Listing Description
COSTCO IT
COMPLIANCE ENGINEER – CLOUD ENGINEERING
ISSAQUAH, WA (hybrid 2-3 days/week)
Pay Range: $150,000 - $190,000, Bonus and Restricted Stock Unit (RSU) eligible
ABOUT COSTCO IT
Costco IT is responsible for the technical future of Costco Wholesale, the third largest retailer in the world with wholesale operations in fourteen countries. Despite our size and explosive international expansion, we continue to provide a family, employee centric atmosphere in which our employees thrive and succeed. As proof, Costco ranks eighth in Forbes “World’s Best Employers”.
This is an environment unlike anything in the high-tech world and the secret of Costco’s success is its culture. The value Costco puts on its employees is well documented in articles from a variety of publishers including Bloomberg and Forbes. Our employees and our members come FIRST. Costco is well known for its generosity and community service and has won many awards for its philanthropy. The company joins with its employees to take an active role in volunteering by sponsoring many opportunities to help others.
Come join the Costco Wholesale IT family. Costco IT is a dynamic, fast-paced environment, working through exciting transformation efforts. We are building the next generation retail environment where you will be surrounded by dedicated and highly professional employees.
ROLE SUMMARY
Compliance Engineers support the overarching values and business goals of Costco as they relate to meeting legal and regulatory obligations, identifying technical risks to the business, protecting member data and privacy, and ensuring continued compliance with Costco’s policies. Compliance Engineers work cross-functionally to define and set guidance in response to emerging standards and legislations, ensure policies and procedures are implemented and well documented, perform technical architecture, network and system reviews, ensure compliance requirements and controls are designed and implemented prior to go-live, and identify compliance problems that require formal attention. Compliance Engineers speak both technical and business language interchangeably to effectively communicate and lead.
The Cloud Compliance Engineer supports Costco’s strategy to maintain the compliance posture required by laws and industry regulations and is critical to the success of our business. This team works closely with Compliance and Security, Internal Audit, Legal, and Business teams to address continuous compliance and identify ways to remediate findings related to noncompliance.
This role is responsible for ensuring continued Security and Compliance in Costco’s Cloud platforms. This is accomplished through alignment to compliance regulations and laws, tracking and remediation of vulnerabilities as well as policy exceptions and risk acceptances. All findings will be ushered through the process following procedures for remediation within the timeframe relative to the severity of the finding. This role also tracks, reports, and advises Cloud teams on incorporating controls into their day-to-day operations so that execution of the controls becomes business as usual. This individual will be required to ‘do what it takes’ to anticipate regulatory impacts, promote company awareness, meet compliance deadlines, propose solutions to deficiencies, and communicate effectively at all levels.
If you want to be a part of one of the worldwide BEST companies “to work for”, simply apply and let your career be reimagined.
ROLE
● Promotes and supports a culture of compliance, risk avoidance/mitigation, and corporate accountability throughout the organization through technical leadership, knowledge of business need, development and communication of policies, procedures, plans, and assurance of solution designs that are in compliance with architecture standards, technology guardrails, security, and operational guidelines.
● Works well under pressure to identify and problem-solve high-intensity situations with a strong sense of urgency; shows the ability to make decisions and work through ambiguity.
● Leads/Participates in the creation, implementation, monitoring, and maintenance of Security Policies and Standards.
● Tests and resolves problems, performs root cause analysis, identifies gaps, recommends solutions and preventative measures, and presents findings in a professional manner; recommends mitigations either via new technology, alternative compensating controls, or policy modifications to improve overall security posture.
● Identifies areas and opportunities for automation of applications, systems, and platforms for streamlining and continuous process improvement.
● Provides governance for the identification, validation, and remediation of information technology controls for any applicable regulatory compliance frameworks.
● Establishes, builds, and implements methodologies designed to identify general system and business controls, and identifies and prioritizes risks.
● Designs testing procedures, including building or designing automation, to identify and evaluate risk exposures and determine the effectiveness and efficiency of controls.
● Maintains a strong understanding and adherence of current and upcoming standards, regulations, and legislation.
● Engages and collaborates cross-functionally to understand current divisional roadmaps and future strategies to ensure compliance has a seat at the table and compliance requirements are built in by default.
● Presents technical concepts, designs and solutions to executives, management, and other audiences to gain consensus and/or drive appropriate outcomes.
● Establishes and meets deadlines to ensure adherence to rules, regulations, and/or Costco policy.
● Assists and supports the organization with initial compliance with ongoing preparation, testing, and monitoring of conformance.
● Promotes and supports a culture of compliance, risk avoidance/mitigation, and corporate accountability throughout the organization.
● Audits information system activities and systems to confirm compliance and provides management with compliance assessments.
● Develops, manages, and executes plans to communicate and remediate all known material weaknesses, significant deficiencies and control deficiencies, and minimize findings noted by either internal or external auditors or assessors.
● Manages Internal Audit and external assessor engagement to ensure clear understanding of expectations and to ensure evidence is collected and provided in a timely manner.
● Assists with auditing of activities and systems to confirm compliance to information security policies and regulations.
● Works with IT custodians at different levels in the organization to understand their respective security needs and assists with understanding policies and standards to developing procedures.
● Ensures timely, clear communication regarding high-priority issues with the appropriate stakeholders.
● Creates executive level dashboards and presentations to represent the state of Security and Compliance within IT Cloud.
● Engages with the Business and SMEs to ensure adherence to policies and compliance regulations in modifications of existing systems or implementation of new systems.
● Works with various groups within IT for attestation access control compliance on cloud tools and platforms.
● Develops automation to ensure completeness, accuracy and timeliness, streamlining audit process and attestation.
● Develops operational process and control workbooks relative to the tools and technology in security and compliance scope for the IT Cloud.
● Manages risk acceptances and policy exceptions lifecycles, ensuring remediations are implemented by the expiration date.
● Leads the roadmap development to maintain and enhance security and compliance posture within the IT Cloud organization.
● Manages regular and consistent tracking and monitoring of open findings throughout the cloud landscape.
● Presents findings, in a professional manner, for awareness and to ensure priority of remediations.
● Tracks vulnerabilities identified in external and internal scans, engaging the appropriate teams and following status through to remediation.
● Trains team members on Security and Compliance process and rigor, ensuring staff at all levels are equipped with skills to interact with audit organizations.
● Socializes Information Security policies, standards, and assists in the development of procedure level documentation when needed.
● Researches and retains currency on regulatory requirements, legislation, and security frameworks.
● Works with other business and legal departments in response to emerging standards and legislation.
● Develops and executes project/program plans, coordinates required resources.
REQUIRED
● 8+ years’ prior experience supporting a Level 1 or Level 2 organization’s SOX compliance effort, working with an auditor and assessor or serving as an auditor and assessor.
● 5+ years’ supporting IT General Controls or PCI Controls in an IT environment.
● 5+ years’ experience developing automated solutions in IT environments to ensure consistency and reduce time required to execute tasks.
● Solid understanding of attestation practices and access control vernacular.
● Able to scope IT general controls, interpret test results, and prioritize remediations
● Working knowledge of information systems security frameworks and practices (e.g., NIST, access control and system hardening, system audit and log file monitoring, security policies, and incident handling).
● Familiar with Cloud tools and technologies, including Cloud Automation tools, Cloud Platforms, and CI/CD process as it relates to IaC in Cloud environments.
● Familiar with ADUC, the various directory objects that constitute groups, and conceptually the importance of groups in application provisioning.
● Intermediate knowledge of five or more of the following technical areas: network segmentation, operating system security, encryption and key management, tokenization, antivirus and malware, secure system development, identity and access management, vulnerability management, physical access controls, penetration testing, file integrity monitoring, logging, and information security policies and standards.
● Experience developing reports and creating dashboards to visualize the status of a program to all levels.
● Experience with functions, formulas and pivots in spreadsheet applications
● Detail-oriented and strong problem-solving skills, with the ability to analyze a situation for potential future problems.
● Resourceful, self-motivated, and accountable team player with a constructive attitude.
● Ability to identify problems, analyze data, and present conclusions effectively.
● Excellent communication skills, both oral and written, that can communicate security and compliance issues to executives, end-users, and stakeholders in an effective and appropriate manner.
● Familiar with agile methodology and associated practices in relation to a non-development environment.
● Experience with project management (planning, organizing, and managing resources to bring about the successful completion of specific project goals and objectives).
RECOMMENDED
● Understanding of networking technologies, such as firewalls, routers, load balancers, and proxies.
We offer a comprehensive package of benefits including paid time off, health benefits - medical/dental/vision/hearing aid/pharmacy/behavioral health/employee assistance, health care reimbursement account, dependent care assistance plan, short-term disability and long-term disability insurance, AD&D insurance, life insurance, 401(k), stock purchase plan to eligible employees.
Costco is committed to a diverse and inclusive workplace. Costco is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or any other legally protected status.
If hired, you will be required to provide proof of authorization to work in the United States.
Listing Details
- Salary: $150000 - $190000
- Citizenship: Not Provided
- Incentives: Bonus
- Education: Not Provided
- Travel: No Travel
- Telework: Hybrid Telecommute