Demo

Compliance Engineer - Security Risk Management

Costco
Issaquah, WA Full Time
POSTED ON 6/3/2026
AVAILABLE BEFORE 8/3/2026

Costco IT is responsible for the technical future of Costco Wholesale, the third largest retailer in the world with wholesale operations in fourteen countries. Despite our size and explosive international expansion, we continue to provide a family, employee centric atmosphere in which our employees thrive and succeed.

This is an environment unlike anything in the high-tech world and the secret of Costco’s success is its culture. The value Costco puts on its employees is well documented in articles from a variety of publishers including Bloomberg and Forbes. Our employees and our members come FIRST.  Costco is well known for its generosity and community service and has won many awards for its philanthropy. The company joins with its employees to take an active role in volunteering by sponsoring many opportunities to help others. 

Come join the Costco Wholesale IT family. Costco IT is a dynamic, fast-paced environment, working through exciting transformation efforts. We are building the next generation retail environment where you will be surrounded by dedicated and highly professional employees.

Compliance Engineers support the overarching values and business goals of Costco as they relate to meeting legal and regulatory obligations, identifying technical risks to the business, protecting member data and privacy, and ensuring continued compliance with Costco’s policies. Compliance Engineers work cross functionally to define and set guidance in response to emerging standards and legislations, ensure policies and procedures are implemented and well documented, perform technical architecture, network and system reviews, ensure compliance requirements and controls are designed and implemented prior to go-live and identify compliance problems that require formal attention. Compliance Engineers speak both technical and business language interchangeably to effectively communicate and lead. 

 

Engineers have deep knowledge and hands-on experience in enterprise-wide platforms, and solve technical problems while
working on technology initiatives. Engineers have strong architectural, leadership, and technical skills. They ensure delivery of
high-quality artifacts, and adhere to and follow Costco’s SDLC. Engineers interact in a highly effective manner with other team
members and management, drive innovation, and influence delivery and performance.
 

The Compliance Engineer in  Security Risk Management is responsible for the hands-on design, execution, and continuous improvement of the security risk management program. Responsibilities include owning specific functional responsibilities that directly contribute to security risk assessment deliverables and organizational risk posture. However, the role as an engineer involves more than execution of day-to-day operations. As a subject matter expert, responsibilities would include development and execution of teams strategic vision and plan ensuring work delivers value aligned to overall information security organization’s goals and objectives.

 

We are seeking a dynamic and experienced engineer to join our Security Risk Management team. This role will be pivotal in executing our risk management strategy, including owning the identification and assessment of security risks, the design and implementation of automated risk and control assessment processes and maintaining a centralized risk register and reporting that drives organizational decisions

 

As a key individual contributor engineer will work independently and with high autonomy, driving innovation in security risk management operations. Will work closely with security teams, privacy experts, legal and other IT and business leaders to provide actionable insights and drive risk based decision making across the organization.


 

If you want to be a part of one of the worldwide BEST companies “to work for”, simply apply and let your career be reimagined.

 

ROLE

 

  • Promotes and supports a culture of compliance, risk avoidance/mitigation, and corporate accountability throughout the organization through technical leadership, knowledge of business need, development and communication of policies, procedures, and plans, and assurance of solution designs that are in compliance with architecture standards, technology guardrails, security, and operational guidelines.

  • Works well under pressure to identify and problem-solve high intensity situations with a strong sense of urgency; shows the ability to make decisions and work through ambiguity.

  • Leads/Participates in the creation, implementation, monitoring, and maintenance of Security Policies and Standards.

  • Serves as subject matter expert for enterprise security risk assessments, risk response, and risk management programs.

  • Aggregates and analyzes risk signals from vulnerability management, threat intelligence, cloud security, and other security domains to inform risk decisions and priorities.

  • Utilizes a risk-based approach to assess, prioritize, and communicate security risks across the organization.

  • Researches and monitors emerging risks associated with new technologies such as Artificial Intelligence (AI), implementations, and configurations, applying industry best practices to reduce organizational exposure.

  • Identifies attack surface reduction opportunities through analysis of risk and environment data across the enterprise.

  • Works analytically to solve both tactical and strategic risk problems, balancing short-term response with long-term program maturity.

  • Translates business and compliance requirements into technical risk specifications and partners with security teams to ensure appropriate controls are in place.

  • Understands regulatory and compliance requirements that impact security and collaborates with business and project teams to develop risk-appropriate solutions, including supporting audit activities.

  • Collaborates with Compliance, Internal Audit, and Business teams to identify, analyze, and communicate risk within their operational context.

  • Assumes a leadership role in advocating for adherence to security controls that protect corporate applications and environments.

  • Leads efforts to mature the organization's risk management program, partnering cross-functionally with Vulnerability Management, AppSec, Cloud Security, and other security domains.

  • Influences and drives adoption of security risk best practices and quality standards across the division without direct ownership of execution.

  • Presents risk posture, technical findings, and recommendations to executives, management, and cross-functional audiences to build consensus and drive decisions.

  • Leverages AI-powered tools to enhance risk identification, prioritization, and reporting workflows, identifying opportunities to responsibly automate risk processes.

  • Automates, documents, educates, and delegates risk processes to improve efficiency and scalability across the team.

  • Participates in and oversees the collection and aggregation of risk data from a wide variety of sources and formats to assess relevance to the environment.

  • Contributes as an active member of the InfoSec and Compliance team, participating in planning, skills development, and initiatives that improve team communication and quality of work.

  • Maintains current knowledge of industry trends, frameworks, and standards; proactively pursues professional growth in technology, business acumen, and organizational platforms and policies.

  • This is a full-time  position (45 hours per week).

 

REQUIRED

  • 8 -12 years of directly related experience. 

  • Strong understanding of Information Security and Security Governance, Risk and Compliance frameworks, methodologies, and practices.

  • Technical security and architecture knowledge with the ability to recognize, analyze and troubleshoot issues, and articulate those to both technical and non-technical audiences

  • Strong leadership and team management skills, with a demonstrated ability to lead cross-functional teams and drive organizational change

  • Superb communication and relationships skills, especially the ability to understand and articulate advanced technical topics to non-technical audiences and build consensus among partners and leadership.

  • HIPAA Training and Supervisors Orientation (within 30 days of hire); Leadership Development 101 (within one year); Costco Pay Policies (within 90 days of promotion).

Recommended

  • Bachelor’s degree in Information Technology, Artificial Intelligence, Cybersecurity, Risk Management, or related field.

  • Relevant certifications such as CISSP, CISM, or CRISC. 

  • Proficient in Google Workspace applications, including Sheets, Docs, Slides, and Gmail.

Required Documents

●      Cover Letter

●      Resume

 

California applicants, please click here to review the Costco Applicant Privacy Notice.

 

 

Pay Ranges: 

Level SR  - $150,000 - $190,000

Level Staff  - $180,000 - $225,000 

 

We offer a comprehensive package of benefits including paid time off, health benefits - medical/dental/vision/hearing aid/pharmacy/behavioral health/employee assistance, health care reimbursement account, dependent care assistance plan, short-term disability and long-term disability insurance, AD&D insurance, life insurance, 401(k), stock purchase plan to eligible employees.

Costco is committed to a diverse and inclusive workplace. Costco is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or any other legally protected status. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to IT-Recruiting@costco.com

If hired, you will be required to provide proof of authorization to work in the United States.

Salary : $150,000 - $190,000

If your compensation planning software is too rigid to deploy winning incentive strategies, it’s time to find an adaptable solution. Compensation Planning
Enhance your organization's compensation strategy with salary data sets that HR and team managers can use to pay your staff right. Surveys & Data Sets

What is the career path for a Compliance Engineer - Security Risk Management?

Sign up to receive alerts about other jobs on the Compliance Engineer - Security Risk Management career path by checking the boxes next to the positions that interest you.
Income Estimation: 
$85,996 - $102,718
Income Estimation: 
$111,859 - $131,446
Income Estimation: 
$110,457 - $133,106
Income Estimation: 
$105,809 - $128,724
Income Estimation: 
$122,763 - $145,698
Income Estimation: 
$111,725 - $147,313
Income Estimation: 
$139,945 - $168,577
Income Estimation: 
$140,233 - $181,029
Income Estimation: 
$161,209 - $233,553
Employees: Get a Salary Increase
View Core, Job Family, and Industry Job Skills and Competency Data for more than 15,000 Job Titles Skills Library

Job openings at Costco

  • Costco Issaquah, WA
  • Costco Travel IT is responsible for the technical future of Costco Wholesale , the third largest retailer in the world with wholesale operations in fourtee... more
  • 8 Days Ago

  • Costco Issaquah, WA
  • Costco IT is responsible for the technical future of Costco Wholesale, the third largest retailer in the world with wholesale operations in fourteen countr... more
  • 8 Days Ago

  • Costco Issaquah, WA
  • Costco IT is responsible for the technical future of Costco Wholesale, the third largest retailer in the world with wholesale operations in fourteen countr... more
  • 11 Days Ago

  • Costco Issaquah, WA
  • Costco IT is responsible for the technical future of Costco Wholesale , the third largest retailer in the world with wholesale operations in fourteen count... more
  • 12 Days Ago


Not the job you're looking for? Here are some other Compliance Engineer - Security Risk Management jobs in the Issaquah, WA area that may be a better fit.

  • seisandbox Seattle, WA
  • WHO WE LOOK FOR An SEI-er is a master communicator and active listener who understands how to navigate an audience. Self-aware, almost to a fault, SEI-ers ... more
  • 2 Months Ago

  • AWS Security Assurance Services LLC Seattle, WA
  • DESCRIPTION Lead threat modeling, security design reviews, and architecture reviews for customer engagements; identify and mitigate risks across systems an... more
  • 1 Month Ago

AI Assistant is available now!

Feel free to start your new journey!