Security Risk Manager Jobs (NOW HIRING)

Costco IT is responsible for the technical future of Costco Wholesale, the third largest retailer in the world with wholesale operations in fourteen countries. Despite our size and explosive international expansion, we continue to provide a family, employee centric atmosphere in which our employees thrive and succeed.

This is an environment unlike anything in the high-tech world and the secret of Costco's success is its culture. The value Costco puts on its employees is well documented in articles from a variety of publishers including Bloomberg and Forbes. Our employees and our members come FIRST. Costco is well known for its generosity and community service and has won many awards for its philanthropy. The company joins with its employees to take an active role in volunteering by sponsoring many opportunities to help others.

Come join the Costco Wholesale IT family. Costco IT is a dynamic, fast-paced environment, working through exciting transformation efforts. We are building the next generation retail environment where you will be surrounded by dedicated and highly professional employees.

Compliance Engineers support the overarching values and business goals of Costco as they relate to meeting legal and regulatory obligations, identifying technical risks to the business, protecting member data and privacy, and ensuring continued compliance with Costco's policies. Compliance Engineers work cross functionally to define and set guidance in response to emerging standards and legislations, ensure policies and procedures are implemented and well documented, perform technical architecture, network and system reviews, ensure compliance requirements and controls are designed and implemented prior to go-live and identify compliance problems that require formal attention. Compliance Engineers speak both technical and business language interchangeably to effectively communicate and lead.

Engineers have deep knowledge and hands-on experience in enterprise-wide platforms, and solve technical problems while
working on technology initiatives. Engineers have strong architectural, leadership, and technical skills. They ensure delivery of
high-quality artifacts, and adhere to and follow Costco's SDLC. Engineers interact in a highly effective manner with other team
members and management, drive innovation, and influence delivery and performance.

The Compliance Engineer in Security Risk Management is responsible for the hands-on design, execution, and continuous improvement of the security risk management program. Responsibilities include owning specific functional responsibilities that directly contribute to security risk assessment deliverables and organizational risk posture. However, the role as an engineer involves more than execution of day-to-day operations. As a subject matter expert, responsibilities would include development and execution of teams strategic vision and plan ensuring work delivers value aligned to overall information security organization's goals and objectives.

We are seeking a dynamic and experienced engineer to join our Security Risk Management team. This role will be pivotal in executing our risk management strategy, including owning the identification and assessment of security risks, the design and implementation of automated risk and control assessment processes and maintaining a centralized risk register and reporting that drives organizational decisions

As a key individual contributor engineer will work independently and with high autonomy, driving innovation in security risk management operations. Will work closely with security teams, privacy experts, legal and other IT and business leaders to provide actionable insights and drive risk based decision making across the organization.

If you want to be a part of one of the worldwide BEST companies "to work for", simply apply and let your career be reimagined.

ROLE

• Promotes and supports a culture of compliance, risk avoidance/mitigation, and corporate accountability throughout the organization through technical leadership, knowledge of business need, development and communication of policies, procedures, and plans, and assurance of solution designs that are in compliance with architecture standards, technology guardrails, security, and operational guidelines.

• Works well under pressure to identify and problem-solve high intensity situations with a strong sense of urgency; shows the ability to make decisions and work through ambiguity.

• Leads/Participates in the creation, implementation, monitoring, and maintenance of Security Policies and Standards.

• Serves as subject matter expert for enterprise security risk assessments, risk response, and risk management programs.

• Aggregates and analyzes risk signals from vulnerability management, threat intelligence, cloud security, and other security domains to inform risk decisions and priorities.

• Utilizes a risk-based approach to assess, prioritize, and communicate security risks across the organization.

• Researches and monitors emerging risks associated with new technologies such as Artificial Intelligence (AI), implementations, and configurations, applying industry best practices to reduce organizational exposure.

• Identifies attack surface reduction opportunities through analysis of risk and environment data across the enterprise.

• Works analytically to solve both tactical and strategic risk problems, balancing short-term response with long-term program maturity.

• Translates business and compliance requirements into technical risk specifications and partners with security teams to ensure appropriate controls are in place.

• Understands regulatory and compliance requirements that impact security and collaborates with business and project teams to develop risk-appropriate solutions, including supporting audit activities.

• Collaborates with Compliance, Internal Audit, and Business teams to identify, analyze, and communicate risk within their operational context.

• Assumes a leadership role in advocating for adherence to security controls that protect corporate applications and environments.

• Leads efforts to mature the organization's risk management program, partnering cross-functionally with Vulnerability Management, AppSec, Cloud Security, and other security domains.

• Influences and drives adoption of security risk best practices and quality standards across the division without direct ownership of execution.

• Presents risk posture, technical findings, and recommendations to executives, management, and cross-functional audiences to build consensus and drive decisions.

• Leverages AI-powered tools to enhance risk identification, prioritization, and reporting workflows, identifying opportunities to responsibly automate risk processes.

• Automates, documents, educates, and delegates risk processes to improve efficiency and scalability across the team.

• Participates in and oversees the collection and aggregation of risk data from a wide variety of sources and formats to assess relevance to the environment.

• Contributes as an active member of the InfoSec and Compliance team, participating in planning, skills development, and initiatives that improve team communication and quality of work.

• Maintains current knowledge of industry trends, frameworks, and standards; proactively pursues professional growth in technology, business acumen, and organizational platforms and policies.

• This is a full-time position (45+ hours per week).

REQUIRED

• 8 -12+ years of directly related experience.

• Strong understanding of Information Security and Security Governance, Risk and Compliance frameworks, methodologies, and practices.

• Technical security and architecture knowledge with the ability to recognize, analyze and troubleshoot issues, and articulate those to both technical and non-technical audiences

• Strong leadership and team management skills, with a demonstrated ability to lead cross-functional teams and drive organizational change

• Superb communication and relationships skills, especially the ability to understand and articulate advanced technical topics to non-technical audiences and build consensus among partners and leadership.

• HIPAA Training and Supervisors Orientation (within 30 days of hire); Leadership Development 101 (within one year); Costco Pay Policies (within 90 days of promotion).

• Bachelor's degree in Information Technology, Artificial Intelligence, Cybersecurity, Risk Management, or related field.

• Relevant certifications such as CISSP, CISM, or CRISC.

• Proficient in Google Workspace applications, including Sheets, Docs, Slides, and Gmail.

Required Documents

Cover Letter

Resume

California applicants, please click here to review the Costco Applicant Privacy Notice.

Pay Ranges:

Level SR - $150,000 - $190,000

Level Staff - $180,000 - $225,000

We offer a comprehensive package of benefits including paid time off, health benefits - medical/dental/vision/hearing aid/pharmacy/behavioral health/employee assistance, health care reimbursement account, dependent care assistance plan, short-term disability and long-term disability insurance, AD&D insurance, life insurance, 401(k), stock purchase plan to eligible employees.

Costco is committed to a diverse and inclusive workplace. Costco is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or any other legally protected status. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to IT-Recruiting@costco.com

If hired, you will be required to provide proof of authorization to work in the United States.