Overview

Build to Protect Civilization. TRM is a blockchain intelligence company focused on building a safer world. We tackle challenges including human trafficking and financial fraud, and we power governments, financial institutions, and crypto companies when the clock is running and the consequences are real. The Security Team is responsible for securing all aspects of TRM, from customers to code. We are looking for a Senior Compliance Engineer to own TRM's compliance and GRC initiatives, ensuring best-in-class security and trust for our customers.

Responsibilities

• Develop scalable and sustainable processes and tools for normalized controls, collecting audit evidence, monitoring controls, and conducting gap analyses.
• Manage TRM's existing security compliance and certification lifecycle (eg, SOC 2 Type II, ISO 27001/27701, FedRAMP, CMMC) while planning for and prioritizing future compliance needs.
• Operationalize the GRC program to maintain regulatory certifications.
• Manage customer due diligence requests, including developing and maintaining security collateral for customers (eg, SIG, CAIQ).
• Conduct enterprise risk assessments and manage the risk register.
• Develop a vendor risk management program.
• Identify areas for improvement based on input from customers, the go-to-market teams, and overall business objectives. Anticipate customer needs with respect to compliance and due diligence.

What we're looking for

• Develop automation to programmatically implement controls validations and evidence collections. Experience with Python or other programming and Scripting languages is required.
• Work to align advanced technologies and Privacy by Design principles from the first stages of development and ensure data use meets established regulatory compliance needs.
• Strong understanding of Public Sector compliance security standards including NIST 800-53, SOC 2, CMMC, ISO, CyberEssentials UK, and other common frameworks.
• Experience leading a cloud-first SaaS company through the audit processes.
• Strong focus on normalizing controls across frameworks and standards, with an eye toward improving maturity, scalability, and consistency over time.
• Privacy and GDPR experience is a plus.
• Security certifications (eg, CISSP, CISM) are a plus.

Team Characteristics

• Remote first, globally distributed team
• Strong ownership and accountability
• Strong technical expertise; previous software development background preferred
• Open, honest, and timely information sharing
• Willingness to help each other succeed
• Healthy debate without personal conflict
• Shared problem-solving

About The Team

• The culture of our team is built on mutual respect, where everyone's opinion is valued and heard.
• We prioritize flexibility and efficiency, always seeking smarter ways to work without compromising quality.
• Transparency is at the heart of how we operate, focusing on clearly communicating and addressing cyber risks.
• Our collaborative approach ensures that we not only mitigate risks but also align our efforts with business goals to protect and drive success.

Time Zones

• Eastern Standard Time (EST - GMT-4)
• Pacific Standard Time (PST - GMT-7)
• Central European Summer Time (CEST - GMT+2)

Learn about TRM Speed in this position

• Automate Repetitive Compliance Checks - Build custom integrations through scripts, SOAR platforms, or compliance management software to automate routine tasks like generating compliance reports, tracking or collecting audit evidence, and monitoring control effectiveness.
• Build and leverage APIs for Cross-System Data Integration - Pull Real Time compliance data from critical systems into a centralized GRC tool or dashboard.
• Shift Left in Compliance - Embed compliance checks early in the development lifecycle and integrate security and compliance standards into CI/CD pipelines to flag issues before production.

Compensation

• The estimated base salary range for this role is $125,000 - $142,000.
• May be eligible to participate in TRM's equity plan.
• Geographies outside the United States may have different cost considerations.

Life at TRM

We build to protect civilization. TRM runs fast, with ownership, clarity, and follow-through. We value hard problems, experimentation, and direct feedback. We hire for slope, judgment, and the will to learn fast. We coach directly, assume positive intent, and work toward protecting others through our craft.

Leadership Principles

• Impact-Oriented Trailblazer: We put customers first, driving for speed, focus, and adaptability.
• Master Craftsperson: We prioritize speed, high standards, and distributed ownership.
• Inspiring Colleague: We value humility, candor, and a one-team mindset.

What You'll Do Here

This work has teeth. Your week might include:

• Driving critical investigations that can't wait for typical business hours.
• Shipping products rapidly and partnering with teams across time zones to deliver insights while the story unfolds.
• Building new solutions from first principles when playbooks do not yet exist.
• Protecting victims and customers by tracing illicit activity and disrupting criminal networks.

Recruitment Agencies

TRM Labs does not accept unsolicited agency resumes. TRM is not responsible for fees related to unsolicited resumes without a signed agreement.

Privacy Policy

By submitting your application, you agree to TRM processing your personal information in accordance with the TRM Privacy Policy.

Learn More

Company Values | Interviewing | FAQs