Security Engineer - Compliance

Trust & Security
Shopify receives millions of unique visitors each month and serves billions of requests per day. That’s a lot of people counting on us! Our Processing Integrity Team ensures we provide a trustworthy commerce platform for our 500,000+ merchants. To do so, we perform full security audits of our product and infrastructure regularly, as well as scheduled third-party audits. That’s a lot of work! We’re looking for a Security Engineer focused on our compliance efforts who will be auditor-facing and help us to test, document, and present the required data to ensure we are upholding the commitments of our internal security practices as outlined by our documentation.

Who are we looking for? An experienced individual contributor who will impact the direction of an organization. You are fluent in IT general controls best practices and can adapt quickly to the constant evolution of our company and our products. You’re resourceful and enjoy deep diving into your domain of expertise. Communication is key, both internally and externally, as our team spends a great deal of time describing systems, activities, and processes to people across a broad spectrum of technical backgrounds.

More about your abilities and experiences you’ll bring to the team:

    • Digging into a concept or a problem until you can explain it in your sleep
    • Understanding complex systems and software and identify areas of security concern
    • Translating technical jargon and complicated concepts into something totally simple and easily understood
    • Working with technical and financial compliance standards
    • Conducting control testing
    • Presenting compliance data and work with auditors

It'd be great if you have:

    • Previous exposure to SOC2/SAS70/SSAE16/SSAE18 and/or SOX IT General Control audits
    • Accounting experience
    • Experience in an auditor-facing role
    • Experience performing technical audits

You’ll be working on:

    • Contributions to SOC 1, SOC 2, and IT Controls for SOX documentation
    • Data collection, testing, and ensuring internal compliance with Shopify SOC and SOX documentation
    • Performing audits and quarterly testing to ensure we are upholding our outlined standards
    • Compiling compliance evidence to present to auditors
    • Communicating this evidential data to auditors in a comprehensive manner
    • Auditor-facing explanations of how our systems work
    • Ensuring internal and external teams are able to effectively test our compliance standards
    • Owning internal controls for processing integrity programs
    • Reviewing third-party compliance reports
    • Resolving merchants’ security queries
How to Apply 📄 ➡️ 📬 

If you’re interested in helping us shape the future of commerce at Shopify, click the “Apply Now” button to submit your application. Also, we 💚 automation here, but not at this stage: the actual real live human reading your application is named Frances. 👋 👩‍💻.

Experience comes in many forms, many skills are transferable, and passion goes a long way. If your experience is this close to what we’re looking for, consider applying. We know that diversity of thought makes for the best problem-solving and creative thinking, which is why we're dedicated to adding new perspectives to the team and encourage everyone to apply.