Engineering, Technology

Full Time

Austin, TX


Apply Via Email:

Posted On:



Job description

BigCommerce’s mission is to help merchants sell more at every stage of growth, from small startups, to mid-market businesses to large enterprises. We focus on being the best ecommerce platform so our customers can focus on what matters most: growing their businesses.

We are equally passionate about growing our employee’s careers and providing them an incredible experience as we rapidly expand across the globe. We are proud to have been  recognized numerous times  for our product and workplace culture. We empower our people and customers to build, innovate and grow, so together we can redefine the ecommerce industry.

Do you love challenges? Are you passionate about security and love implementing regulatory standards? Does educating and communicating the benefits of a systematic approach to security program interest you? You want to be at the edge of learning new technologies, cloud frameworks and integrations? You feel like contributing to a common goal and be part of a group of people who work together with respect, mutual support and clear strategic goals?

Then the BigCommerce Governance Risk Compliance & InfoSec team is calling your name. The number one thing our customers care about is Information Security. The person who accepts this challenge will be able to make a large impact on the maturity of our Information Security Management System. In this role, you’ll be helping guide the work to make BigCommerce a shining example of security best practices.

The work involves supporting our compliance programs, working with our teams to implement risk improvement processes and projects. BigCommerce is committed to being a leader in Information Security in the e-commerce space. Your skills and your passion for protecting data and ensuring compliance will be a large factor in BigCommerce’s future success.

**To be considered applicants must reside in the United States**

What you’ll do

  • Facilitate and coordinate SOX testing with vendors, external audit and internal stake holders.

  • Function as a representative of Information Security leading by example, being diplomatic yet firm, fair, flexible and consistent in deploying industry-standard information security best practices and applicable laws, regulations, and policies

  • Assistance in evaluating the design and operating effectiveness of the BigCommerce Integrated Secure Controls Framework (BC SCF) built from Industry Standards such as SOX, NIST Cybersecurity Framework, ISO 27001, PCI DSS around technology controls, including, but not limited to Software Development Lifecycle (SDLC), Logical Security, Data interfaces, availability/redundancy, and Cyber / Info security

  • Preparing supporting evidence, documenting test plans which clearly describes the audit procedures performed, results of testing and conclusions reached for various processes

  • Designing technology diagrams detailing the systems and their dependencies during the audit process

  • Assisting with the Department’s data collection and analytics efforts and Internal Audit report preparation

  • Assisting in the development and tracking of control recommendations for corrective action/improvement.

  • Work with Internal business units including engineering stakeholders to identify and continuously improve departmental practices

  • Operationalizing security controls into day to day operations of our engineering teams and having fun while doing it

  • Monitor and demonstrate compliance with organizational policies and practices, as evidenced by strong quality assurance results, and strong performance within standards and related metrics

  • Stay abreast of current issues and obtain continuing education and training

  • Participate in special projects and perform other duties as requested

  • Interact with internal organizations to provide effective risk and control advice, maintaining active communication to enhance risk and control awareness and manage expectations

  • Provide data analysis support for ongoing compliance monitoring

  • Maintain up-to-date knowledge about audit controls and techniques

  • Utilize innovative ideas and tools to enhance operational effectiveness

  • Evaluate and recommend improvements to business practices, processes, and controls

Who You Are

  • SOX compliance and audit experience

  • Bachelor's degree in engineering, business analysis, computer engineering or relevant is a plus

  • 5-7 years of relevant experience in a Governance, Risk, and Compliance (GRC)

  • Direct experience with audit and compliance frameworks, e.g., SOX,SOC1, SOC2, ISO 27001, 2007:2017, PCI, etc.

  • Experience with auditors and the evidence collection process

  • Experience with translating business requirements into project implementation plans and validation, including user acceptance testing

  • Knowledge of engineering cybersecurity principles and common cybersecurity frameworks (Security assessments, risk management, asset security, firewall/hardware, disaster recovery)

  • Passion about process improvement and removing friction from systems

  • Experience in building relationships across business functions, locations, and technical stakeholders

  • Self-direction, attention to detail with a passion to solve practical problems while dealing with a number of variables

  • Ability to present ideas/solutions and communicate clearly, concisely, professionally, and accurately with others at all levels of the organization

  • Experience in reading the culture of a company, adjusting your style and adapting as needed

  • Collaborative, upbeat work ethic where you both take ownership and have fun

  • Able to meet deliverables and drive your work to completion within specified timelines

  • Great verbal and written communication skills

Preferred Qualifications

  • Audit Certifications (SOX, PCI ISA and/or ISO 27001 IA/LI), CISA are a plus

  • Knowledge of network-based services, client/server applications, cloud-based and virtualized environments, mobile applications, enterprise systems and infrastructure, network architecture, and security infrastructure.

  • Background in IT hardware/software concepts and processes used within the business, covering:

  • Core security concepts

  • Cloud-based services

  • Windows and Linux operating systems

  • Open-source ecosystem (databases, applications, etc.)

  • Experience with the design and testing of IT security controls in a managed hosting and/or Software-as-a-Service environment

Working Option:

Remote Position or Hybrid: “Flexible work from home options available” for those wanting an office environment. Available in Austin, Texas and San Francisco, CA or 100% remote in the U.S.

Diversity, Equity & Inclusion at BigCommerce

Our employees make the difference. At BigCommerce, we believe that celebrating the unique histories, perspectives and abilities of every employee makes a difference for our company, our customers and our community. We are an equal opportunity employer and the inclusive atmosphere we build together will make room for every person to contribute, grow and thrive.

We will ensure that individuals with disabilities are provided 

reasonable accommodation to participate in the interview process, to perform essential job functions and to receive other benefits and privileges of employment. If you need an accommodation in order to interview at BigCommerce, please let us know during any of your interactions with our recruiting team.

Learn more about the BigCommerce team, culture and benefits at .