Compliance Engineer

About The Position

Requirements

• Experience with Python or other programming and scripting languages is required.
• Strong understanding of Public Sector compliance security standards including NIST 800-53, SOC 2, CMMC, ISO, CyberEssentials UK, and other common compliance frameworks.
• Experience with leading a cloud-first SaaS company through the audit processes.
• Strong focus on normalizing controls across frameworks and standards, with an eye toward improving maturity, scalability, and consistency over time, while looking beyond just “checking the box”.
• AI fluency is a baseline expectation at TRM, meaning the ability to use AI to accelerate repeatable workflows, structure and solve problems, improve output quality, and increase speed and leverage.

Nice To Haves

• Privacy and GDPR experience is a plus.
• Security certifications (e.g., CISSP, CISM) are a plus.
• Previous software development background preferred.

Responsibilities

• Develop scalable and sustainable processes and tools for normalized controls, collecting audit evidence, monitoring controls, and conducting gap analyses.
• Manage TRM’s existing security compliance and certification lifecycle (e.g., SOC 2 Type II, ISO 27001/27701, FedRAMP, CMMC) while planning for and prioritizing future compliance needs.
• Operationalize the GRC program to maintain our regulatory certifications.
• Manage customer due diligence requests including developing and maintaining security collateral for customers (e.g., SIG, CAIQ).
• Conduct enterprise risk assessments and manage the risk registry.
• Develop a vendor risk management program.
• Identify areas for improvement based on input from customers, the go-to-market teams, and overall business objectives.
• Anticipate customer needs with respect to compliance and due diligence.
• Develop automation to programmatically implement controls validations and evidence collections.
• Work to align advanced technologies and Privacy by Design principles from the first stages of development and ensure that the data use meets established regulatory compliance needs.
• Automate repetitive compliance checks through custom integrations, SOAR platforms, or compliance management software.
• Build and leverage APIs for cross-system data integration to pull real-time compliance data into a centralized GRC tool or dashboard.
• Embed compliance checks early in the development lifecycle by integrating security and compliance standards directly into CI/CD pipelines.

Benefits

• TRM’s equity plan may be eligible.
• The company factors in different costs for geographies outside the United States.