Technical Compliance Engineer - Governance, Risk, Compliance

Team Description

The SPACE (Security Privacy And Compliance Engineering) team defends Reddit’s employees and compute assets to make Reddit the most trustworthy place for online human interaction.  We look for humble experts with a relentlessly resourceful and entrepreneurial “can do” perspective. If you work tirelessly to break into computer networks and just as tirelessly to ensure others cannot we need you.

Location: This role is only open to candidates currently located and authorized to work in the United States. The role is 100% remote.

(and if you happen to live close to one of our physical office locations our doors are open for you to come into the office as often as you'd like!)

Role Description

This is a GRC (Governance Risk Compliance) Engineer role on the GRC team. We are governance risk and compliance experts that are relentlessly resourceful to enable Reddit to manage risk effectively. We value humble experts with a “can do” view of security risk and controls with broad and deep technical knowledge specifically in the fields of security certifications (e.g. SOC2) tech controls (e.g. ITGC) and risk management. We deliver facts and not FUD to our business partners when facing emerging risks.

If you are passionate about tech controls policy and standards and effective risk management we need you. The ideal candidate has a strong technical background and has worked as part of a Governance Risk and Compliance or Technical Controls Compliance team. We are looking for those with experience maturing and facilitating tech controls monitoring control gaps and risks and building strong cross functional partnership with control owners.

Some of our present and future work include:

• Supporting tech control execution to ensure alignment with security control certifications

• Leading tech control design and maturity decisions to provide better consistency and value to Reddit

• Working across teams to ensure initiatives are greater than the sum of their parts

• Promoting Reddit’s unique combination of Security Privacy and Compliance Engineering (SPACE)

How You’ll Have Impact:

This position has flexibility throughout GRC with ample opportunity to dive deeper across a wide scope of work. You will be a major contributor to Reddit’s technical control framework and operation. You will also partner with many teams to champion Reddit’s Security Privacy and Compliance Engineering (SPACE) mission.

What You’ll Do:

• Support security compliance initiatives across the organization to mature enhance and optimize our controls in partnership with SPACE team members and cross functional stakeholders

• Monitor and mature Reddit’s tech control framework to support compliance with industry standards such as SOC 2 SOX and ISO 27001

• Design and build continuous control monitoring tooling and scripts to mature control execution and reporting

• Develop detailed technical recommendations for controls definition implementation and assessment in partnership with Security and Engineering teams

• Collaborate with teams across the organization to identify security and privacy risk mitigation needs

• Partner with Security Privacy and Engineering teams to implement technical controls.

• Maintain compliance documentation including audit evidence and controls.

Role Requirements:

• Expertise in various compliance frameworks such as SOC 2 ISO 27001 SOX ITGC Controls NIST

• Expertise with designing and implementing continuous control monitoring activities leveraging GRC solutions through Go/Python/NodeJS/unix shell (bash zsh) practical scripting and/or data analysis tools

• Knowledge of API and data querying

• 3+ years of experience with GRC tooling configuration

• 3+ years working in Security governance risk and compliance roles. Relevant certifications are a plus.

• Support a collaborative performance-driven culture that builds bridges with other functional groups across the enterprise and maintains positive working relationships

• Experience executing compliance initiatives for cloud platforms and interacting with engineering teams to implement controls

• Human not reliant on ChatGPT to communicate effectively with business representatives explaining GRC topics (ELI5)

Benefits:

• Comprehensive Healthcare Benefits

• 401k Matching

• Workspace benefits for your home office

• Personal & Professional development funds

• Family Planning Support

• Flexible Vacation (please use them!) & Reddit Global Wellness Days

• 4+ months paid Parental Leave

• Paid Volunteer time off