Compliance Engineer - Security Risk Management
Costco IT · Seattle, WA · 1 mo ago
Management$150k–$190k/yrFull-time
Responsibilities
- Promotes and supports a culture of compliance, risk avoidance/mitigation, and corporate accountability throughout the organization through technical leadership, knowledge of business need, development and communication of policies, procedures, and plans, and assurance of solution designs that are in compliance with architecture standards, technology guardrails, security, and operational guidelines.
- Works well under pressure to identify and problem-solve high intensity situations with a strong sense of urgency; shows the ability to make decisions and work through ambiguity.
- Leads/Participates in the creation, implementation, monitoring, and maintenance of Security Policies and Standards.
- Serves as subject matter expert for enterprise security risk assessments, risk response, and risk management programs.
- Aggregates and analyzes risk signals from vulnerability management, threat intelligence, cloud security, and other security domains to inform risk decisions and priorities.
- Utilizes a risk-based approach to assess, prioritize, and communicate security risks across the organization.
- Researches and monitors emerging risks associated with new technologies such as Artificial Intelligence (AI), implementations, and configurations, applying industry best practices to reduce organizational exposure.
- Identifies attack surface reduction opportunities through analysis of risk and environment data across the enterprise.
- Works analytically to solve both tactical and strategic risk problems, balancing short-term response with long-term program maturity.
- Translates business and compliance requirements into technical risk specifications and partners with security teams to ensure appropriate controls are in place.
- Understands regulatory and compliance requirements that impact security and collaborates with business and project teams to develop risk-appropriate solutions, including supporting audit activities.
- Collaborates with Compliance, Internal Audit, and Business teams to identify, analyze, and communicate risk within their operational context.
- Assumes a leadership role in advocating for adherence to security controls that protect corporate applications and environments.
- Leads efforts to mature the organization's risk management program, partnering cross-functionally with Vulnerability Management, AppSec, Cloud Security, and other security domains.
- Influences and drives adoption of security risk best practices and quality standards across the division without direct ownership of execution.
- Presents risk posture, technical findings, and recommendations to executives, management, and cross-functional audiences to build consensus and drive decisions.
- Leverages AI-powered tools to enhance risk identification, prioritization, and reporting workflows, identifying opportunities to responsibly automate risk processes.
- Automates, documents, educates, and delegates risk processes to improve efficiency and scalability across the team.
- Participates in and oversees the collection and aggregation of risk data from a wide variety of sources and formats to assess relevance to the environment.
- Contributes as an active member of the InfoSec and Compliance team, participating in planning, skills development, and initiatives that improve team communication and quality of work.
- Maintains current knowledge of industry trends, frameworks, and standards; proactively pursues professional growth in technology, business acumen, and organizational platforms and policies.
Qualifications
- Required 8 -12+ years of directly related experience.
- Strong understanding of Information Security and Security Governance, Risk and Compliance frameworks, methodologies, and practices.
- Technical security and architecture knowledge with the ability to recognize, analyze and troubleshoot issues, and articulate those to both technical and non-technical audiences.
- Strong leadership and team management skills, with a demonstrated ability to lead cross-functional teams and drive organizational change.
- Superb communication and relationships skills, especially the ability to understand and articulate advanced technical topics to non-technical audiences and build consensus among partners and leadership.
- HIPAA Training and Supervisors Orientation (within 30 days of hire); Leadership Development 101 (within one year); Costco Pay Policies (within 90 days of promotion).
- Recommended Bachelor’s degree in Information Technology, Artificial Intelligence, Cybersecurity, Risk Management, or related field.
- Relevant certifications such as CISSP, CISM, or CRISC.
- Proficient in Google Workspace applications, including Sheets, Docs, Slides, and Gmail.