Costco IT
Join to apply for the
Compliance Engineer - GRC Solutions
role at
Costco IT .
Costco IT is responsible for the technical future of Costco Wholesale, the third largest retailer in the world, with wholesale operations in fourteen countries. Despite our size and explosive international expansion, we continue to provide a family, employee‑centric atmosphere in which our employees thrive and succeed.
This is an environment unlike anything in the high‑tech world. The secret of Costco’s success is its culture. The value Costco puts on its employees is well documented in Bloomberg, Forbes and other publications. Our employees and members come first. Costco is known for its generosity and community service, and we take an active role in volunteering by sponsoring many opportunities to help others.
Join the Costco Wholesale IT family. Costco IT is a dynamic, fast‑paced environment working through exciting transformation efforts. We are building the next generation retail environment surrounded by dedicated and highly professional employees.
Compliance Engineers
support the overarching values and business goals of Costco as they relate to meeting legal and regulatory obligations, identifying technical risks to the business, protecting member data and privacy, and ensuring continued compliance with Costco’s policies. They work cross‑functionally to define and set guidance in response to emerging standards and legislation, ensure policies and procedures are implemented and well documented, perform technical architecture, network and system reviews, ensure compliance requirements and controls are designed and implemented prior to go‑live, and identify compliance problems that require formal attention. They speak both technical and business language interchangeably to communicate and lead.
ROLE The Engineer – GRC Solutions is a key member of the Information Security & Compliance team, reporting to the AVP of Security Compliance. In this position, we seek an experienced engineer to lead the development, implementation, and management of our cybersecurity Governance, Risk, and Compliance (GRC) solutions. This role is pivotal to our GRC product strategy, focusing on delivering scalable, user‑centric, and innovative GRC solutions that drive business value and align with our enterprise security goals.
Plans, designs, builds, and optimizes scalable GRC platforms tailored to organizational cybersecurity needs.
Integrates GRC platforms with security tools, frameworks, and enterprise systems.
Automates and configures workflows for risk assessment, compliance tracking, and security reporting.
Ability to work in an agile environment to show incremental value and output.
Engages with 3rd party vendors to help customize the product to meet customer requirements.
Leads the development of innovative cybersecurity GRC solutions, fostering collaboration with cross‑functional teams (Security, Compliance, Legal).
Acts as a thought leader by establishing best practices and continuously enhancing the security GRC architecture.
Aligns platform development and deliverables with our GRC as a Product strategy, ensuring solutions meet the evolving needs of the organization.
Stays updated on emerging technologies, regulations, and frameworks impacting GRC programs.
Provides technical expertise to ensure compliance with standards such as ISO 27001, NIST CSF, and CIS18.
Supports risk analysis, identification, and mitigation by engineering tailored GRC solutions.
Collaborates with stakeholders to configure the ability to manage audit findings and drive remediation efforts.
Supports the development of dashboards and analytics capabilities to monitor and report on cybersecurity posture.
Supports the delivery of insights for informed decision‑making through risk trends and compliance metrics.
Automates, documents, shares, educates, delegates, and improves processes.
Creates conceptual and detailed technical design documents and standards.
Collaborates with architects to plan, design, implement, and improve new capabilities, enhancements, and solutions.
Applies knowledge to practical and sustainable applications and capabilities.
Partners with project managers, solution leads, and other stakeholders to establish the rough order of magnitude estimates to create and maintain a robust framework to support applications, and to deliver quality solutions.
Contributes, interprets, and communicates enterprise, technical, project, and operational strategies to the team.
Ensures that proposed and existing systems are aligned with organizational standards, goals, and objectives.
Works with teams, management, and stakeholders to conceptualize, design, build, test, and release products.
Integrates diverse solution components across multiple platforms using industry standard interfaces.
Tests and resolves problems, performs root cause analysis, identifies gaps, recommends solutions and preventative measures, and leads team members to solution delivery plans.
Orchestrates reviews and testing for system additions and/or enhancements.
Promotes and supports a culture of compliance, risk avoidance/mitigation, and corporate accountability throughout the organization through technical leadership, knowledge of business need, development and communication of policies, procedures, and plans, and assurance of solution designs that are in compliance with architecture standards, technology guardrails, security, and operational guidelines.
Provides technical leadership in implementation of applications, strategic planning sessions, documentation of requirements, tool implementation, database query languages, and programming languages.
Uses subject matter expertise to support industry standard source control and source change management techniques.
Present technical designs and solutions to management and other audiences to gain consensus and/or project approval.
REQUIRED
8 -12+ years of directly related experience.
7+ years’ IT or technical compliance/security engineering experience; GRC platform delivery recommended.
Proficiency in designing and implementing GRC platforms (e.g., Onspring, ServiceNow GRC, Archer, etc.).
Strong knowledge of cybersecurity frameworks, risk management, and compliance regulations.
Experience with platform integrations and configurations.
Strong communication and relationship skills, especially the ability to understand and articulate advanced technical topics and build consensus and influence stakeholders.
Demonstrates a positive attitude, is self‑motivated, responsible, conscientious, and detail oriented.
RECOMMENDED
Bachelor’s degree in Computer Science, Cybersecurity, or a related field (or equivalent work experience).
Architectural level experience in information security, compliance, and risk management.
Current certifications in one of the following areas: CISSP, CISA, CISM, or similar.
Proficient in Google Workspace applications, including Sheets, Docs, Slides, and Gmail.
REQUIRED DOCUMENTS
Cover Letter.
Resume.
Pay Ranges
Level SR – $150,000 – $190,000, Bonus and Restricted Stock Unit (RSU) eligible.
Level Staff – $180,000 – $225,000, Bonus and Restricted Stock Unit (RSU) eligible.
We offer a comprehensive package of benefits including paid time off, health benefits (medical/dental/vision/hearing aid/pharmacy/behavioral health/employee assistance), health care reimbursement account, dependent care assistance plan, short‑term disability and long‑term disability insurance, AD&D insurance, life insurance, 401(k), stock purchase plan to eligible employees.
California applicants, please click to review the Costco Applicant Privacy Notice.
Costco is committed to a diverse and inclusive workplace. Costco is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or any other legally protected status. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to IT‑Recruiting@costco.com.
If hired, you will be required to provide proof of authorization to work in the United States.
#J-18808-Ljbffr
Compliance Engineer - GRC Solutions
role at
Costco IT .
Costco IT is responsible for the technical future of Costco Wholesale, the third largest retailer in the world, with wholesale operations in fourteen countries. Despite our size and explosive international expansion, we continue to provide a family, employee‑centric atmosphere in which our employees thrive and succeed.
This is an environment unlike anything in the high‑tech world. The secret of Costco’s success is its culture. The value Costco puts on its employees is well documented in Bloomberg, Forbes and other publications. Our employees and members come first. Costco is known for its generosity and community service, and we take an active role in volunteering by sponsoring many opportunities to help others.
Join the Costco Wholesale IT family. Costco IT is a dynamic, fast‑paced environment working through exciting transformation efforts. We are building the next generation retail environment surrounded by dedicated and highly professional employees.
Compliance Engineers
support the overarching values and business goals of Costco as they relate to meeting legal and regulatory obligations, identifying technical risks to the business, protecting member data and privacy, and ensuring continued compliance with Costco’s policies. They work cross‑functionally to define and set guidance in response to emerging standards and legislation, ensure policies and procedures are implemented and well documented, perform technical architecture, network and system reviews, ensure compliance requirements and controls are designed and implemented prior to go‑live, and identify compliance problems that require formal attention. They speak both technical and business language interchangeably to communicate and lead.
ROLE The Engineer – GRC Solutions is a key member of the Information Security & Compliance team, reporting to the AVP of Security Compliance. In this position, we seek an experienced engineer to lead the development, implementation, and management of our cybersecurity Governance, Risk, and Compliance (GRC) solutions. This role is pivotal to our GRC product strategy, focusing on delivering scalable, user‑centric, and innovative GRC solutions that drive business value and align with our enterprise security goals.
Plans, designs, builds, and optimizes scalable GRC platforms tailored to organizational cybersecurity needs.
Integrates GRC platforms with security tools, frameworks, and enterprise systems.
Automates and configures workflows for risk assessment, compliance tracking, and security reporting.
Ability to work in an agile environment to show incremental value and output.
Engages with 3rd party vendors to help customize the product to meet customer requirements.
Leads the development of innovative cybersecurity GRC solutions, fostering collaboration with cross‑functional teams (Security, Compliance, Legal).
Acts as a thought leader by establishing best practices and continuously enhancing the security GRC architecture.
Aligns platform development and deliverables with our GRC as a Product strategy, ensuring solutions meet the evolving needs of the organization.
Stays updated on emerging technologies, regulations, and frameworks impacting GRC programs.
Provides technical expertise to ensure compliance with standards such as ISO 27001, NIST CSF, and CIS18.
Supports risk analysis, identification, and mitigation by engineering tailored GRC solutions.
Collaborates with stakeholders to configure the ability to manage audit findings and drive remediation efforts.
Supports the development of dashboards and analytics capabilities to monitor and report on cybersecurity posture.
Supports the delivery of insights for informed decision‑making through risk trends and compliance metrics.
Automates, documents, shares, educates, delegates, and improves processes.
Creates conceptual and detailed technical design documents and standards.
Collaborates with architects to plan, design, implement, and improve new capabilities, enhancements, and solutions.
Applies knowledge to practical and sustainable applications and capabilities.
Partners with project managers, solution leads, and other stakeholders to establish the rough order of magnitude estimates to create and maintain a robust framework to support applications, and to deliver quality solutions.
Contributes, interprets, and communicates enterprise, technical, project, and operational strategies to the team.
Ensures that proposed and existing systems are aligned with organizational standards, goals, and objectives.
Works with teams, management, and stakeholders to conceptualize, design, build, test, and release products.
Integrates diverse solution components across multiple platforms using industry standard interfaces.
Tests and resolves problems, performs root cause analysis, identifies gaps, recommends solutions and preventative measures, and leads team members to solution delivery plans.
Orchestrates reviews and testing for system additions and/or enhancements.
Promotes and supports a culture of compliance, risk avoidance/mitigation, and corporate accountability throughout the organization through technical leadership, knowledge of business need, development and communication of policies, procedures, and plans, and assurance of solution designs that are in compliance with architecture standards, technology guardrails, security, and operational guidelines.
Provides technical leadership in implementation of applications, strategic planning sessions, documentation of requirements, tool implementation, database query languages, and programming languages.
Uses subject matter expertise to support industry standard source control and source change management techniques.
Present technical designs and solutions to management and other audiences to gain consensus and/or project approval.
REQUIRED
8 -12+ years of directly related experience.
7+ years’ IT or technical compliance/security engineering experience; GRC platform delivery recommended.
Proficiency in designing and implementing GRC platforms (e.g., Onspring, ServiceNow GRC, Archer, etc.).
Strong knowledge of cybersecurity frameworks, risk management, and compliance regulations.
Experience with platform integrations and configurations.
Strong communication and relationship skills, especially the ability to understand and articulate advanced technical topics and build consensus and influence stakeholders.
Demonstrates a positive attitude, is self‑motivated, responsible, conscientious, and detail oriented.
RECOMMENDED
Bachelor’s degree in Computer Science, Cybersecurity, or a related field (or equivalent work experience).
Architectural level experience in information security, compliance, and risk management.
Current certifications in one of the following areas: CISSP, CISA, CISM, or similar.
Proficient in Google Workspace applications, including Sheets, Docs, Slides, and Gmail.
REQUIRED DOCUMENTS
Cover Letter.
Resume.
Pay Ranges
Level SR – $150,000 – $190,000, Bonus and Restricted Stock Unit (RSU) eligible.
Level Staff – $180,000 – $225,000, Bonus and Restricted Stock Unit (RSU) eligible.
We offer a comprehensive package of benefits including paid time off, health benefits (medical/dental/vision/hearing aid/pharmacy/behavioral health/employee assistance), health care reimbursement account, dependent care assistance plan, short‑term disability and long‑term disability insurance, AD&D insurance, life insurance, 401(k), stock purchase plan to eligible employees.
California applicants, please click to review the Costco Applicant Privacy Notice.
Costco is committed to a diverse and inclusive workplace. Costco is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or any other legally protected status. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to IT‑Recruiting@costco.com.
If hired, you will be required to provide proof of authorization to work in the United States.
#J-18808-Ljbffr