Privacy and Compliance Specialist

Santa Clara Valley (Cupertino), California, United States
Software and Services

Summary

Posted: Aug 3, 2018
Role Number: 114097993
The Privacy and Compliance Specialist will be responsible for supporting the implementation and administration of Apple’s privacy program within the Information Systems and Technology (IS&T) department. The successful candidate will have knowledge of common privacy practices, laws, and regulatory frameworks (GDPR, PCI, GAAP, etc) as well as a solid understanding of various technologies, information security and risk management. Apple’s Information Systems and Technology (IS&T) department is seeking a hands-on IT professional to manage and support our IT governance and compliance processes. Our group drives compliance and privacy initiatives and standards across Apple’s IS&T functional groups, including financial and business transaction applications, the Apple Online Store, Apple retail stores, and customer support systems.

Key Qualifications

  • 5+ years’ experience performing information systems audits. Experience performing audits under SOX, SSAE16, WebTrust, PCI, HIPAA, GDPR and other standards is a plus
  • Excellent organizational and communication skills
  • Exceptional written and verbal skills
  • Proven ability and commitment to work both independently and collaboratively with numerous people at all levels throughout the company
  • Ability to track and manage numerous parallel activities
  • Ability to thrive in a fast-paced, dynamic, sometimes ambiguous environment
  • Sound business judgement and flexibility/adaptability to manage multiple wide-ranging matters, conflicting deadlines, and new areas of expertise as business needs change
  • Excellent problem identification, problem solving, and analytical skills
  • Ability to grasp the essence of new technical concepts and explain technical jargon in simplified terms
  • Strong technical knowledge of security and privacy controls at application, servers, database and network level
  • Experience assessing security controls for various OS such as MacOS, Linux, AIX, Solaris and Windows and databases such as Oracle, Teradata and Hadoop
  • Experience with programming, scripting and query language such as Java, perl, python, or SQL is a plus
  • Candidates possessing CIPP, CISSP and/or CISA certifications are preferred

Description

The Privacy and Compliance Specialist will be responsible for identifying privacy risks, assessing the design of processes, testing processes and related controls, detailing exceptions, working with technology owners to identify solutions, promoting solutions to management, and overseeing remediation for compliance-related processes such as SOX 404, PCI, GDPR, or other state and federal regulatory and contractual requirements. Responsibilities include: Work with various business and IT groups to understand how IT systems are used in Apple's processes and co-develop policies, processes, and controls with each group that ensure solutions not only meet compliance and security objectives but also scale with the business and improve operational efficiencies identify gaps in the design and implementation of IT processes and controls Perform and coordinate privacy and security audit and assessment testing as needed to meet the requirements of multiple compliance organizations-Direct experience with internal control and IT governance and audit frameworks from multiple sources Experience with IT policies, controls, test plans, and working papers that support external audits and/or management's control assertions Strong understanding of general IT and security controls Familiarity with programming/scripting language (Bash, Perl, PHP, etc.) and database design and programming (MySQL, Oracle), with a strong desire to learn more and be hands-on General knowledge of COSO, COBIT, ITIL, and NIST frameworks identify and recommend solutions for compliance gaps Develop and maintain automated audit and testing tools Create and maintain detailed project tasks and communicate across multiple functional teams Liaise with external auditors and interrupt audit requests and approach to internal management

Education & Experience

BA/BS degree in information systems, or other degree having a focus on information systems. Equivalent work experience at a comparable (ideally technology) company, or top-tier consulting firm will be considered Additional requirements

Additional Requirements

  • Direct experience with internal control and IT governance and audit frameworks from multiple sources
  • Experience with IT policies, controls, test plans, and working papers that support external audits and/or management's control assertions
  • Strong understanding of general IT and security controls
  • Familiarity with programming/scripting language (Bash, Perl, PHP, etc.) and database design and programming (MySQL, Oracle), with a strong desire to learn more and be hands-on
  • General knowledge of COSO, COBIT, ITIL, and NIST frameworks