Key skills
Security GRCData ComplianceSOC 2CCPAGDPREO 14117Sensitive Data ClassificationAccess GovernanceData Lifecycle ManagementData Subject Rights ManagementAudit ExecutionAudit AutomationPythonGolangScriptingMandarinAnalyticsShopifySaaSCommunicationCollaboration
About this role
CWILL is a post-purchase and retention suite built for Shopify & DTC brands, aiming to enhance customer loyalty and reduce support tickets. They are seeking a Security GRC Engineer to drive data compliance governance and audit execution, focusing on building practical controls around data access and lifecycle management.
Responsibilities:
- Support US data compliance requirements (e.g., CCPA, EO 14117)
- Perform gap analysis and define remediation plans
- Design and implement controls for: sensitive data classification, access governance, data lifecycle management
- Build processes for data subject rights (deletion, access, portability)
- Participate in product and engineering reviews (e.g., DPIA)
- Support compliance for new features, data use cases, and vendor/cross-border scenarios
- Support SOC 2 readiness and audit execution
- Conduct access reviews, log validation, and anomaly detection
- Maintain audit records and generate compliance reports
- Build or improve automated evidence collection (e.g., scripting)
- Work with internal teams and external auditors to provide audit evidence
Requirements:
- Authorized to work in the United States
- Bachelor's degree or above in Computer Science, Information Security, or a related technical field
- 3–5 years of experience in Security, GRC, Data Security, or Data Compliance
- Hands-on experience with at least one compliance framework (e.g., SOC 2, CCPA, GDPR, 14117), beyond policy or documentation
- Practical experience in data compliance governance, including: sensitive data identification and classification, access control and access governance, data lifecycle management (storage, usage, deletion, portability)
- Ability to work with data systems (e.g., databases, data flows, APIs) and translate compliance requirements into technical implementations
- Basic technical capability (e.g., Python, Golang, or scripting) to support audit automation, data validation, or tooling
- Strong cross-functional communication skills, with the ability to work closely with engineering, product, data, and infra teams
- Mandarin (Required)
- Mandarin preferred for day-to-day collaboration
- Relevant certifications such as CISSP, CISM, or CIPP/US
- Experience in SaaS / e-commerce platforms (e.g., Shopify ecosystem) or third-party integrations
- Background in data governance, data platforms, or analytics
- Familiarity with cross-border data transfer compliance
- Understanding of web accessibility standards (e.g., WCAG, ADA) and related privacy/security considerations