The role's core focus is on building and managing Shopify's compliance programs for our advanced IT systems, it offers a unique opportunity to work in a flexible compliance environment where expertise, innovation, and unconventional approaches are highly valued.

In this role, you have the autonomy to discover, analyse, and solve security and compliance problems at scale. Resourcefulness is key - you’ll need to be able to quickly gather context on infrastructure, systems, software, and safeguards to help Shopify continue shipping and scaling while staying secure, trustworthy, and usable.

A ‘day in the life’ of this role may include any, or all, of the following:

• Writing and updating code that automates and supports audit and compliance programs.

• Meeting with SMEs from Production Engineering, Security Engineering, Product, Legal, and other areas to learn how Shopify works and ensure that the compliance programs accurately reflect what we do and how we do it.

• Engaging with external auditors to design and perform audits for programs such as SOC, SOX, PCI and others.

• Providing expert advice to Shopify teams with regard to security and compliance domains you manage

We want a dynamic technical expert capable of managing projects, solving complex problems, simplifying solutions, and inspiring and up-skilling the team.

This role is ideal for you if you are someone who enjoys being hands-on and building technical things to support your work. You must also be able to organize others as you build and manage complex security compliance programs for a fast paced engineering focused environment.

Qualifications:

• Proven experience performing assurance and advisory roles relating to Information Technology with particular emphasis on system implementations, technical security configurations, and cloud native environments

• Hands-on experience building data analytics, reporting solutions and task automation tooling

• Experience evaluating IT, security and application controls in the context of a compliance program for a company of similar size and complexity of Shopify

• Strong knowledge of industry risk and compliance frameworks such as NIST, ISO, SOX, SOC, and PCI-DSS

• Excellent analytical and problem-solving skills, with the ability to think strategically and identify innovative solutions to complex challenges

• Strong project management skills, with the ability to prioritize and manage multiple initiatives simultaneously using agile project management methodologies

• Exceptional communication and interpersonal skills, with the ability to effectively collaborate with stakeholders

• Self-motivated and adaptable, with a strong drive for continuous learning and professional growth

Responsibilities:

• Be a security expert responsible for owning and building compliance activities for standards such as: SOC, PCI, SOX and others

• Dive deep into new products or initiatives to surface and analyse the impact on security compliance engineering

• Leverage data and visualization tools to identify areas for improvement, track progress and inform trusted decisions

• Be a strong and credible influencer among cross functional engineering and business teams

• Actively seek out opportunities to develop and deploy automations that will increase team efficiency

• Anticipate changes in our trust and security posture as the technical footprint and company operations change, and help propose solutions to adapt to change

• Develop safeguards, systems and policies that meet compliance requirements while balancing the need to move fast and stay innovative