Senior Compliance Engineer

Summary

Join TRM's Security Team as a Senior Compliance Engineer and play a pivotal role in shaping the company's compliance and GRC initiatives. You will develop and maintain scalable compliance processes, manage the security compliance and certification lifecycle (including FedRAMP), handle customer due diligence requests, conduct risk assessments, and build a vendor risk management program. This role requires expertise in various compliance frameworks (NIST 800-53, SOC 2, CMMC, ISO, etc.) and experience with automation using Python or similar languages. TRM offers a remote-first work environment, opportunities for personal growth, and the chance to make a real-world impact. The company values a diverse and inclusive culture and provides a unique work experience with a focus on speed, ownership, and collaboration.

Requirements

• Develop automation to programmatically implement controls validations and evidence collections. Experience with Python or other programming and scripting languages is required
• Work to align advanced technologies and Privacy by Design principles from the first stages of development and ensure that the data use meets established regulatory compliance needs
• Strong understanding of Public Sector compliance security standards including NIST 800-53, SOC 2, CMMC, ISO, CyberEssentials UK, and other common compliance frameworks
• Experience with leading a cloud-first SaaS company through the FedRAMP Moderate certification process
• Strong focus on normalizing controls across frameworks and standards, with an eye toward improving maturity, scalability, and consistency over time, while looking beyond just “checking the box”

Responsibilities

• Develop scalable and sustainable processes and tools for normalized controls, collecting audit evidence, monitoring controls, and conducting gap analyses
• Manage TRM’s existing security compliance and certification lifecycle (e.g., SOC 2 Type II) while planning for and prioritizing future compliance needs
• Develop a compliance program to achieve FedRAMP certification
• Manage customer due diligence requests including developing and maintaining security collateral for customers (e.g., SIG, CAIQ)
• Conduct enterprise risk assessments and manage the risk registry
• Develop a vendor risk management program
• Identify areas for improvement based on input from customers, the go-to-market teams, and overall business objectives. Anticipate customer needs with respect to compliance and due diligence

Preferred Qualifications

• Privacy and GDPR experience is a plus
• Security certifications (e.g., CISSP, CISM) are a plus

Benefits

• Remote First: Our HQ is online. Tools like Zoom and Slack ensure seamless collaboration, but we also value in-person interactions, organizing regular meetups and offsites for team bonding
• Purpose and Mission: Have a real-world impact, from disrupting terrorist networks to returning stolen funds
• Inspiring Colleagues: Collaborate with industry leaders and learn something new daily
• Personal Growth: We're not just using technology; we're inventing it and taking category-defining products to market
• Annual Company Offsite : Once a year, TRMers come together from around the world to attend a 1-week mandatory company offsite. This is designed to foster in-person relationships, creativity, and strategic alignment. Employee attendance is required of all TRMers