Technical Compliance Engineer - Governance, Risk, Compliance
To see similar active jobs please follow this link: Remote Development jobs
Team Description
The SPACE (Security, Privacy, And Compliance Engineering) team defends Reddit’s employees and compute assets to make Reddit the most trustworthy place for online human interaction. We look for humble experts with a relentlessly resourceful and entrepreneurial “can do” perspective. If you work tirelessly to break into computer networks and just as tirelessly to ensure others cannot, we need you.
Location: This role is only open to candidates currently located and authorized to work in the United States. The role is 100% remote.
(and if you happen to live close to one of our physical office locations, our doors are open for you to come into the office as often as you'd like!)
Role Description
This is a GRC (Governance, Risk, Compliance) Engineer role on the GRC team. We are governance, risk, and compliance experts that are relentlessly resourceful to enable Reddit to manage risk effectively. We value humble experts with a “can do” view of security, risk, and controls with broad and deep technical knowledge, specifically in the fields of security certifications (e.g. SOC2), tech controls (e.g. ITGC), and risk management. We deliver facts and not FUD to our business partners when facing emerging risks.
If you are passionate about tech controls, policy and standards, and effective risk management, we need you. The ideal candidate has a strong technical background and has worked as part of a Governance, Risk, and Compliance or Technical Controls Compliance team. We are looking for those with experience maturing and facilitating tech controls, monitoring control gaps and risks, and building strong cross functional partnership with control owners.
Some of our present and future work include:
Supporting tech control execution to ensure alignment with security control certifications
Leading tech control design and maturity decisions to provide better consistency and value to Reddit
Working across teams to ensure initiatives are greater than the sum of their parts
Promoting Reddit’s unique combination of Security, Privacy, and Compliance Engineering (SPACE)
How You’ll Have Impact:
This position has flexibility throughout GRC with ample opportunity to dive deeper across a wide scope of work. You will be a major contributor to Reddit’s technical control framework and operation. You will also partner with many teams to champion Reddit’s Security, Privacy, and Compliance Engineering (SPACE) mission.
What You’ll Do:
Support security compliance initiatives across the organization to mature, enhance, and optimize our controls in partnership with SPACE team members and cross functional stakeholders
Monitor and mature Reddit’s tech control framework to support compliance with industry standards such as SOC 2, SOX, and ISO 27001
Design and build continuous control monitoring tooling and scripts to mature control execution and reporting
Develop detailed technical recommendations for controls definition, implementation and assessment in partnership with Security and Engineering teams
Collaborate with teams across the organization to identify security and privacy risk mitigation needs
Partner with Security, Privacy, and Engineering teams to implement technical controls.
Maintain compliance documentation, including audit evidence and controls.
Role Requirements:
Expertise in various compliance frameworks such as SOC 2, ISO 27001, SOX ITGC Controls, NIST
Expertise with designing and implementing continuous control monitoring activities leveraging GRC solutions, through Go/Python/NodeJS/unix shell (bash, zsh) practical scripting, and/or data analysis tools
Knowledge of API and data querying
3+ years of experience with GRC tooling configuration
3+ years working in Security governance, risk, and compliance roles. Relevant certifications are a plus.
Support a collaborative, performance-driven culture that builds bridges with other functional groups across the enterprise and maintains positive working relationships
Experience executing compliance initiatives for cloud platforms and interacting with engineering teams to implement controls
Human not reliant on ChatGPT to communicate effectively with business representatives, explaining GRC topics (ELI5)
Benefits:
Comprehensive Healthcare Benefits
401k Matching
Workspace benefits for your home office
Personal & Professional development funds
Family Planning Support
Flexible Vacation (please use them!) & Reddit Global Wellness Days
4+ months paid Parental Leave
Paid Volunteer time off
About the job
Technical Compliance Engineer - Governance, Risk, Compliance
To see similar active jobs please follow this link: Remote Development jobs
Team Description
The SPACE (Security, Privacy, And Compliance Engineering) team defends Reddit’s employees and compute assets to make Reddit the most trustworthy place for online human interaction. We look for humble experts with a relentlessly resourceful and entrepreneurial “can do” perspective. If you work tirelessly to break into computer networks and just as tirelessly to ensure others cannot, we need you.
Location: This role is only open to candidates currently located and authorized to work in the United States. The role is 100% remote.
(and if you happen to live close to one of our physical office locations, our doors are open for you to come into the office as often as you'd like!)
Role Description
This is a GRC (Governance, Risk, Compliance) Engineer role on the GRC team. We are governance, risk, and compliance experts that are relentlessly resourceful to enable Reddit to manage risk effectively. We value humble experts with a “can do” view of security, risk, and controls with broad and deep technical knowledge, specifically in the fields of security certifications (e.g. SOC2), tech controls (e.g. ITGC), and risk management. We deliver facts and not FUD to our business partners when facing emerging risks.
If you are passionate about tech controls, policy and standards, and effective risk management, we need you. The ideal candidate has a strong technical background and has worked as part of a Governance, Risk, and Compliance or Technical Controls Compliance team. We are looking for those with experience maturing and facilitating tech controls, monitoring control gaps and risks, and building strong cross functional partnership with control owners.
Some of our present and future work include:
Supporting tech control execution to ensure alignment with security control certifications
Leading tech control design and maturity decisions to provide better consistency and value to Reddit
Working across teams to ensure initiatives are greater than the sum of their parts
Promoting Reddit’s unique combination of Security, Privacy, and Compliance Engineering (SPACE)
How You’ll Have Impact:
This position has flexibility throughout GRC with ample opportunity to dive deeper across a wide scope of work. You will be a major contributor to Reddit’s technical control framework and operation. You will also partner with many teams to champion Reddit’s Security, Privacy, and Compliance Engineering (SPACE) mission.
What You’ll Do:
Support security compliance initiatives across the organization to mature, enhance, and optimize our controls in partnership with SPACE team members and cross functional stakeholders
Monitor and mature Reddit’s tech control framework to support compliance with industry standards such as SOC 2, SOX, and ISO 27001
Design and build continuous control monitoring tooling and scripts to mature control execution and reporting
Develop detailed technical recommendations for controls definition, implementation and assessment in partnership with Security and Engineering teams
Collaborate with teams across the organization to identify security and privacy risk mitigation needs
Partner with Security, Privacy, and Engineering teams to implement technical controls.
Maintain compliance documentation, including audit evidence and controls.
Role Requirements:
Expertise in various compliance frameworks such as SOC 2, ISO 27001, SOX ITGC Controls, NIST
Expertise with designing and implementing continuous control monitoring activities leveraging GRC solutions, through Go/Python/NodeJS/unix shell (bash, zsh) practical scripting, and/or data analysis tools
Knowledge of API and data querying
3+ years of experience with GRC tooling configuration
3+ years working in Security governance, risk, and compliance roles. Relevant certifications are a plus.
Support a collaborative, performance-driven culture that builds bridges with other functional groups across the enterprise and maintains positive working relationships
Experience executing compliance initiatives for cloud platforms and interacting with engineering teams to implement controls
Human not reliant on ChatGPT to communicate effectively with business representatives, explaining GRC topics (ELI5)
Benefits:
Comprehensive Healthcare Benefits
401k Matching
Workspace benefits for your home office
Personal & Professional development funds
Family Planning Support
Flexible Vacation (please use them!) & Reddit Global Wellness Days
4+ months paid Parental Leave
Paid Volunteer time off