Compliance and Privacy Engineer

Role: Compliance & Privacy Engineer

Location: Cupertino, CA (Onsite)

Duration: 11 months

About the Role

We are seeking a detail-oriented and proactive Compliance & Privacy Engineer to join our team. This role sits at the intersection of data governance, privacy engineering, and regulatory compliance. The ideal candidate will be responsible for maintaining the integrity of our centralized data registry, enforcing data classification standards, and driving execution of compliance controls across multiple audit and assessment frameworks. This is a hands-on role requiring strong organizational skills, technical aptitude, and cross-functional collaboration.

Key Responsibilities:

Data Registry & Privacy Governance:

• Metadata Management: Input, update, and validate metadata for databases and data assets within a centralized data registry, ensuring all entries are current and accurate.
• Data Classification & Tagging: Apply data tags and classifications (e.g., data type, sensitivity level, personal data indicators) in alignment with established privacy and data governance standards.
• Stakeholder Collaboration: Review database documentation and collaborate closely with data owners, engineers, and privacy stakeholders to ensure accurate and comprehensive metadata capture.
• Migration Support: Support migration activities by mapping existing metadata to new registry schemas and standards, ensuring continuity and compliance during transitions.
• Quality Assurance: Perform regular quality checks to ensure completeness, consistency, and accuracy of tagged and classified data across the registry.

Compliance Monitoring & Execution:

• Compliance Controls Execution: Monitor, track, and execute compliance controls across all audits and assessments, ensuring timely completion and adherence to regulatory requirements.
• Monthly Controls Management: Track and execute recurring monthly controls including but not limited to Splunk monitoring, GitHub access reviews, patching status verification, and baseline compliance checks.
• Tooling & Platform Monitoring: Actively monitor compliance and governance tools (e.g., Compass, Verdad, Plato) for WPC (Worldwide Privacy & Compliance) operations, flagging issues and ensuring tool health.
• Audit & Project Tracking: Monitor and track all scheduled tickets related to WPC audits and projects, ensuring milestones are met and blockers are escalated promptly.
• Vulnerability & Patch Management: Monitor and track patching cycles, aging vulnerabilities, and vulnerability reports, coordinating remediation efforts with relevant engineering teams.
• Training Compliance: Monitor and track PCI training completion across applicable teams, ensuring all personnel maintain required certifications and awareness.
• Evidence Collection: Assist in collecting, organizing, and submitting evidence required for WPC audits, including but not limited to PCI, PCI PIN, APN, SOX etc. assessments.
• Documentation & Project Management: Maintain Confluence and Quip documentation spaces to track all internal compliance projects, issues, progress, and follow-ups. Serve as a project management point of contact for internal compliance initiatives, driving accountability and visibility.
• Cloud Operations: Perform AWS routine operational tasks in support of compliance infrastructure and monitoring.

Required Qualifications:

• 10 years of experience in compliance engineering, data governance, privacy engineering, or a related discipline.
• Hands-on experience with data classification frameworks and metadata management in enterprise environments.
• Familiarity with regulatory and audit frameworks such as PCI DSS, PCI PIN, SOX etc
• Working knowledge of compliance and monitoring tools (e.g., Splunk, GitHub or similar).
• Experience with AWS cloud services and routine cloud operations.
• Strong documentation skills with proficiency in Confluence, Quip, or similar collaboration platforms.
• Excellent organizational and project management skills with the ability to track multiple workstreams simultaneously.

Preferred Qualifications:

• Bachelor's degree in Computer Science, Information Security, Data Engineering, or a related field.
• Experience with data privacy regulations (e.g., GDPR, CCPA) and privacy-by-design principles.
• Familiarity with vulnerability management tools and patching lifecycle processes.
• Relevant certifications such as CISA, CISM, CRISC, PCI QSA, CIPM/CIPP, or AWS certifications.
• Experience working in large-scale enterprise environments with complex data ecosystems.
• Strong cross-functional communication skills with the ability to engage both technical and non-technical stakeholders.

What We Value

• Attention to Detail — Precision in data tagging, metadata validation, and audit evidence collection.
• Collaboration — Ability to work across engineering, privacy, and compliance teams seamlessly.
• Accountability — Ownership of compliance timelines, controls, and project deliverables.
• Continuous Improvement — A mindset geared toward optimizing processes, tools, and documentation.