Business Assurance & Audit
Santa Clara Valley (Cupertino), California, United States
The people here at Apple don’t just build products — we craft the kind of wonder that’s revolutionized entire industries. It’s the diversity of those people and their ideas that supports the innovation that runs through everything we do, from amazing technology to industry-leading environmental efforts. Join Apple, and help us leave the world better than we found it. The Business Audit and Assurance professional will be responsible for ensuring Apple’s continued operational security and compliance for a suite enterprise application services. You have a demonstrated understanding of general IT controls and have a solid grasp of security concepts, laws, and regulatory frameworks (SOX, PCI, GAAP, etc) as well as a good understanding of various technologies, information security and risk management. You will work with other compliance teams, as well as drive and lead audits, compliance initiatives and standards across Apple. We’re practical thinkers and doers who ensure that Apple is able to meet their regulatory requirements, while still being able to deliver products, systems and practices to help people do what they love.
- 3-5 years experience performing information systems audits. Experience performing audits under SOX, SSAE16, ISO 27001, PCI, GDPR and other standards is a plus
- Big Four experience is a plus
- Detailed knowledge on security and controls implemented on a cloud platform.
- Excellent organizational and communication skills
- Superb communication skills with an ability to convey complex concepts to all levels of personnel (staff to executive)
- You have the ability to work independently and collaborate with multi-functional teams
- Shown ability and dedication to work both independently and reciprocally with numerous people and parallel activities at all levels throughout the company
- Ability to thrive in a fast-paced, dynamic, sometimes ambiguous environment
- Sound business discernment and flexibility/adaptability to handle multiple wide-ranging matters, conflicting deadlines, and new areas of expertise as business needs change
- Excellent problem identification, problem solving, and analytical skills
- Ability to grasp the essence of new technical concepts and explain technical jargon in simplified terms
- Good technical knowledge of security and privacy controls at application, servers, database and network level
- Experience assessing security controls for various technology platforms including Cloud technologies, OS, DB and Networks.
- CIPP, CISSP and/or CISA certifications is a plus
The GRC professional will help build, lead and monitor Apple’s various Compliance programs. Assess the design of processes, testing processes and related controls, detailing exceptions, working with technology owners to identify solutions, promoting solutions to management, and leading remediation for compliance-related processes such as SOX, PCI, GDPR, or other state and federal regulatory and contractual requirements. Responsibilities include: Work with various business and IT groups to understand how IT systems are used in Apple's processes and codevelop policies, processes, and controls with each group that ensure solutions not only meet compliance and security objectives but also scale with the business and improve operational efficiencies. Identify gaps and recommend solutions in the design and implementation of IT processes and controls. Perform and coordinate privacy and security audit and assessment testing as needed to meet the requirements of multiple compliance organizations. Formalize policies and procedures and educate key partners. Create and maintain detailed project tasks and communicate across multiple functional teams. Liaise with external auditors and interpret audit requests to communicate to internal management.
Education & Experience
Bachelor's degree in Business, Finance, Accounting or related field CIPP, CISSP and/or CISA certifications is a plus 3-5 years experience performing information systems audits