Staff Engineer - Regulatory Technology

About The Position

Requirements

• 7+ years of software engineering or software development experience with modern architectures and engineering practices.
• 7+ years of technical project leadership experience supporting engineering initiatives on cross-functional teams.
• 5+ years of experience in internal audit, external assessments, risk management, regulatory compliance, or information security within a corporate environment.
• 5+ years of experience with audit methodologies, internal control frameworks, risk assessments, and control testing techniques, applied to cloud and modern technology environments.
• 3+ years of hands-on experience with cloud security engineering, architecture, and/or automation, including technical controls in cloud-native platforms (AWS, Azure, GCP).

Nice To Haves

• Strong understanding of the software development lifecycle (SDLC) and secure development practices.
• Experience with AI/ML platforms, tools, and related risk considerations.
• Understanding of regulatory frameworks and security standards (NIST, ISO, HITRUST, HIPAA, PCI, SOC 1/SOC 2, SOX) and ability to translate requirements into technical solutions.
• Experience with DevOps/DevSecOps, CI/CD pipelines, infrastructure-as-code, and modern cloud infrastructure and cybersecurity patterns.
• Ability to document and translate complex technical requirements for development team consumption.
• Strong attention to detail with exceptional analytical and problem-solving skills.
• Demonstrated ability to influence across engineering, security, and business teams.
• Excellent written and verbal communication skills.
• Experience working with risk management frameworks and identifying cybersecurity risks in modern technology environments.
• Strong program management skills, including strategic planning, road-mapping, and technical project execution.
• Industry experience in Healthcare, Insurance, or Retail is a plus.
• Relevant certifications such as CCSK, CCSP, CISSP, CRISC, or similar credentials.

Responsibilities

• Development and delivery of technology solutions supporting technology compliance and audit management.
• Design, modernize, and operationalize technology solutions for regulatory frameworks (SOX, SOC 1, SOC 2, PCI, HITRUST, NIST 800‑53, NYDFS, etc.).
• Partner with engineering teams, control owners, and security architects to develop audit-ready control environments.
• Automate evidence collection for complex technology stacks (cloud-native, distributed systems, AI/ML, DevSecOps).
• Translate regulatory requirements into scalable technical controls, automated testing, and compliance indicators.
• Contribute to the development and continuous improvement of compliance tooling, control processes, dashboards, and metrics.
• Collaborate with IT, business partners, L&D, Internal Audit, Legal, and external assessors for alignment and consistent execution.

Benefits

• Medical coverage
• Dental coverage
• Vision coverage
• Paid time off
• Retirement savings options
• Wellness programs
• CVS Health bonus, commission or short-term incentive program
• Award target in the company’s equity award program