Compliance Engineer - Identity and Access Management

Company: Costco Wholesale
Location: Seattle
Posted on: March 31, 2025

Job Description:

Costco IT is responsible for the technical future of Costco Wholesale, the third largest retailer in the world with wholesale operations in fourteen countries. Despite our size and explosive international expansion, we continue to provide a family, employee-centric atmosphere in which our employees thrive and succeed.This is an environment unlike anything in the high-tech world and the secret of Costco's success is its culture. The value Costco puts on its employees is well documented in articles from a variety of publishers including Bloomberg and Forbes. Our employees and our members come FIRST. Costco is well known for its generosity and community service and has won many awards for its philanthropy. The company joins with its employees to take an active role in volunteering by sponsoring many opportunities to help others.Come join the Costco Wholesale IT family. Costco IT is a dynamic, fast-paced environment, working through exciting transformation efforts. We are building the next generation retail environment where you will be surrounded by dedicated and highly professional employees.Compliance Engineers support the overarching values and business goals of Costco as they relate to meeting legal and regulatory obligations, identifying technical risks to the business, protecting member data and privacy, and ensuring continued compliance with Costco's policies. Compliance Engineers work cross-functionally to define and set guidance in response to emerging standards and legislations, ensure policies and procedures are implemented and well documented, perform technical architecture, network and system reviews, ensure compliance requirements and controls are designed and implemented prior to go-live, and identify compliance problems that require formal attention. Compliance Engineers speak both technical and business language interchangeably to effectively communicate and lead.Costco's Identity and Access Management (IAM) team is responsible for delivering global enterprise-wide identity, access, directory and authentication services capabilities that support cloud and on-prem application services. IAM utilizes a hybrid architectural approach consisting of multi-platform and multi-prem methods to provide a wide range of capability for users and web services. The IAM group integrates both legacy and modernized infrastructure components to support global company initiatives.The IAM team is responsible for ensuring continued security and regulatory compliance in Costco's IAM platforms. This is accomplished through alignment to compliance regulations and laws, tracking and remediation of vulnerabilities as well as policy exceptions and risk acceptances. This role will work closely with IS Compliance and Security, Internal Audit, Legal and business teams to address continuous compliance and identify ways to overcome findings related to noncompliance reporting all findings for remediation within the timeframe relative to the severity of the finding. This role also tracks, reports, and advises IAM teams on incorporating controls into their day-to-day operations so that execution of the controls becomes business as usual. The successful candidate will anticipate regulatory impacts, promote company awareness, meet compliance deadlines, propose solutions to deficiencies, and communicate effectively at all levels.If you want to be a part of one of the worldwide BEST companies "to work for", simply apply and let your career be reimagined.ROLE

• Promotes and supports a culture of compliance, risk avoidance/mitigation, and corporate accountability throughout the organization through technical leadership, knowledge of business need, development and communication of policies, procedures, plans, and assurance of solution designs that are following architecture standards, technology guardrails, security, and operational guidelines.
• Provides governance for the identification, validation, and remediation of information technology controls for any applicable regulatory compliance frameworks.
• Establishes, builds, and implements methodologies designed to identify general system and business controls, and identifies and prioritizes risks.
• Designs testing procedures, including building or designing automation, to identify and evaluate risk exposures and determine the effectiveness and efficiency of controls.
• Engages and collaborates cross-functionally to understand current divisional roadmaps and future strategies to ensure compliance has a seat at the table and compliance requirements are built in by default.
• Presents technical concepts, designs, and solutions to executives, management, and other audiences to gain consensus and/or drive appropriate outcomes.
• Establishes and meets deadlines to ensure adherence to rules, regulations, and/or Costco policy.
• Audits information system activities and systems to confirm compliance and provides management with compliance assessments.
• Develops, manages, and executes plans to communicate and remediate all known material weaknesses, significant deficiencies and control deficiencies, and minimize findings noted by either internal or external auditors or assessors.
• Manages Internal Audit and external assessor engagement to ensure clear understanding of expectations and to ensure evidence is collected and provided in a timely manner.
• Serves as a subject matter expert for governance and compliance frameworks for IT and business process regulations and requirements.
• Works with stakeholders in execution of risk management and data compliance corporate initiatives across the business.
• Promotes, supports, and evangelizes a culture of compliance, risk avoidance/mitigation and corporate accountability throughout the organization.
• Manages the business relationships with internal and external auditors/assessors.
• Develops and executes creation of compliance programs and drives maturity.
• Reviews data, designs, network, and data flows to identify compliance concerns or opportunities to improve control implementation.
• Supports long-term design and operational work efforts to validate and drive control alignment and requirements.
• Ensures regulatory and industry requirements are correctly mapped to common compliance controls.
• Coordinates with information security teams to review new projects and programs to ensure compliance.
• Identifies control requirements, pass conditions, and evidence needs for common compliance controls.
• Identifies areas of opportunity to automate evidence collection as well as provide feedback on areas of opportunity for control streamlining; implement automation opportunities.
• Logs identified issues, concerns, audit findings, and exceptions; works with teams to ensure draft solutions meet compliance requirements.
• Participates in the development and update of IT policies and standards, ensures alignment with known regulatory requirements, identifies areas lacking controls coverage, and validates exceptions.
• Represents compliance with IT teams to translate and support ability to meet updated policies, standards, controls, and/or regulatory requirements. Updates existing processes to meet new requirements.
• Leads the evaluation and implementation of other new compliance solutions and technologies.
• Participates in lines of business and enterprise cross-functions compliance strategic planning.REQUIRED
• 7+ years' experience in a compliance or GRC team.
• Deep understanding in all aspects of risk management, data compliance, information privacy strategy, technologies and tools.
• Deep understanding of controls, measuring effectiveness, and evaluating maturity of processes.
• Experience with regulatory compliance and industry standards, such as HIPAA, GDPR, SOX, and PCI.
• Demonstrated leadership skills with ability to work effectively at executive levels. Working knowledge of Information Security best practices, policies, standards, and baselines, including industry standards and guidelines from ISO 27001/27002, NIST CSF, CIS, and OWASP.
• Technical working experience/knowledge of operating systems, databases, web applications, middleware, and other computing devices/software components.
• Experience in computer software or computer networking.
• Strong analytical, problem-solving, and critical-thinking skills.
• Strong communication skills and attention to detail.Recommended:
• Bachelor's degree in Information Security, Computer Science, or equivalent experience.
• Compliance and security certifications preferred (e.g., Security+, GCIA, GCIH, CISSP, CEH, CCSP, CISA, CISM, etc.).
• Ability to work with cross-business and cross-functional teams in a geographically distributed environment.
• Ability to work independently, as well as part of the team.
• Ability to conduct root cause analysis against identified controls gaps and aid in solutioning, process creation.
• Ability to examine issues both strategically and analytically.
• Ability to work on multiple, simultaneous initiatives.
• Ability to research and present topics.
• Proficient in Google Workspace applications, including Sheets, Docs, Slides, and Gmail.Required Documents
• Cover Letter
• ResumeCalifornia applicants, please click to review the Costco Applicant Privacy Notice.Pay Ranges:Level SR - $150,000 - $190,000, Bonus and Restricted Stock Unit (RSU) eligibleLevel Staff - $180,000 - $225,000, Bonus and Restricted Stock Unit (RSU) eligibleWe offer a comprehensive package of benefits including paid time off, health benefits - medical/dental/vision/hearing aid/pharmacy/behavioral health/employee assistance, health care reimbursement account, dependent care assistance plan, short-term disability and long-term disability insurance, AD&D insurance, life insurance, 401(k), stock purchase plan to eligible employees.Costco is committed to a diverse and inclusive workplace. Costco is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or any other legally protected status. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to IT-Recruiting@costco.com.If hired, you will be required to provide proof of authorization to work in the United States.
  #J-18808-Ljbffr

Keywords: Costco Wholesale, Seattle , Compliance Engineer - Identity and Access Management, Executive , Seattle, Washington