Costco IT is responsible for the technical future of Costco Wholesale , the third largest retailer in the world with wholesale operations in fourteen countries. Despite our size and explosive international expansion, we continue to provide a family, employee centric atmosphere in which our employees thrive and succeed. As proof, Costco ranks eighth in Forbes "World's Best Employers" .
This is an environment unlike anything in the high-tech world and the secret of Costco's success is its culture. The value Costco puts on its employees is well documented in articles from a variety of publishers including Bloomberg and Forbes. Our employees and our members come FIRST. Costco is well known for its generosity and community service and has won many awards for its philanthropy. The company joins with its employees to take an active role in volunteering by sponsoring many opportunities to help others.
Come join the Costco Wholesale IT family . Costco IT is a dynamic, fast-paced environment, working through exciting transformation efforts. We are building the next generation retail environment where you will be surrounded by dedicated and highly professional employees.
Compliance Engineers support the overarching values and business goals of Costco as they relate to meeting legal and regulatory obligations, identifying technical risks to the business, protecting member data and privacy, and ensuring continued compliance with Costco's policies. Compliance Engineers work cross functionally to define and set guidance in response to emerging standards and legislations; ensure policies and procedures are implemented and well documented; perform technical architecture, network, and system reviews; ensure compliance requirements and controls are designed and implemented prior to go-live; and identify compliance problems that require formal attention. Compliance Engineers speak both technical and business language interchangeably to effectively communicate and lead.
The IT Privacy Compliance Engineer is a key member of the IT Information Security and Compliance team reporting to the Manager of the IT Privacy team. This position will be focused on all aspects of Privacy that involve our Costco Wholesale Privacy posture, handling of PI data, and how we are compliant with U.S. State and International Privacy Laws. This includes, but is not limited to, creating, institutionalizing, and rolling out an Integrated Controls framework that addresses the multitude of regulatory Privacy requirements with internal stakeholders for reporting on progress versus objectives on a regular basis, which includes the design, collation, review, analysis, distribution, and communication of our Privacy framework. This position will be focused on all aspects of Privacy risk management and data with a particular emphasis on California Privacy Law, HIPAA, PII (domestic and international), GDPR, and other industry or regulatory compliance that impact the Costco Mobile app.
The IT Privacy Compliance Engineer will work very closely with the digital engineering teams, including architects, developers, analytics experts, and other teams to build and maintain a strong privacy rules engine that meets the security, privacy, risk, and compliance requirements laid out by Information Security, Compliance, legal, and business stakeholders.
If you want to be a part of one of the worldwide BEST companies "to work for", simply apply and let your career be reimagined.
ROLE
• Provides governance for the identification, validation, and remediation of information technology controls for any applicable regulatory compliance frameworks.
• Establishes, builds, and implements methodologies designed to identify general system and business controls, and identifies and prioritizes risks.
• Designs testing procedures, including building or designing automation, to identify and evaluate risk exposures and determine the effectiveness and efficiency of controls.
• Maintains a strong understanding and adherence of current and upcoming standards, regulations, and legislation.
• Engages and collaborates cross functionally to understand current divisional roadmaps and future strategies to ensure compliance has a seat at the table and compliance requirements are built in by default.
• Presents technical concepts, designs, and solutions to executives, management, and other audiences to gain consensus and/or drive appropriate outcomes.
• Establishes and meets deadlines to ensure adherence to rules, regulations, and/or Costco policy.
• Assists and supports the organization with initial compliance with ongoing preparation, testing, and monitoring of conformance.
• Promotes and supports a culture of compliance, risk avoidance/mitigation, and corporate accountability throughout the organization.
• Automates, documents, shares, educates, delegates, and improves processes.
• Builds prototypes of potential features.
• Creates conceptual and detailed technical design documents and standards.
• Collaborates with architects to plan, design, implement, and improve new capabilities, enhancements, solutions, and/or platforms.
• Applies knowledge to practical and sustainable applications and capabilities.
• Partners with project managers, solution leads, and other stakeholders to establish the rough order of magnitude estimates, to create and maintain a robust framework to support applications, and to deliver quality solutions.
• Contributes, interprets, and communicates enterprise, technical, project, and operational strategies to the team.
• Develops team vision to drive new capabilities against a published roadmap, in conjunction with management.
• Ensures that proposed and existing systems are aligned with organizational standards, goals, and objectives.
• Formulates and directs activities that align short term goals and long-term initiatives while providing accurate and timely estimates of work breakdown schedules.
• Works with teams, management, and stakeholders to conceptualize, design, build, test, and release products
• Shares relevant information among teams.
• Influences and drives adoption of best practices and high-quality standards throughout the division.
• Integrates diverse solution components across multiple platforms using industry standard interfaces.
• Tests and resolves problems, performs root cause analysis, identifies gaps, recommends solutions and preventative measures, and leads team members to solution delivery plans.
• Orchestrates reviews for system additions and/or enhancements.
• Promotes and supports a culture of compliance, risk avoidance/mitigation, and corporate accountability throughout the organization through technical leadership, knowledge of business need, development and communication of policies, procedures, and plans, and assurance of solution designs that are in compliance with architecture standards, technology guardrails, security, and operational guidelines.
• Provides leadership/mentoring to team members, implements development efficiencies, creates appropriate documentation, drives operational efficiencies and technical growth within the team, and supports the release model
• Optimizes team efficiency and performance through high level technical direction.
• Provides technical leadership in implementation of applications, strategic planning sessions, documentation of requirements, tool implementation, database query languages, and programming languages.
• Uses subject matter expertise to support industry standard source control and source change management techniques.
• Presents technical designs and solutions to executives, management, and other audiences to gain consensus and/or project approval.
• Serves as a subject matter expert for privacy framework implementations in mobile apps with a strong understanding of digital analytics frameworks.
• Works as a stakeholder in the execution of risk management, information security, and data compliance initiatives across Digital.
• Promotes and supports a culture of compliance, risk avoidance/mitigation, and corporate accountability throughout the organization.
• Reviews technical design, implementation, and recommends changes required to process tracking software and privacy rules laid out by the privacy rules engines, such as Onetrust, Vault JS or other types of monitoring tools.
• Develops required corrective action plans relating to data compliance issues.
• Manages the coordination and relationships with various development teams, technical architects, executives, and other key stakeholders for privacy requirements.
• Researches and evaluates new compliance requirements and works with other stakeholders and owners to ensure they are incorporated into the backlog with detailed requirements.
• Defines and implements a risk-based approach to identify, monitor, measure, and report various types of security risk and compliance issues
• Evaluates security and risk assessments of internal business units and external vendors and service providers.
• Provides governance for the identification, validation, and remediation of information technology controls required by Personally Identifiable Information (PII), HIPAA, California Privacy Law, and other regulatory compliance frameworks to ensure successful audits of these compliance programs.
REQUIRED
• 2 years' proven experience developing and executing global privacy compliance programs.
• Demonstrated technical experience in implementing and supporting privacy management platforms in a large enterprise.
• Deep understanding in all aspects of risk management, data compliance, information security strategy, technologies, and tools.
• Demonstrated leadership skills with ability to work effectively at executive levels.
• Excellent conceptual and critical thinking skills and sound judgment, with strategic orientation and ability to perform tactically, as required.
• Experience in providing technical expertise appropriate to knowledge of risk and cost-effective delivery of essential security services.
• Solid understanding of IT systems, applications, networks, and databases.
• Proven experience developing and submitting audit and compliance reports to governing bodies, legal entities, and/or external authorities.
• Solid understanding of assessing and designing internal controls in an enterprise-level environment.
• Direct experience and knowledge of applicable local and federal information technology laws.
• Mix of broad business and technical acumen.
• Ability to inspire and influence technical designs to meet the security and privacy requirements.
• Excellent communication skills, both written and oral.
Recommended
• Past or current certifications in one of the following areas: CIPT, CIPP
• Architectural level experience in information security, data compliance, and risk management.
• Proven people management experience - worked with a variety of teams globally.
• Experience in planning, organizing, and developing information technology policies, procedures, and practices.
• Ability to propose creative solutions to successfully remediate identified compliance issues.
Required Documents
• Cover Letter
• Resume
California applicants, please click here to review the Costco Applicant Privacy Notice.
Pay Ranges:
Level SR - $150,000 - $190,000, Bonus and Restricted Stock Unit (RSU) eligible
Level Staff - $180,000 - $225,000, Bonus and Restricted Stock Unit (RSU) eligible
We offer a comprehensive package of benefits including paid time off, health benefits - medical/dental/vision/hearing aid/pharmacy/behavioral health/employee assistance, health care reimbursement account, dependent care assistance plan, short-term disability and long-term disability insurance, AD&D insurance, life insurance, 401(k), stock purchase plan to eligible employees.
Costco is committed to a diverse and inclusive workplace. Costco is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or any other legally protected status. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to
If hired, you will be required to provide proof of authorization to work in the United States.