Principal Product Compliance Engineer

Company OverviewID.me is the next-generation digital identity wallet that simplifies how individuals securely prove their identity online. Consumers can verify their identity with ID.me once and seamlessly login across websites without having to create a new login and verify their identity again. Over 140 million users experience streamlined login and identity verification with ID.me at 20 federal agencies, 44 state government agencies, and 66 healthcare organizations. More than 600 consumer brands use ID.me to verify communities and user segments to honor service and build more authentic relationships. ID.me’s technology meets the federal standards for consumer authentication set by the Commerce Department and is approved as a NIST 800-63-3 IAL2 / AAL2 credential service provider by the Kantara Initiative. ID.me is committed to “No Identity Left Behind” to enable all people to have a secure digital identity. To learn more, visit OverviewAs we expand our reach into sectors requiring stringent regulatory adherence, we seek a seasoned Principal Product Compliance Engineer to enhance our team. This role is crucial in ensuring that our products not only meet but exceed the regulatory standards required by our clients and governing bodies.As a Principal Product Compliance Engineer, you will be a key technologist with engineering expertise and will be instrumental in embedding compliance and security into the fabric of our product development lifecycle. With a deep understanding of FedRAMP, NIST, and OWASP controls, you will support the integration of these standards into our engineering processes, ensuring that our SaaS products are secure, compliant, and trustworthy. Your expertise will not only involve technical implementations but also extend to creating comprehensive documentation and automated processes to support compliance activities.This is an onsite position in one of our hub locations (Mountain View, CA or McLean, VA).ResponsibilitiesCompliance Integration: Build control and evidence automation to lessen the compliance burden. Aid in design and implementation of FedRAMP, NIST, and OWASP controls into the product development lifecycle. Ensure that all product features meet the rigorous compliance standards necessary for highly regulated industries.Documentation: Create security and privacy control focused engineering specifications, user documentation, and other technical artifacts that convey compliant technical implementations. Ensure clarity and accessibility of documentation for both technical and non-technical stakeholders.Audit Support: Create and maintain compliance evidence for internal and external auditors. Develop processes to automate the generation of compliance evidence to streamline audit activities.Continuous Improvement: Stay abreast of developments in regulatory standards and compliance best practices. Recommend and implement improvements to reduce the cost of compliance on teams.Risk Assessment: Continuously assess risk as part of the product change management process. Prioritize and address potential compliance gaps in collaboration with risk management and security teams.Basic QualificationsBachelor of Computer Science, Bachelor of Information Security, or equivalent10+ years of experience in information security or equivalent and 5+ years of experience with delivering automation projects3-5 years of experience in creating data pipelines to automate internal compliance control measurement using system data and reports, and creating compliance dashboards to monitor implementation status.3-5 years of experience in developing custom scripts to apply logic to test whether custom conditions are met as a means to measure control design and implementation statusPreferred QualificationsThe qualifications below are ideal. We encourage candidates to apply if they satisfy some, but not all of these qualifications.Working knowledge of compliance regulations, such as NIST, GDPR, and other federal and commercial regulations and compliance programsExperience running program and project management initiatives (e.g. organization-wide initiatives, large scale integration management)Expertise in software development or security engineering with strong skills in at least one programming language.Experience communicating complex concepts and developing communications for a wide variety of both technical and non-technical audiencesExperience influencing the design of new product and updated products and features to represent security interests and outcomesDemonstrated success collaborating with cross-functional teams to drive resultsDemonstrated experience orienting towards solutions in the context of competing perspectivesCapability to analyze software development processes, identify compliance risks, and propose practical solutions to mitigate these risks while ensuring business objectives are metExperience conducting root cause analysis, developing corrective action plans based on findings, and influencing stakeholders to adopt solutionsExperience creating compliance documentation, such as procedures, process flow diagrams, threat models, and risk assessmentsDemonstrated skills creating team-specific software development guidance to enable secure, rapid delivery of products and servicesStrong commitment to continuous learning to stay up to date on industry trends, technologies, and best practicesCISSP or equivalentStrong technical background, including experience in a variety of software development environments and methodologiesExperience architecting GRC, ticketing, or CRM toolsExperience building system and mechanisms to create a data pipeline of information used to monitor control status, and create control measurement used to verify implementation statusExperience building mechanisms to detect change conditions to enable change control processWorking knowledge of AI toolsThe annual base salary listed does not include a company bonus, incentive for sales roles, equity and benefits which will be determined based on experience, skills, education, relevant training, geographic location and role.ID.me offers comprehensive medical, dental, vision, health savings account, flexible spending accounts (medical, limited purpose, dependent care, commuter benefit accounts), basic and voluntary life and AD&D insurance, 401(k) with company match, parental leave, ability to participate in unlimited paid time off subject to the terms and conditions of the PTO policy, including 8 company wide holidays, short and long-term disability insurance, accident and critical illness insurance, referral bonus policy, employee assistance program, pet insurance, travel assistant program, wellbeing and childcare discounts, benefit advocates, and a learning and development benefit.The above represents the anticipated total rewards package for this job requisition. Final offers may vary from the amount listed based on qualifications, professional experiences, skills, education, relevant training, geographic location, and other job related factors.U.S. Pay Range$203,183 - $255,000 USDMountain View, CA Pay Range$241,098 - $278,738 USDID.me maintains a work environment free from discrimination, where employees are treated with dignity and respect. All ID.me employees share in the responsibility for fulfilling our commitment to equal employment opportunity. ID.me does not discriminate against any employee or applicant on the basis of age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. ID.me adheres to these principles in all aspects of employment, including recruitment, hiring, training, compensation, promotion, benefits, social and recreational programs, and discipline. In addition, ID.me's policy is to provide reasonable accommodation to qualified employees who have protected disabilities to the extent required by applicable laws, regulations and ordinances where a particular employee works. Upon request we will provide you with more information about such accommodations.Please review our Privacy Policy, including our CCPA policy, at id.me/privacy. If you provide ID.me with any personally identifiable information you confirm that you have read and agree to be bound by the terms and conditions set out in our Privacy Policy.ID.me participates in terested in building your career at ID.me? Get future opportunities sent straight to your email.Voluntary Self-IdentificationFor government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.As set forth in ID.me’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.Select...Disability Status Select...PUBLIC BURDEN STATEMENT: This is a condensed version of the disclosure typically shown with government self-identification forms. The supplier will provide the full form if requested. This form is voluntary and will not affect your candidacy. #J-18808-Ljbffr

Created: 2025-09-17