer IS Service Now- CMDB, APM/EA and ITAM

Remote

Innovative Hybrid Associate Innovation Designer - Remote Opportunity in Human-Centered Design and Innovation

Remote

Immediate Hiring: careerzynith Customer Support - Fresher

Remote

NOW HIRING PART TIME STUDENT TRANSPORTATION SPECIALISTS NEEDED Forney

Remote

High School Science Tutor/Teacher

Remote

Benefits Specialist - Workers Compensation, Leaves of Absence, and Accommodation [Hybrid]

Remote

Senior Actuary - Remote US

Remote

Join Today: Remote Customer Service Agent (Auto Dealer Support)

Remote

[Remote] Senior Manager, Project Finance

Remote

**Experienced Remote Chat Support Specialist – Instagram Customer Service Representative (Entry Level / Part Time)**

Remote
← Back