TRM Labs provides blockchain analytics and AI solutions to help law enforcement and national security agencies, financial institutions, and cryptocurrency businesses detect, investigate, and disrupt crypto-related fraud and financial crime. TRM’s blockchain intelligence and AI platforms include solutions to trace the source and destination of funds, identify illicit activity, build cases, and construct an operating picture of threats. TRM is trusted by leading agencies and businesses worldwide who rely on TRM to enable a safer, more secure world for all.
The Security Team is responsible for and committed to securing all things at TRM. From our customers to our code, and everything in between, the security team is involved in all aspects of the business. We are looking for a Senior Compliance Engineer to own TRM’s compliance and GRC initiatives that ensure we continue to deliver best-in-class security and trust for our customers.
The impact you will have here:
- Develop scalable and sustainable processes and tools for normalized controls, collecting audit evidence, monitoring controls, and conducting gap analyses.
- Manage TRM’s existing security compliance and certification lifecycle (e.g., SOC 2 Type II, ISO 27001/27701, FedRAMP, CMMC) while planning for and prioritizing future compliance needs.
- Operationalize the GRC program to maintain our regulatory certifications.
- Manage customer due diligence requests including developing and maintaining security collateral for customers (e.g., SIG, CAIQ).
- Conduct enterprise risk assessments and manage the risk registry.
- Develop a vendor risk management program.
- Identify areas for improvement based on input from customers, the go-to-market teams, and overall business objectives. Anticipate customer needs with respect to compliance and due diligence.
What we’re looking for:
- Develop automation to programmatically implement controls validations and evidence collections. Experience with Python or other programming and scripting languages is required.
- Work to align advanced technologies and Privacy by Design principles from the first stages of development and ensure that the data use meets established regulatory compliance needs.
- Strong understanding of Public Sector compliance security standards including NIST 800-53, SOC 2, CMMC, ISO, CyberEssentials UK, and other common compliance frameworks.
- Experience with leading a cloud-first SaaS company through the audit procesess.
- Strong focus on normalizing controls across frameworks and standards, with an eye toward improving maturity, scalability, and consistency over time, while looking beyond just “checking the box”.
- Privacy and GDPR experience is a plus.
- Security certifications (e.g., CISSP, CISM) are a plus.
Team Characteristics:
- Remote first, globally distributed team
- Strong ownership and accountability
- Strong technical expertise, previous software development background preferred
- Open, honest, and timely information sharing
- Willingness to help each other succeed
- Healthy debate without personal conflict
- Shared problem-solving
About the Team
- The culture of our team is built on mutual respect, where everyone's opinion is valued and heard.
- We prioritize flexibility and efficiency, always seeking smarter ways to work without compromising quality.
- Transparency is at the heart of how we operate, both within the team and with the business, as we focus on clearly communicating and addressing cyber risks.
- Our collaborative approach ensures that we not only mitigate these risks but also align our efforts with business goals to protect and drive success.
Time Zones:
- Eastern Standard Time (EST - GMT-4)
- Pacific Standard Time (PST - GMT-7)
- Central European Summer Time (CET - GMT+2)
Learn about TRM Speed in this position:
- Automate Repetitive Compliance Checks - Manually verifying compliance across systems or reviewing logs can be time-intensive. At TRM, we build custom integrations through scripts, SOAR platforms, or compliance management software (e.g. Drata) to automate routine tasks like generating compliance reports, tracking or collecting audit evidence, and monitoring control effectiveness.
- Build and leverage APIs for Cross-System Data Integration - Gathering compliance data from multiple systems can lead to delays and data silos. At TRM, we build and leverage automation and API's to pull real-time compliance data from critical systems into a centralized GRC tool or dashboard.
- Shift Left in Compliance - Detecting non-compliance late in a project lifecycle often requires rework and delays. At TRM, we embed compliance checks early in the development lifecycle. We integrate security and compliance standards directly into CI/CD pipelines to flag issues before they reach production.
The following represents the expected range of compensation for this role:
- The estimated base salary range for this role is $200,000-$220,000.
- Additionally, this role may be eligible to participate in TRM’s equity plan.
- Please note – we factor in the different costs for geographies outside the United States.
We are building a safer world. That promise shows up in how we work every day.
TRM runs fast. Really fast. We’re a high‑velocity, high‑ownership team that expects clarity, follow‑through, and impact. People who thrive here are energized by hard problems, experimentation, and direct feedback. If something takes months elsewhere, it often ships here in days.
That pace isn’t for everyone. If you are optimizing primarily for consistent work-life balance, use the interview process to pressure-test fit. We want teammates who thrive here, not just survive here.
AI Fluency at TRMAI fluency is a baseline expectation at TRM.
We believe AI meaningfully changes how top performers operate. We expect every team member to use AI to accelerate and reimagine their craft, not just automate surface tasks.
At TRM, AI fluency means you are among the top 10 percent of operators in your function in how you apply AI to:
- Accelerate repeatable workflows
- Structure and solve problems
- Improve output quality
- Increase speed and leverage
You will be evaluated on applied AI fluency during the interview process.
Leadership PrinciplesWe hire and grow against three leadership principles. They’re the standards for how we operate, treat each other, and make decisions.
- Impact-Oriented Trailblazer: We put customers first and move with speed, focus, and adaptability. We treat every plan like an experiment – test, ship, measure, and iterate quickly.
- Master Craftsperson: We care deeply about our craft. We balance speed with high standards, own outcomes end‑to‑end, and invest in getting better everyday.
- Inspiring Colleague: We add clarity and energy, not noise. We bring humility, candor, and a one‑team mindset — giving and receiving feedback to make the team stronger.
Learn more: Interviewing at TRM: How We Hire and What Success Looks Like
The impact you will haveThis work has real stakes. Depending on your role at TRM, your week might look like:
- Driving critical investigations that can’t wait for typical business hours.
- Shipping products in days when others would schedule quarters.
- Partnering with teams across time zones to deliver insights while the story is still unfolding.
- Building new solutions from first principles when the playbook doesn’t yet exist.
- Protecting victims and customers by tracing illicit activity and disrupting criminal networks.
At TRM we care deeply about our craft. We are looking for individuals who want their work to matter, who experiment with speed and rigor, and who take pride in building a safer world for billions of people. If you’re excited by TRM’s mission but don’t check every box, we encourage you to apply — we hire for slope, judgment, and the will to learn fast.
TRM is a Series C company with $220M in total funding, backed by Blockchain Capital, Goldman Sachs, Bessemer, Y Combinator, Thoma Bravo, and others. Headquartered in San Francisco, TRM operates as a distributed-first company with hubs in Los Angeles, San Francisco, New York, Washington D.C., London, and Singapore.
Recruitment agenciesTRM Labs does not accept unsolicited agency resumes. Please do not forward resumes to TRM employees. TRM Labs is not responsible for any fees related to unsolicited resumes and will not pay fees to any third-party agency or company without a signed agreement.
Privacy Policy and Additional InformationBy submitting your application, you are agreeing to allow TRM to process your personal information in accordance with the TRM Privacy Policy.
Our typical hiring cycles for specialized roles span 24 to 36 months. Accordingly, we retain your personal information for up to 36 months to evaluate your application and to consider you for current and future employment opportunities, unless you request earlier deletion or a different retention period is required or permitted by law.
To notify TRM Labs that you believe this job posting is non-compliant, please submit a report through this form. No response will be provided to inquiries unrelated to job posting compliance.
We are committed to providing reasonable accommodations to applicants with disabilities, and requests can be made via this form.
Learn More: Company Values | Interviewing | FAQs
Top Skills
Similar Jobs
What you need to know about the Colorado Tech Scene
Key Facts About Colorado Tech
- Number of Tech Workers: 260,000; 8.5% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Lockheed Martin, Century Link, Comcast, BAE Systems, Level 3
- Key Industries: Software, artificial intelligence, aerospace, e-commerce, fintech, healthtech
- Funding Landscape: $4.9 billion in VC funding in 2024 (Pitchbook)
- Notable Investors: Access Venture Partners, Ridgeline Ventures, Techstars, Blackhorn Ventures
- Research Centers and Universities: Colorado School of Mines, University of Colorado Boulder, University of Denver, Colorado State University, Mesa Laboratory, Space Science Institute, National Center for Atmospheric Research, National Renewable Energy Laboratory, Gottlieb Institute
