Senior Security Compliance Engineer

About The Role

The role's core focus is on building and managing Shopify's compliance programs for our advanced IT systems, offering a unique opportunity to work in a flexible compliance environment where expertise, innovation, and unconventional approaches are highly valued. In this role, you have the autonomy to discover, analyze, and solve security and compliance problems at scale. Resourcefulness is key - you’ll need to be able to quickly gather context on infrastructure, systems, software, and safeguards to help Shopify continue shipping and scaling while staying secure, trustworthy, and usable. A ‘day in the life’ of this role may include any, or all, of the following:

• Writing and updating code that automates and supports audit and compliance programs.
• Meeting with SMEs from Production Engineering, Security Engineering, Product, Legal, and other areas to learn how Shopify works and ensure that the compliance programs accurately reflect what we do and how we do it.
• Engaging with external auditors to design and perform audits for programs such as SOC, SOX, PCI and others.
• Providing expert advice to Shopify teams with regard to security and compliance domains you manage.

We want a dynamic technical expert capable of managing projects, solving complex problems, simplifying solutions, and inspiring and up-skilling the team. This role is ideal for you if you are someone who enjoys being hands-on and building technical things to support your work. You must also be able to organize others as you build and manage complex security compliance programs for a fast-paced engineering-focused environment.

Qualifications:

• Proven experience performing assurance and advisory roles relating to Information Technology with particular emphasis on system implementations, technical security configurations, and cloud-native environments.
• Hands-on experience building data analytics, reporting solutions and task automation tooling.
• Experience evaluating IT, security, and application controls in the context of a compliance program for a company of similar size and complexity to Shopify.
• Strong knowledge of industry risk and compliance frameworks such as NIST, ISO, SOX, SOC, and PCI-DSS.
• Excellent analytical and problem-solving skills, with the ability to think strategically and identify innovative solutions to complex challenges.
• Strong project management skills, with the ability to prioritize and manage multiple initiatives simultaneously using agile project management methodologies.
• Exceptional communication and interpersonal skills, with the ability to effectively collaborate with stakeholders.
• Self-motivated and adaptable, with a strong drive for continuous learning and professional growth.

Responsibilities:

• Be a security expert responsible for owning and building compliance activities for standards such as: SOC, PCI, SOX and others.
• Dive deep into new products or initiatives to surface and analyze the impact on security compliance engineering.
• Leverage data and visualization tools to identify areas for improvement, track progress, and inform trusted decisions.
• Be a strong and credible influencer among cross-functional engineering and business teams.
• Actively seek out opportunities to develop and deploy automations that will increase team efficiency.
• Anticipate changes in our trust and security posture as the technical footprint and company operations change, and help propose solutions to adapt to change.
• Develop safeguards, systems, and policies that meet compliance requirements while balancing the need to move fast and stay innovative.

About Shopify

Opportunity is not evenly distributed. Shopify puts independence within reach for anyone with a dream to start a business. We propel entrepreneurs and enterprises to scale the heights of their potential. Since 2006, we’ve grown to over 8,300 employees and generated over $1 trillion in sales for millions of merchants in 175 countries. This is life-defining work that directly impacts people’s lives as much as it transforms your own. This is putting the power of the few in the hands of the many, is a future with more voices rather than fewer, and is creating more choices instead of an elite option.

About You

Moving at our pace brings a lot of change, complexity, and ambiguity—and a little bit of chaos. Shopifolk thrive on that and are comfortable being uncomfortable. That means Shopify is not the right place for everyone. Before you apply, consider if you can:

• Care deeply about what you do and about making commerce better for everyone.
• Excel by seeking professional and personal hypergrowth.
• Keep up with an unrelenting pace (the week, not the quarter).
• Be resilient and resourceful in face of ambiguity and thrive on (rather than endure) change.
• Bring critical thought and opinion.
• Put AI agents and tools to work on the tasks they're built for, and focus on the work only humans can do.
• Embrace differences and disagreement to get shit done and move forward.
• Work digital-first for your daily work.

We may use AI-enabled tools to screen, select, and assess applications. All AI outputs are reviewed and validated by our recruitment team.

Key skills/competency

• Security Compliance Engineering
• IT Compliance Programs
• SOC, SOX, PCI, PCI-DSS
• NIST, ISO Frameworks
• Automation Scripting
• Data Analytics
• Risk Management
• Cloud Security
• Agile Project Management
• Stakeholder Collaboration