Role Description We are looking for a Security GRC (Governance, Risk, and Compliance) Engineer to drive data compliance governance and audit execution. This role focuses on building practical, enforceable, and auditable controls around data access, data lifecycle, product data usage, and cross-border data flows. This is a hands-on, execution-focused role working directly with data systems and audit processes (not a policy-only role). Responsibilities - Data Compliance Governance - Support US data compliance requirements (e.g., CCPA, EO 14117) - Perform gap analysis and define remediation plans - Design and implement controls for: sensitive data classification, access governance, data lifecycle management - Build processes for data subject rights (deletion, access, portability) - Participate in product and engineering reviews (e.g., DPIA) - Support compliance for new features, data use cases, and vendor/cross-border scenarios - Compliance & Audit Execution - Support SOC 2 readiness and audit execution - Conduct access reviews, log validation, and anomaly detection - Maintain audit records and generate compliance reports - Build or improve automated evidence collection (e.g., scripting) - Work with internal teams and external auditors to provide audit evidence Qualifications - Authorized to work in the United States - Mandarin preferred for day-to-day collaboration - Bachelor’s degree or above in Computer Science, Information Security, or a related technical field - 3–5 years of experience in Security, GRC, Data Security, or Data Compliance - Hands-on experience with at least one compliance framework (e.g., SOC 2, CCPA, GDPR, 14117), beyond policy or documentation - Practical experience in data compliance governance, including: sensitive data identification and classification, access control and access governance, data lifecycle management (storage, usage, deletion, portability) - Ability to work with data systems (e.g., databases, data flows, APIs) and translate compliance requirements into technical implementations - Basic technical capability (e.g., Python, Golang, or scripting) to support audit automation, data validation, or tooling - Strong cross-functional communication skills, with the ability to work closely with engineering, product, data, and infra teams Requirements - Relevant certifications such as CISSP, CISM, or CIPP/US - Experience in SaaS / e-commerce platforms (e.g., Shopify ecosystem) or third-party integrations - Background in data governance, data platforms, or analytics - Familiarity with cross-border data transfer compliance - Understanding of web accessibility standards (e.g., WCAG, ADA) and related privacy/security considerations Benefits - Pay: $120,000.00 - $160,000.00 per year - 401(k) matching - Flexible schedule - Health insurance - Paid time off - Vision insurance

• Close collaboration with clients on the planning, implementation and operation of ISMS and compliance structures • Conducting gap analyses, deriving and prioritizing measures • Drafting and aligning policies, processes, role models, Statements of Applicability (SoA) and evidence • Preparing for and supporting internal and external audits • Translating regulatory requirements into practical operational models • Regular interaction with technical, organizational and management stakeholders

• Play a critical role in protecting systems and environments supporting Slingshot's defense and intelligence missions. • Drive security, compliance, and accreditation efforts across cleared and regulated programs. • Monitor systems for compliance with security policies, classification handling requirements, access controls, and boundary protections. • Conduct periodic security assessments, control reviews, and continuous monitoring activities. • Support incident response activities, root cause investigations, and corrective action tracking. • Coordinate vulnerability management efforts, including STIG reviews, remediation tracking, patch validation, and audit evidence collection. • Partner with Engineering teams to embed secure-by-design principles throughout system development and deployment lifecycles.

• Define and drive global product marketing strategy, including value proposition, messaging, customer benefits, and competitive differentiation • Lead global product launches, announcements, and integrated marketing campaigns • Present at customer executive briefings and industry events • Develop sales enablement materials, including playbooks, presentations, and tools • Produce corporate press materials and analyst briefing content, including press releases and industry articles • Plan, write, edit, and publish content such as eBooks, website copy, blog posts, and social media content • Engage with press, media, and industry analysts as a company spokesperson • Develop partner enablement materials including how-to guides, branding guidelines, newsletters, and portal content • Create webinar strategies and supporting materials including slides, vertical briefs (e.g., retail, healthcare, manufacturing), and partner solution briefs • Collaborate closely with Product Management on sales and partner enablement content • Lead development of sales presentations, partner materials, and executive-facing decks • Produce solution briefs, white papers, customer references, case studies, and funnel-specific content • Develop storyboards and scripts for sales, customer, partner, and corporate videos • Create differentiated messaging and visual content for events, including banners, signage, brochures, and booth materials • Enable channel partners with campaigns, collateral, and digital demand generation content (email, web, landing pages) • Support analyst relations, including submissions, surveys, reports, and white papers • Create or oversee development of graphics, icons, and infographics (a strong plus) • Manage budgets and ensure fiscal responsibility across marketing initiatives