NEW JOB OPENING
COMPLIANCE & PRIVACY ENGINEER
IN Cupertino, CA, USA!

Education & Required Qualifications:

• Bachelor's degree in computer science, information security, data engineering, or a related field.

• 10+ years of experience in compliance engineering, data governance, privacy engineering, or a related discipline.

• Hands-on experience with data classification frameworks and metadata management in enterprise environments.

• Familiarity with regulatory and audit frameworks such as PCI DSS, PCI PIN, SOX, etc.

• Working knowledge of compliance and monitoring tools (e.g., Splunk, GitHub, or similar).

• Experience with AWS cloud services and routine cloud operations.

• Strong documentation skills with proficiency in Confluence, Quip, or similar collaboration platforms.

• Excellent organizational and project management skills with the ability to track multiple workstreams simultaneously.



Preferred Qualifications:

• Experience with data privacy regulations (e.g., GDPR, CCPA) and privacy-by-design principles.

• Familiarity with vulnerability management tools and patching lifecycle processes.

• Relevant certifications such as CISA, CISM, CRISC, PCI QSA, CIPM/CIPP, or AWS certifications.

• Experience working in large-scale enterprise environments with complex data ecosystems.

• Strong cross-functional communication skills with the ability to engage both technical and non-technical stakeholders.



About the Role:

• We are seeking a detail-oriented and proactive Compliance & Privacy Engineer to join our team. This role sits at the intersection of data governance, privacy engineering, and regulatory compliance. The ideal candidate will be responsible for maintaining the integrity of our centralized data registry, enforcing data classification standards, and driving execution of compliance controls across multiple audit and assessment frameworks. This is a hands-on role requiring strong organizational skills, technical aptitude, and cross-functional collaboration.



Key Responsibilities:

Data Registry & Privacy Governance

• Metadata Management: Input, update, and validate metadata for databases and data assets within a centralized data registry, ensuring all entries are current and accurate.

• Data Classification & Tagging: Apply data tags and classifications (e.g., data type, sensitivity level, personal data indicators) in alignment with established privacy and data governance standards.

• Stakeholder Collaboration: Review database documentation and collaborate closely with data owners, engineers, and privacy stakeholders to ensure accurate and comprehensive metadata capture.

• Migration Support: Support migration activities by mapping existing metadata to new registry schemas and standards, ensuring continuity and compliance during transitions.

• Quality Assurance: Perform regular quality checks to ensure completeness, consistency, and accuracy of tagged and classified data across the registry.



Compliance Monitoring & Execution

• Compliance Controls Execution: Monitor, track, and execute compliance controls across all audits and assessments, ensuring timely completion and adherence to regulatory requirements.

• Monthly Controls Management: Track and execute recurring monthly controls, including but not limited to Splunk monitoring, GitHub access reviews, patching status verification, and baseline compliance checks.

• Tooling & Platform Monitoring: Actively monitor compliance and governance tools (e.g., Compass, Verdad, Plato) for WPC (Worldwide Privacy & Compliance) operations, flagging issues and ensuring tool health.

• Audit & Project Tracking: Monitor and track all scheduled tickets related to WPC audits and projects, ensuring milestones are met and blockers are escalated promptly.

• Vulnerability & Patch Management: Monitor and track patching cycles, aging vulnerabilities, and vulnerability reports, coordinating remediation efforts with relevant engineering teams.

• Training Compliance: Monitor and track PCI training completion across applicable teams, ensuring all personnel maintain required certifications and awareness.

• Evidence Collection: Assist in collecting, organizing, and submitting evidence required for WPC audits, including but not limited to PCI, PCI PIN, APN, SOX etc assessments.

• Documentation & Project Management: Maintain Confluence and Quip documentation spaces to track all internal compliance projects, issues, progress, and follow-ups. Serve as a project management point of contact for internal compliance initiatives, driving accountability and visibility.

• Cloud Operations: Perform AWS routine operational tasks in support of compliance infrastructure and monitoring.



What We Value:

• Attention to Detail — Precision in data tagging, metadata validation, and audit evidence collection.

• Collaboration — Ability to work across engineering, privacy, and compliance teams seamlessly.

• Accountability — Ownership of compliance timelines, controls, and project deliverables.

• Continuous Improvement — A mindset geared toward optimizing processes, tools, and documentation.

• **Only those lawfully authorized to work in the designated country associated with the position will be considered.**

• **Please note that all Position start dates and duration are estimates and may be reduced or lengthened based upon a client’s business needs and requirements.**