Note: The job is a remote job and is open to candidates in USA. CWILL is a post-purchase and retention suite built for Shopify & DTC brands, aiming to enhance customer loyalty and reduce support tickets. They are seeking a Security GRC Engineer to drive data compliance governance and audit execution, focusing on building practical controls around data access and lifecycle management.
Responsibilities
- Support US data compliance requirements (e.g., CCPA, EO 14117)
- Perform gap analysis and define remediation plans
- Design and implement controls for: sensitive data classification, access governance, data lifecycle management
- Build processes for data subject rights (deletion, access, portability)
- Participate in product and engineering reviews (e.g., DPIA)
- Support compliance for new features, data use cases, and vendor/cross-border scenarios
- Support SOC 2 readiness and audit execution
- Conduct access reviews, log validation, and anomaly detection
- Maintain audit records and generate compliance reports
- Build or improve automated evidence collection (e.g., scripting)
- Work with internal teams and external auditors to provide audit evidence
Skills
- Authorized to work in the United States
- Bachelor's degree or above in Computer Science, Information Security, or a related technical field
- 3–5 years of experience in Security, GRC, Data Security, or Data Compliance
- Hands-on experience with at least one compliance framework (e.g., SOC 2, CCPA, GDPR, 14117), beyond policy or documentation
- Practical experience in data compliance governance, including: sensitive data identification and classification, access control and access governance, data lifecycle management (storage, usage, deletion, portability)
- Ability to work with data systems (e.g., databases, data flows, APIs) and translate compliance requirements into technical implementations
- Basic technical capability (e.g., Python, Golang, or scripting) to support audit automation, data validation, or tooling
- Strong cross-functional communication skills, with the ability to work closely with engineering, product, data, and infra teams
- Mandarin (Required)
- Mandarin preferred for day-to-day collaboration
- Relevant certifications such as CISSP, CISM, or CIPP/US
- Experience in SaaS / e-commerce platforms (e.g., Shopify ecosystem) or third-party integrations
- Background in data governance, data platforms, or analytics
- Familiarity with cross-border data transfer compliance
- Understanding of web accessibility standards (e.g., WCAG, ADA) and related privacy/security considerations
Benefits
- 401(k) matching
- Flexible schedule
- Health insurance
- Paid time off
- Vision insurance
Company Overview
CWILL is an eCommerce growth platform offering unified SaaS tools for global DTC brands on Shopify. It was founded in 2014, and is headquartered in Cary, North Carolina, USA, with a workforce of 51-200 employees. Its website is https://www.cwill.com/.