Principal Product Compliance Engineer

Company Overview

ID.me is the next-generation digital identity wallet that simplifies how individuals securely prove their identity online. Consumers can verify their identity with ID.me once and seamlessly login across websites without having to create a new login and verify their identity again. Over 140 million users experience streamlined login and identity verification with ID.me at 20 federal agencies, 44 state government agencies, and 66 healthcare organizations. More than 600 consumer brands use ID.me to verify communities and user segments to honor service and build more authentic relationships. ID.me’s technology meets the federal standards for consumer authentication set by the Commerce Department and is approved as a NIST 800-63-3 IAL2 / AAL2 credential service provider by the Kantara Initiative. ID.me is committed to “No Identity Left Behind” to enable all people to have a secure digital identity. To learn more, visit https://network.id.me/.

Role Overview

As we expand our reach into sectors requiring stringent regulatory adherence, we seek a seasoned Principal Product Compliance Engineer to enhance our team. This role is crucial in ensuring that our products not only meet but exceed the regulatory standards required by our clients and governing bodies.

As a Principal Product Compliance Engineer, you will be a key technologist with engineering expertise and will be instrumental in embedding compliance and security into the fabric of our product development lifecycle. With a deep understanding of FedRAMP, NIST, and OWASP controls, you will support the integration of these standards into our engineering processes, ensuring that our SaaS products are secure, compliant, and trustworthy. Your expertise will not only involve technical implementations but also extend to creating comprehensive documentation and automated processes to support compliance activities.

Candidates must be located in the continental U.S. and available to work on site in McLean, VA or Mountain View, CA.

Responsibilities 

• Compliance Integration: Build control and evidence automation to lessen the compliance burden. Aid in design and implementation of FedRAMP, NIST, and OWASP controls into the product development lifecycle. Ensure that all product features meet the rigorous compliance standards necessary for highly regulated industries.
• Documentation: Create security and privacy control focused engineering specifications, user documentation, and other technical artifacts that convey compliant technical implementations. Ensure clarity and accessibility of documentation for both technical and non-technical stakeholders. 
• Audit Support: Create and maintain compliance evidence for internal and external auditors. Develop processes to automate the generation of compliance evidence to streamline audit activities.
• Continuous Improvement: Stay abreast of developments in regulatory standards and compliance best practices. Recommend and implement improvements to reduce the cost of compliance on teams.
• Risk Assessment: Continuously assess risk as part of the product change management process. Prioritize and address potential compliance gaps in collaboration with risk management and security teams.

Basic Qualifications

• Bachelor of Computer Science, Bachelors of Information Security, or equivalent
• 10+ years of experience in information security or equivalent and 5+ years of experience with delivering automation projects 
• 3-5 years of experience in creating data pipelines to automate internal compliance control measurement using system data and reports, and creating compliance dashboards to monitor implementation status.
• 3-5 years of experience in developing custom scripts to apply logic to test whether custom conditions are met as a means to measure control design and implementation status

Preferred Qualifications

The qualifications below are ideal. We encourage candidates to apply if they satisfy some, but not all of these qualifications.

• Working knowledge of compliance regulations, such as NIST, GDPR, and other federal and commercial regulations and compliance programs
• Experience running program and project management initiatives (e.g. organization-wide initiatives, large scale integration management)
• Expertise in software development or security engineering with strong skills in at least one programming language.
• Experience communicating complex concepts and developing communications for a wide variety of both technical and non-technical audiences
• Experience influencing the design of new product and updated products and features to represent security interests and outcomes
• Demonstrated success collaborating with cross-functional teams to drive results
• Demonstrated experience orienting towards solutions in the context of competing perspectives
• Capability to analyze software development processes, identify compliance risks, and propose practical solutions to mitigate these risks while ensuring business objectives are met  
• Experience conducting root cause analysis, developing corrective action plans based on findings, and influencing stakeholders to adopt solutions
• Experience creating compliance documentation, such as procedures, process flow diagrams, threat models, and risk assessments
• Demonstrated skills creating team-specific software development guidance to enable secure, rapid delivery of products and services
• Strong commitment to continuous learning to stay up to date on industry trends, technologies, and best practices
• CISSP or equivalent
• Strong technical background, including experience in a variety of software development environments and methodologies
• Experience architecting GRC, ticketing, or CRM tools
• Experience building system and mechanisms to create a data pipeline of information used to monitor control status, and create control measurement used to verify implementation status
• Experience building mechanisms to detect change conditions to enable change control process
• Working knowledge of AI tools
  
  #LI-JS1

The annual base salary listed does not include a company bonus, incentive for sales roles, equity and benefits which will be determined based on experience, skills, education, relevant training, geographic location and role. 

ID.me offers comprehensive medical, dental, vision, health savings account, flexible spending accounts (medical, limited purpose, dependent care, commuter benefit accounts), basic and voluntary life and AD&D insurance, 401(k) with company match, parental leave, ability to participate in unlimited paid time off subject to the terms and conditions of the PTO policy, including 8 company wide holidays, short and long-term disability insurance, accident and critical illness insurance, referral bonus policy, employee assistance program, pet insurance, travel assistant program, wellbeing and childcare discounts, benefit advocates, and a learning and development benefit.

The above represents the anticipated total rewards package for this job requisition. Final offers may vary from the amount listed based on qualifications, professional experiences, skills, education, relevant training, geographic location, and other job related factors.

U.S. Pay Range$203,183—$255,000 USDMountain View, CA Pay Range$241,098—$278,738 USD

ID.me maintains a work environment free from discrimination, where employees are treated with dignity and respect. All ID.me employees share in the responsibility for fulfilling our commitment to equal employment opportunity. ID.me does not discriminate against any employee or applicant on the basis of age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. ID.me adheres to these principles in all aspects of employment, including recruitment, hiring, training, compensation, promotion, benefits, social and recreational programs, and discipline. In addition, ID.me's policy is to provide reasonable accommodation to qualified employees who have protected disabilities to the extent required by applicable laws, regulations and ordinances where a particular employee works. Upon request we will provide you with more information about such accommodations.

Please review our Privacy Policy, including our CCPA policy, at id.me/privacy. If you provide ID.me with any personally identifiable information you confirm that you have read and agree to be bound by the terms and conditions set out in our Privacy Policy.

ID.me participates in E-Verify.