Senior Staff Risk & Compliance Engineer, IT SOX

Overview

About the Role - 

Join Instacart's fast-moving Governance Risk and Compliance (GRC) team as a Senior Staff IT Risk & Compliance Engineer. In this role, you'll work on a range of challenging problems across technology risk domains, impacting Instacart's financial and retailer data integrity reporting requirements. 

This role will lead our second line of defense efforts primarily in IT SOX controls, you will enhance accuracy and reliability in reporting, supporting our mission to serve customers, partners, and stakeholders with transparency and excellence. This role exemplifies our values of "Go Far Together" and "Roll Up Your Sleeves," as you work cross-functionally to design systems that empower everyone to succeed. This role is unique in that it will drive long term efficiency and efficacy by designing and advocating for solutions within our in house built platform powering Instacart experiences and business systems.   

About the Team - 

The GRC team designs, consults, advises and advocates for risk reduction as Instacart’s second line of defense technology risk function.  We drive risk measurement, compliance certifications through collaboration with risk owners and audit assessments.  We have a comprehensive mandate for technology related risk across financial transaction and reporting systems, Information Security, Privacy and the Governance supporting these domains.

The IT SOX program is supported by control owners across our Product, Infrastructure, Security, IT, Financial Systems and People Tech teams.  We work closely with Internal Audit to evaluate controls and effectively operate our external audit programs.  

Within the GRC team we have team members focused on Data Integrity to support financial statements and leverage the tools we build to support additional customer focused Data Integrity mandates.  The team sits under our CISO organization where we maintain close collaboration with Security Engineering.  

About the Job 

• Deeply understand our business to identify emerging business risks, embed compliance processes early, create consistency in our controls approach and re-use system primitives built to help us reduce risk. Communicate effectively with your key partners at the VP, Sr. Director, and Director levels. 
• Champion effective production system design and remediation through scalable system designs that create efficient and effective control environments across a complex home grown marketplace and advertising systems.  
• Develop a cohesive view of Financial Reporting risk with first and third line of defense functions including risk analysis, controls monitoring, improved tooling and high quality reporting for various stakeholder points of view.  
• Drive a comprehensive IT SOX compliance program including planning, scoping, training, documenting processes,  gap analysis and build of process enhancements to mitigate risks and meet compliance requirements.
• Collaborate with internal and external audit teams to drive an efficient audit process with well coordinated test evidence collection across compliance mandates, communication and reporting.
• Drive GRC team strategy with teammates focused on data related risks to prioritize and sequence activities for effective risk reduction.  
• Expand our Data Integrity primitives to our Business to Business reporting risks within our advertising and marketplace products for frameworks like MRC and SOC.

About You

Minimum Qualifications

• BA/BS Degree in Computer Science, Engineering, Management Information Systems, or related technical discipline, or equivalent practical experience
• 12+ years of professional experience in Compliance Engineering, Big 4 Consulting/Auditing, GRC, Financial Systems, and/or in SOX technology industry experience
• 8+ years of experience with technology compliance in custom homegrown technology industry systems across domains such as IT Automated Controls, Access Management, Configuration Management, Change Management, Ads revenue, Information Security, etc.
• Ability to build compliance automation solutions, automated testing suites, and monitors using SQL, Python, Ruby and Terraform
• CISA, CISM, CPA, or CA certification
• Excellent communication skills (verbal and written), ability to influence without authority.
• Demonstrated teamwork and collaboration skills, in particular in leading across multiple business or product lines

Preferred Qualifications

• Experience building and implementing data reconciliation solutions for data pipelines and within datamarts (e.g., Snowflake, Databricks) for high transaction volume businesses
• Experience with SOX / internal metrics systems especially engineering / in-house systems, system flow related to internal metrics or revenue systems
• Experience with AWS and GCP environments
• Experience with CI/CD development tooling and systems