openashbyhqbvp
Compliance Engineer
TRM Labs
LocationNorth America
WorkplaceRemote
EmploymentFullTime
Posted2026-06-10T19:18:41.007+00:00
Last observed2026-06-29 00:42:41.151660
Job idbvp-trm-labs:ashbyhq:50b1091e-6697-4452-a70c-b38c400f70a4
BUILD A SAFER WORLD. TRM Labs provides AI-powered intelligence solutions that help public and private sector agencies investigate and disrupt crime. TRM's platforms enable investigators to trace illicit activity, build cases, and construct operating pictures of threat networks. Leading agencies and businesses worldwide rely on TRM to make the world safer and more secure. The Security Team is responsible for and committed to securing all things at TRM. From our customers to our code, and everything in between, the security team is involved in all aspects of the business. We are looking for a Senior Compliance Engineer to own TRM’s compliance and GRC initiatives that ensure we continue to deliver best-in-class security and trust for our customers. - The impact you will have here: - Develop scalable and sustainable processes and tools for normalized controls, collecting audit evidence, monitoring controls, and conducting gap analyses. - Manage TRM’s existing security compliance and certification lifecycle (e.g., SOC 2 Type II, ISO 27001/27701, FedRAMP, CMMC) while planning for and prioritizing future compliance needs. - Operationalize the GRC program to maintain our regulatory certifications. - Manage customer due diligence requests including developing and maintaining security collateral for customers (e.g., SIG, CAIQ). - Conduct enterprise risk assessments and manage the risk registry. - Develop a vendor risk management program. - Identify areas for improvement based on input from customers, the go-to-market teams, and overall business objectives. Anticipate customer needs with respect to compliance and due diligence. What we’re looking for: - Develop automation to programmatically implement controls validations and evidence collections. Experience with Python or other programming and scripting languages is required. - Work to align advanced technologies and Privacy by Design principles from the first stages of development and ensure that the data use meets established regulatory compliance needs. - Strong understanding of Public Sector compliance security standards including NIST 800-53, SOC 2, CMMC, ISO, CyberEssentials UK, and other common compliance frameworks. - Experience with leading a cloud-first SaaS company through the audit procesess. - Strong focus on normalizing controls across frameworks and standards, with an eye toward improving maturity, scalability, and consistency over time, while looking beyond just “checking the box”. - Privacy and GDPR experience is a plus. - Security certifications (e.g., CISSP, CISM) are a plus. Team Characteristics: - Remote first, globally distributed team - Strong ownership and accountability - Strong technical expertise, previous software development background preferred - Open, honest, and timely information sharing - Willingness to help each other succeed - Healthy debate without personal conflict - Shared problem-solving About the Team - The culture of our team is built on mutual respect, where everyone's opinion is valued and heard. - We prioritize flexibility and efficiency, always seeking smarter ways to work without compromising quality. - Transparency is at the heart of how we operate, both within the team and with the business, as we focus on clearly communicating and addressing cyber risks. - Our collaborative approach ensures that we not only mitigate these risks but also align our efforts with business goals to protect and drive success. Time Zones: - Eastern Standard Time (EST - GMT-4) - Pacific Standard Time (PST - GMT-7) - Central European Summer Time (CET - GMT+2) Learn about TRM Speed in this position: - Automate Repetitive Compliance Checks - Manually verifying compliance across systems or reviewing logs can be time-intensive. At TRM, we build custom integrations through scripts, SOAR platforms, or compliance management software (e.g. Drata) to automate routine tasks like generating compliance reports, tracking or collecting audit evidence, and monitoring control ef
This page is generated from the committed OpenOpps static snapshot. Use the source posting or apply link for the employer's current canonical posting state.