Costco IT is responsible for the technical future of Costco Wholesale, the third largest retailer in the world with wholesale operations in fourteen countries. Despite our size and explosive international expansion, we continue to provide a family, employee centric atmosphere in which our employees thrive and succeed.

This is an environment unlike anything in the high-tech world and the secret of Costco’s success is its culture. The value Costco puts on its employees is well documented in articles from a variety of publishers including Bloomberg and Forbes. Our employees and our members come FIRST. Costco is well known for its generosity and community service and has won many awards for its philanthropy. The company joins with its employees to take an active role in volunteering by sponsoring many opportunities to help others.

Come join the Costco Wholesale IT family. Costco IT is a dynamic, fast-paced environment, working through exciting transformation efforts. We are building the next generation retail environment where you will be surrounded by dedicated and highly professional employees.

Compliance Engineers support the overarching values and business goals of Costco as they relate to meeting legal and regulatory obligations, identifying technical risks to the business, protecting member data and privacy, and ensuring continued compliance with Costco’s policies. Compliance Engineers work cross functionally to define and set guidance in response to emerging standards and legislations, ensure policies and procedures are implemented and well documented, perform technical architecture, network and system reviews, ensure compliance requirements, and controls are designed and implemented prior to go-live and identify compliance problems that require formal attention. Compliance Engineers speak both technical and business language interchangeably to effectively communicate and lead.

Costco is seeking a Compliance Engineer to join our Security Governance team. This role is foundational to building a scalable, data-driven governance program that drives consistent control adoption, measurable maturity, and operational excellence across the enterprise.

We’re looking for a motivated Engineer with a strong interest in governance, risk, and compliance who excels at creating structure from ambiguity. The ideal candidate has experience designing and managing data-driven processes in large enterprise environments and can translate complex compliance requirements into clear, repeatable workflows.

If you want to be a part of one of the worldwide BEST companies “to work for”, simply apply and let your career be reimagined.

ROLE

• Architects and implements automated solutions for control testing, evidence collection, and data validation.

• Builds scalable mechanisms to measure control health, control adoption, and maturity across the enterprise.

• Manages full lifecycle delivery of governance initiatives from requirements through sustainment.

• Coordinates cross-team execution to ensure on-time, high-quality delivery and remove implementation roadblocks.

• Provides technical and strategic leadership in developing governance capabilities and frameworks.

• Mentors and guide analysts while influencing teams to adopt governance processes and standards.

• Translates regulatory and framework requirements into actionable, repeatable security expectations.

• Supports rollout and adoption of controls and governance processes across global technology teams.

• Defines and maintains maturity models across technology and business domains.

• Conducts maturity assessments and root cause analysis to identify improvement opportunities and track remediation progress.

• Collaborates with technology owners, product teams, and audit functions to ensure consistent implementation of governance requirements.

• Communicates governance requirements and maturity insights to leadership through clear, data-driven updates.

• Builds automated workflows and governance capabilities within GRC platforms (e.g. Onspring, ServiceNow).

• Applies foundational technical knowledge (cloud, CI/CD, scripting, data querying) to inform governance design and automation.

REQUIRED

• 6+ years’ experience in a Security Governance, GRC, Security Engineering, Compliance Engineering, or a related technical field with 1 year of experience in leading a team as a team lead.

• 8 -12+ years of directly related experience.

• Proven experience designing or managing data driven compliance or control processes.

• Demonstrated ability to deliver cradle to grave projects, from requirements through rollout and sustainment.

• Hands on experience with automated control testing, evidence collection, or compliance reporting.

• Experience applying security frameworks such as NIST CSF, CIS 18, ISO 27001, or similar.

• Experience with regulatory compliance and industry standards, such as HIPAA, GDPR, SOX, and PCI.

• Ability to translate regulatory and framework requirements into actionable, repeatable technical processes.

• Familiarity with automation concepts and basic scripting or data querying (Python, PowerShell, SQL, etc).

• Experience working with GRC platforms (Onspring, Archer, ServiceNow) or workflow automation tools.

• Strong data analysis skills with the ability to interpret complex information and communicate insights clearly.

• Excellent written and verbal communication; able to articulate technical concepts to varied audiences.

• Demonstrated ability to influence, guide, and collaborate across teams without formal authority.

• Strong organizational and time management skills with the ability to manage multiple priorities.

• Demonstrated leadership skills with ability to work effectively at executive levels.

Recommended

• Compliance and security certifications preferred (e.g., Security+, GCIA, GCIH, CISSP, CEH, CCSP, CISA, CISM, etc.).

• Ability to work with cross-business and cross-functional teams in a geographically distributed environment.

• Ability to work independently, as well as part of the team.

• Ability to conduct root cause analysis against identified controls gaps and aid in solutioning, process creation.

• Ability to examine issues both strategically and analytically.

• Ability to work on multiple, simultaneous initiatives.

• Experience working with clients to provide advice, strategies, and solutions to address compliance challenges and goals.

• Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, Engineering, or equivalent technical experience.

• Ability to research and present topics.

• Proficient in Google Workspace applications, including Sheets, Docs, Slides, and Gmail.

Required Documents

● Cover Letter

● Resume

California applicants, please click here to review the Costco Applicant Privacy Notice.

Pay Ranges:

Level SR - $150,000 - $190,000, Bonus and Restricted Stock Unit (RSU) eligible

Level Staff - $180,000 - $225,000, Bonus and Restricted Stock Unit (RSU) eligible

We offer a comprehensive package of benefits including paid time off, health benefits - medical/dental/vision/hearing aid/pharmacy/behavioral health/employee assistance, health care reimbursement account, dependent care assistance plan, short-term disability and long-term disability insurance, AD&D insurance, life insurance, 401(k), stock purchase plan to eligible employees.

Costco is committed to a diverse and inclusive workplace. Costco is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or any other legally protected status. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to IT-Recruiting@costco.com

If hired, you will be required to provide proof of authorization to work in the United States. Applicants and employees for this position will not be sponsored for work authorization, including, but not limited to H1-B visas.