Costco Wholesale Corporation logo

Compliance Engineer - Security Risk Management

Costco Wholesale CorporationIssaquah, WA

$150,000 - $225,000 / year

Automate your job search with Sonara.

Submit 10x as many applications with less effort than one manual application.1

Reclaim your time by letting our AI handle the grunt work of job searching.

We continuously scan millions of openings to find your top matches.

pay-wall

Overview

Schedule
Full-time
Career level
Senior-level
Remote
On-site
Compensation
$150,000-$225,000/year
Benefits
Health Insurance
Dental Insurance
Vision Insurance

Job Description

Costco IT is responsible for the technical future of Costco Wholesale, the third largest retailer in the world with wholesale operations in fourteen countries. Despite our size and explosive international expansion, we continue to provide a family, employee centric atmosphere in which our employees thrive and succeed.

This is an environment unlike anything in the high-tech world and the secret of Costco's success is its culture. The value Costco puts on its employees is well documented in articles from a variety of publishers including Bloomberg and Forbes. Our employees and our members come FIRST. Costco is well known for its generosity and community service and has won many awards for its philanthropy. The company joins with its employees to take an active role in volunteering by sponsoring many opportunities to help others.

Come join the Costco Wholesale IT family. Costco IT is a dynamic, fast-paced environment, working through exciting transformation efforts. We are building the next generation retail environment where you will be surrounded by dedicated and highly professional employees.

Compliance Engineers support the overarching values and business goals of Costco as they relate to meeting legal and regulatory obligations, identifying technical risks to the business, protecting member data and privacy, and ensuring continued compliance with Costco's policies. Compliance Engineers work cross functionally to define and set guidance in response to emerging standards and legislations, ensure policies and procedures are implemented and well documented, perform technical architecture, network and system reviews, ensure compliance requirements and controls are designed and implemented prior to go-live and identify compliance problems that require formal attention. Compliance Engineers speak both technical and business language interchangeably to effectively communicate and lead.

Engineers have deep knowledge and hands-on experience in enterprise-wide platforms, and solve technical problems while

working on technology initiatives. Engineers have strong architectural, leadership, and technical skills. They ensure delivery of

high-quality artifacts, and adhere to and follow Costco's SDLC. Engineers interact in a highly effective manner with other team

members and management, drive innovation, and influence delivery and performance.

The Compliance Engineer in Security Risk Management is responsible for the hands-on design, execution, and continuous improvement of the security risk management program. Responsibilities include owning specific functional responsibilities that directly contribute to security risk assessment deliverables and organizational risk posture. However, the role as an engineer involves more than execution of day-to-day operations. As a subject matter expert, responsibilities would include development and execution of teams strategic vision and plan ensuring work delivers value aligned to overall information security organization's goals and objectives.

We are seeking a dynamic and experienced engineer to join our Security Risk Management team. This role will be pivotal in executing our risk management strategy, including owning the identification and assessment of security risks, the design and implementation of automated risk and control assessment processes and maintaining a centralized risk register and reporting that drives organizational decisions

As a key individual contributor engineer will work independently and with high autonomy, driving innovation in security risk management operations. Will work closely with security teams, privacy experts, legal and other IT and business leaders to provide actionable insights and drive risk based decision making across the organization.

If you want to be a part of one of the worldwide BEST companies "to work for", simply apply and let your career be reimagined.

ROLE

  • Promotes and supports a culture of compliance, risk avoidance/mitigation, and corporate accountability throughout the organization through technical leadership, knowledge of business need, development and communication of policies, procedures, and plans, and assurance of solution designs that are in compliance with architecture standards, technology guardrails, security, and operational guidelines.

  • Works well under pressure to identify and problem-solve high intensity situations with a strong sense of urgency; shows the ability to make decisions and work through ambiguity.

  • Leads/Participates in the creation, implementation, monitoring, and maintenance of Security Policies and Standards.

  • Serves as subject matter expert for enterprise security risk assessments, risk response, and risk management programs.

  • Aggregates and analyzes risk signals from vulnerability management, threat intelligence, cloud security, and other security domains to inform risk decisions and priorities.

  • Utilizes a risk-based approach to assess, prioritize, and communicate security risks across the organization.

  • Researches and monitors emerging risks associated with new technologies such as Artificial Intelligence (AI), implementations, and configurations, applying industry best practices to reduce organizational exposure.

  • Identifies attack surface reduction opportunities through analysis of risk and environment data across the enterprise.

  • Works analytically to solve both tactical and strategic risk problems, balancing short-term response with long-term program maturity.

  • Translates business and compliance requirements into technical risk specifications and partners with security teams to ensure appropriate controls are in place.

  • Understands regulatory and compliance requirements that impact security and collaborates with business and project teams to develop risk-appropriate solutions, including supporting audit activities.

  • Collaborates with Compliance, Internal Audit, and Business teams to identify, analyze, and communicate risk within their operational context.

  • Assumes a leadership role in advocating for adherence to security controls that protect corporate applications and environments.

  • Leads efforts to mature the organization's risk management program, partnering cross-functionally with Vulnerability Management, AppSec, Cloud Security, and other security domains.

  • Influences and drives adoption of security risk best practices and quality standards across the division without direct ownership of execution.

  • Presents risk posture, technical findings, and recommendations to executives, management, and cross-functional audiences to build consensus and drive decisions.

  • Leverages AI-powered tools to enhance risk identification, prioritization, and reporting workflows, identifying opportunities to responsibly automate risk processes.

  • Automates, documents, educates, and delegates risk processes to improve efficiency and scalability across the team.

  • Participates in and oversees the collection and aggregation of risk data from a wide variety of sources and formats to assess relevance to the environment.

  • Contributes as an active member of the InfoSec and Compliance team, participating in planning, skills development, and initiatives that improve team communication and quality of work.

  • Maintains current knowledge of industry trends, frameworks, and standards; proactively pursues professional growth in technology, business acumen, and organizational platforms and policies.

  • This is a full-time position (45+ hours per week).

REQUIRED

  • 8 -12+ years of directly related experience.

  • Strong understanding of Information Security and Security Governance, Risk and Compliance frameworks, methodologies, and practices.

  • Technical security and architecture knowledge with the ability to recognize, analyze and troubleshoot issues, and articulate those to both technical and non-technical audiences

  • Strong leadership and team management skills, with a demonstrated ability to lead cross-functional teams and drive organizational change

  • Superb communication and relationships skills, especially the ability to understand and articulate advanced technical topics to non-technical audiences and build consensus among partners and leadership.

  • HIPAA Training and Supervisors Orientation (within 30 days of hire); Leadership Development 101 (within one year); Costco Pay Policies (within 90 days of promotion).

Recommended

  • Bachelor's degree in Information Technology, Artificial Intelligence, Cybersecurity, Risk Management, or related field.

  • Relevant certifications such as CISSP, CISM, or CRISC.

  • Proficient in Google Workspace applications, including Sheets, Docs, Slides, and Gmail.

Required Documents

● Cover Letter

● Resume

California applicants, please click here to review the Costco Applicant Privacy Notice.

Pay Ranges:

Level SR - $150,000 - $190,000

Level Staff - $180,000 - $225,000

We offer a comprehensive package of benefits including paid time off, health benefits - medical/dental/vision/hearing aid/pharmacy/behavioral health/employee assistance, health care reimbursement account, dependent care assistance plan, short-term disability and long-term disability insurance, AD&D insurance, life insurance, 401(k), stock purchase plan to eligible employees.

Costco is committed to a diverse and inclusive workplace. Costco is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or any other legally protected status. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to IT-Recruiting@costco.com

If hired, you will be required to provide proof of authorization to work in the United States.

Automate your job search with Sonara.

Submit 10x as many applications with less effort than one manual application.

pay-wall

FAQs About Compliance Engineer - Security Risk Management Jobs at Costco Wholesale Corporation

What is the work location for this position at Costco Wholesale Corporation?
This job at Costco Wholesale Corporation is located in Issaquah, WA, according to the details provided by the employer. Some roles may also include multiple work locations depending on the requirement.
What pay range can candidates expect for this role at Costco Wholesale Corporation?
Candidates can expect a pay range of $150,000 and $225,000 per year.
What employment applies to this position at Costco Wholesale Corporation?
Costco Wholesale Corporation lists this role as a Full-time position.
What experience level is required for this role at Costco Wholesale Corporation?
Costco Wholesale Corporation is looking for a candidate with "Senior-level" experience level.
What benefits are offered by Costco Wholesale Corporation for this role?
Costco Wholesale Corporation offers following benefits: Health Insurance, Dental Insurance, Vision Insurance, Disability Insurance, Life Insurance, Family/Dependent Health, Paid Vacation, 401k Matching/Retirement Savings, and Health & Wellness Programs for this position. Actual benefits may vary depending on the employer's policies and employment terms.
What is the process to apply for this position at Costco Wholesale Corporation?
You can apply for this role at Costco Wholesale Corporation either through Sonara's automated application system, which helps you submit applications 10X faster with minimal effort, or by applying manually using the direct link on the job page.