# Security GRC Engineer

**Company:** [CWILL](http://jobs.workable.com/companies/3pBzndN1tf1QvG8WDwNGii.md)
**Location:** Remote
**Workplace:** remote
**Employment type:** Full-time

[Apply for this job](http://jobs.workable.com/view/f9a57e5a-b07a-495f-802b-716ee435e5df)

## Description

**About Us**

CWILL a fast-growing Shopify SaaS startup company serving global (primarily US/EU) merchants. With strong product-market fit and expanding US operations, we are building our local security and compliance capabilities to meet global data privacy standards.[](https://www.cwill.com)

**Role Overview**

We are looking for a **Security GRC** (Governance, Risk, and Compliance) **Engineer** to drive data compliance governance and audit execution.

This role focuses on building practical, enforceable, and auditable controls around data access, data lifecycle, product data usage, and cross-border data flows.

_This is a hands-on, execution-focused role working directly with data systems and audit processes (not a policy-only role)._

**Responsibilities**

1\. Data Compliance Governance

-   Support US data compliance requirements (e.g., CCPA, EO 14117)
-   Perform gap analysis and define remediation plans
-   Design and implement controls for: sensitive data classification, access governance, data lifecycle management
-   Build processes for data subject rights (deletion, access, portability)
-   Participate in product and engineering reviews (e.g., DPIA)
-   Support compliance for new features, data use cases, and vendor/cross-border scenarios

2\. Compliance & Audit Execution

-   Support SOC 2 readiness and audit execution
-   Conduct access reviews, log validation, and anomaly detection
-   Maintain audit records and generate compliance reports
-   Build or improve automated evidence collection (e.g., scripting)
-   Work with internal teams and external auditors to provide audit evidence

## Requirements

This is a hands-on, execution-focused role working directly with data systems and audit processes (not a policy-only role).

1\. Must-have:

-   Authorized to work in the United States
-   **Mandarin preferred for day-to-day collaboration**
-   Bachelor’s degree or above in Computer Science, Information Security, or a related technical field
-   3–5 years of experience in Security, GRC, Data Security, or Data Compliance
-   Hands-on experience with at least one compliance framework (e.g., SOC 2, CCPA, GDPR, 14117), beyond policy or documentation
-   Practical experience in data compliance governance, including: sensitive data identification and classification, access control and access governance, data lifecycle management (storage, usage, deletion, portability)
-   Ability to work with data systems (e.g., databases, data flows, APIs) and translate compliance requirements into technical implementations
-   Basic technical capability (e.g., Python, Golang, or scripting) to support audit automation, data validation, or tooling
-   Strong cross-functional communication skills, with the ability to work closely with engineering, product, data, and infra teams

2\. Nice-to-have:

-   Relevant certifications such as CISSP, CISM, or CIPP/US
-   Experience in SaaS / e-commerce platforms (e.g., Shopify ecosystem) or third-party integrations
-   Background in data governance, data platforms, or analytics
-   Familiarity with cross-border data transfer compliance
-   Understanding of web accessibility standards (e.g., WCAG, ADA) and related privacy/security considerations

Language:

-   Mandarin (Required)

## Benefits

**Pay:** $120,000.00 - $160,000.00 per year

-   401(k) matching
-   Flexible schedule
-   Health insurance
-   Paid time off
-   Vision insurance