JOBSEARCHER

Security GRC Engineer

ARCHIVED
CwillCary, NCJune 17th, 2026

We can't find an active application page for this role right now. It may reopen or be listed elsewhere. Use Next Steps to search for an active apply link and similar live jobs.

About UsCWILL (pronounced "quill") is a post-purchase and retention suite built for Shopify & DTC brands. Reduce support tickets, recover lost revenue from returns, and turn one-time buyers into loyal fans — with tools purpose-built for every touchpoint after the sale.Role OverviewWe are looking for a Security GRC (Governance, Risk, and Compliance) Engineer to drive data compliance governance and audit execution.This role focuses on building practical, enforceable, and auditable controls around data access, data lifecycle, product data usage, and cross-border data flows.This is a hands-on, execution-focused role working directly with data systems and audit processes (not a policy-only role).Responsibilities Data Compliance GovernanceSupport US data compliance requirements (e.g., CCPA, EO 14117)Perform gap analysis and define remediation plansDesign and implement controls for: sensitive data classification, access governance, data lifecycle managementBuild processes for data subject rights (deletion, access, portability)Participate in product and engineering reviews (e.g., DPIA)Support compliance for new features, data use cases, and vendor/cross-border scenarios Compliance & Audit ExecutionSupport SOC 2 readiness and audit executionConduct access reviews, log validation, and anomaly detectionMaintain audit records and generate compliance reportsBuild or improve automated evidence collection (e.g., scripting)Work with internal teams and external auditors to provide audit evidenceRequirementsThis is a hands-on, execution-focused role working directly with data systems and audit processes (not a policy-only role). Must-have:Authorized to work in the United States Mandarin preferred for day-to-day collaborationBachelor's degree or above in Computer Science, Information Security, or a related technical field3-5 years of experience in Security, GRC, Data Security, or Data ComplianceHands-on experience with at least one compliance framework (e.g., SOC 2, CCPA, GDPR, 14117), beyond policy or documentationPractical experience in data compliance governance, including: sensitive data identification and classification, access control and access governance, data lifecycle management (storage, usage, deletion, portability)Ability to work with data systems (e.g., databases, data flows, APIs) and translate compliance requirements into technical implementationsBasic technical capability (e.g., Python, Golang, or scripting) to support audit automation, data validation, or toolingStrong cross-functional communication skills, with the ability to work closely with engineering, product, data, and infra teams Nice-to-have:Relevant certifications such as CISSP, CISM, or CIPP/USExperience in SaaS / e-commerce platforms (e.g., Shopify ecosystem) or third-party integrationsBackground in data governance, data platforms, or analyticsFamiliarity with cross-border data transfer complianceUnderstanding of web accessibility standards (e.g., WCAG, ADA) and related privacy/security considerationsLanguage:Mandarin (Required)BenefitsPay: $120,000.00 - $160,000.00 per year401(k) matchingFlexible scheduleHealth insurancePaid time offVision insurance