[Remote] Security GRC Engineer

Note: The job is a remote job and is open to candidates in USA. CWILL is a post-purchase and retention suite built for Shopify & DTC brands, aiming to enhance customer loyalty and reduce support tickets. They are seeking a Security GRC Engineer to drive data compliance governance and audit execution, focusing on building practical controls around data access and lifecycle management.

Responsibilities

• Support US data compliance requirements (e.g., CCPA, EO 14117)
• Perform gap analysis and define remediation plans
• Design and implement controls for: sensitive data classification, access governance, data lifecycle management
• Build processes for data subject rights (deletion, access, portability)
• Participate in product and engineering reviews (e.g., DPIA)
• Support compliance for new features, data use cases, and vendor/cross-border scenarios
• Support SOC 2 readiness and audit execution
• Conduct access reviews, log validation, and anomaly detection
• Maintain audit records and generate compliance reports
• Build or improve automated evidence collection (e.g., scripting)
• Work with internal teams and external auditors to provide audit evidence

Skills

• Authorized to work in the United States
• Bachelor's degree or above in Computer Science, Information Security, or a related technical field
• 3–5 years of experience in Security, GRC, Data Security, or Data Compliance
• Hands-on experience with at least one compliance framework (e.g., SOC 2, CCPA, GDPR, 14117), beyond policy or documentation
• Practical experience in data compliance governance, including: sensitive data identification and classification, access control and access governance, data lifecycle management (storage, usage, deletion, portability)
• Ability to work with data systems (e.g., databases, data flows, APIs) and translate compliance requirements into technical implementations
• Basic technical capability (e.g., Python, Golang, or scripting) to support audit automation, data validation, or tooling
• Strong cross-functional communication skills, with the ability to work closely with engineering, product, data, and infra teams
• Mandarin (Required)
• Mandarin preferred for day-to-day collaboration
• Relevant certifications such as CISSP, CISM, or CIPP/US
• Experience in SaaS / e-commerce platforms (e.g., Shopify ecosystem) or third-party integrations
• Background in data governance, data platforms, or analytics
• Familiarity with cross-border data transfer compliance
• Understanding of web accessibility standards (e.g., WCAG, ADA) and related privacy/security considerations

Benefits

• 401(k) matching
• Flexible schedule
• Health insurance
• Paid time off
• Vision insurance

Company Overview