Key skills
PythonGoAWSShopifySaaSCommunication
About this role
Channelwill is a fast-growing Shopify SaaS company serving merchants across the US and EU. They are seeking a hands-on Data Security & GRC Engineer to own compliance governance and audit execution across their US operations.
Responsibilities:
- Own compliance execution for CCPA, EO 14117/14149, and applicable US/EU data privacy requirements; perform gap analyses and drive remediation plans to closure
- Implement and enforce access controls ensuring sensitive US person data is accessible only to authorized US persons; maintain access inventories and conduct periodic reviews
- Design controls for sensitive data classification, lifecycle management (storage, usage, deletion, portability), and data subject rights; assess vendor and cross-border data transfer scenarios for compliance risk
- Ensure AWS infrastructure configuration (regions, data boundaries, CloudTrail audit logs) aligns with data residency commitments to US and EU customers
- Participate in product and engineering reviews (DPIAs) to evaluate new features, data use cases, and integrations for compliance risk
- Lead SOC 2 Type II readiness and end-to-end audit execution — coordinating with internal teams and external auditors
- Conduct access reviews, log validation, and anomaly detection; maintain audit records and generate compliance reports
- Build or improve automated evidence collection (scripting, tooling); develop and maintain a compliance control library across SOC 2, CCPA, EO 14117/14149, and GDPR
Requirements:
- Authorized to work in the United States — no visa sponsorship available
- Bilingual in English and Mandarin (must)
- Bachelor's degree or above in Computer Science, Information Security, or a related field
- 3–5 years of hands-on experience in Data Security, GRC, or Data Compliance — beyond documentation and policy writing
- Proven experience conducting compliance gap analyses and driving remediation to closure
- Hands-on experience with at least one of: SOC 2, CCPA, GDPR, or EO 14117/14149 — including access control implementation, not just policy
- Familiarity with scripting (Python, Go, or similar); able to read and interpret code to validate compliance controls and support audit evidence review
- Strong cross-functional communication skills — able to work closely with engineering, product, and infrastructure teams
- Relevant certifications: CISSP, CISM, CIPP/US, or CDPSE
- Experience with AWS compliance tooling (CloudTrail, AWS Config, data boundary controls)
- Familiarity with cross-border data transfer mechanisms: SCCs, data transfer impact assessments
- Background in SaaS or e-commerce platforms (Shopify ecosystem, third-party integrations)
- Experience in international or cross-cultural team environments