Security GRC Engineer

About this role

About Us

CWILL a fast-growing Shopify SaaS startup company serving global (primarily US/EU) merchants. With strong product-market fit and expanding US operations, we are building our local security and compliance capabilities to meet global data privacy standards.

Role Overview

We are looking for a Security GRC (Governance, Risk, and Compliance) Engineerto drive data compliance governance and audit execution.

This role focuses on building practical, enforceable, and auditable controls around data access, data lifecycle, product data usage, and cross-border data flows.

*This is a hands-on, execution-focused role working directly with data systems and audit processes (not a policy-only role).*

Responsibilities

1. Data Compliance Governance

• Support US data compliance requirements (e.g., CCPA, EO 14117)
• Perform gap analysis and define remediation plans
• Design and implement controls for: sensitive data classification, access governance, data lifecycle management
• Build processes for data subject rights (deletion, access, portability)
• Participate in product and engineering reviews (e.g., DPIA)
• Support compliance for new features, data use cases, and vendor/cross-border scenarios

2. Compliance & Audit Execution

• Support SOC 2 readiness and audit execution
• Conduct access reviews, log validation, and anomaly detection
• Maintain audit records and generate compliance reports
• Build or improve automated evidence collection (e.g., scripting)
• Work with internal teams and external auditors to provide audit evidence

### Requirements

This is a hands-on, execution-focused role working directly with data systems and audit processes (not a policy-only role).

1. Must-have:

• Authorized to work in the United States
• **Mandarin preferred for day-to-day collaboration**
• Bachelor’s degree or above in Computer Science, Information Security, or a related technical field
• 3–5 years of experience in Security, GRC, Data Security, or Data Com...