IT Compliance Analyst

Santa Clara Valley (Cupertino), California, United States
Software and Services

Summary

Posted: Sep 6, 2019
Weekly Hours: 40
Role Number: 200062742
The people here at Apple don’t just build products — we craft the kind of wonder that’s revolutionised entire industries. It’s the diversity of those people and their ideas that supports the innovation that runs through everything we do, from amazing technology to industry-leading environmental efforts. Join Apple, and help us leave the world better than we found it. The IT Compliance Analyst will be responsible for ensuring Apple’s continued operational security and compliance for a suite enterprise application services. You have a demonstrated understanding of general IT controls and have a solid grasp of security concepts, laws, and regulatory frameworks (SOX, PCI, GAAP, etc) as well as a good understanding of various technologies, information security and risk management. You will drive and lead compliance initiatives and standards across Apple’s IS&T functional groups, including financial and business transaction applications, the Apple Online Store, Apple retail stores, and customer support systems. We’re a diverse collection of thinkers and doers, continually reimagining our products, systems, and practices to help people do what they love in new ways.

Key Qualifications

  • 5+ years experience performing information systems audits. Experience performing audits under SOX, SSAE16, WebTrust, PCI, GDPR and other standards is a plus
  • Excellent organizational and communication skills
  • Superb communication skills with an ability to convey complex concepts to all levels of personnel (staff to executive)
  • You have the ability to work independently and collaborate with multi-functional teams
  • Shown ability and dedication to work both independently and reciprocally with numerous people and parallel activities at all levels throughout the company
  • Ability to thrive in a fast-paced, dynamic, sometimes ambiguous environment
  • Sound business discernment and flexibility/adaptability to handle multiple wide-ranging matters, conflicting deadlines, and new areas of expertise as business needs change
  • Excellent problem identification, problem solving, and analytical skills
  • Ability to grasp the essence of new technical concepts and explain technical jargon in simplified terms
  • Good technical knowledge of security and privacy controls at application, servers, database and network level
  • Experience assessing security controls for various OS such as MacOS, Linux, AIX, Solaris and Windows and databases such as Oracle, Teradata and Hadoop
  • Practical knowledge with programming, scripting and query language such as Java, Perl, Python, or SQL a plus
  • CIPP, CISSP and/or CISA certifications are preferred

Description

The Compliance Analyst will help build, lead and continuously monitor the Compliance program. Assess the design of processes, testing processes and related controls, detailing exceptions, working with technology owners to identify solutions, promoting solutions to management, and leading remediation for compliance-related processes such as SOX 404, PCI, GDPR, or other state and federal regulatory and contractual requirements. Responsibilities include: -Work with various business and IT groups to understand how IT systems are used in Apple's processes and codevelop policies, processes, and controls with each group that ensure solutions not only meet compliance and security objectives but also scale with the business and improve operational efficiencies. Identify gaps and recommend solutions in the design and implementation of IT processes and controls. Perform and coordinate privacy and security audit and assessment testing as needed to meet the requirements of multiple compliance organizations. Formalize policies and procedures and educate key partners. Create and maintain detailed project tasks and communicate across multiple functional teams. Liaise with external auditors and interrupt audit requests and approach to internal management.

Education & Experience

BA/BS degree in information systems, or other degree having a focus on information systems. Equivalent work experience at a comparable (ideally technology) company, or credible consulting firm will be considered Additional requirements

Additional Requirements

  • Direct experience with internal control and IT governance and audit frameworks from multiple sources
  • Experience with IT policies, controls, test plans, and working papers that support external audits and/or management's control assertions
  • Good understanding of general IT and security controls
  • Familiarity with programming/scripting language (Bash, Perl, PHP, etc.) and database design and programming (MySQL, Oracle), with a strong desire to learn more and be hands-on
  • General knowledge of COSO, COBIT, ITIL, and NIST frameworks