Senior Security Audit, Risk, and Compliance Engineer
Santa Clara Valley (Cupertino), California, United States
This position can be located in Santa Clara Valley (CA), San Francisco (CA), Seattle (WA), Austin (TX), or Boulder (CO). Imagine what you could do here. At Apple, new ideas have a way of becoming great products, ser- vices, and customer experiences very quickly. Bring passion and dedication to your job and there's no telling what you could accomplish! We’re a diverse collection of thinkers and doers, continually reimagining our products, systems, and practices to help people do what they love in new ways. This is a deeply reciprocal place, where everything we build is the result of people in different roles and teams working together to make each other’s ideas stronger. That same real passion for innovation that goes into our products also applies to our practices, strengthening our dedication to leave the world better than we found it.
- TECHNICAL CONTROL TESTING & AUTOMATION
- Code, build, and drive automation of controls to increase security maturity.
- Independently assess the design and effectiveness of security controls.
- RISK & GAP ASSESSMENTS
- Perform detailed diligence and investigations into Apple’s products and system architectures to identity compliance related gaps, drive implementation of technical controls, and build reporting to continually monitor control effectiveness.
- Execute periodic security risk assessments covering specific product or compliance scopes, across multiple technology platforms (e.g. Kubernetes, AWS, Linux, Oracle, Splunk) and Protocols (e.g. LDAP, SAML, TLS).
- AUDITS & REMEDIATION
- Manage external audits (and auditors) across both regulatory and strategic compliance initiatives.
- Work with cross-functional business and engineering teams to drive remediation of audit and assessment findings, by developing and proposing technical engineering requirements and solutions.
- STRATEGY & POLICY
- - Develop strategic approaches and roadmaps for maturing the compliance program — including considerations for supporting business objectives (sales and marketing), Legal/Privacy, and AIS strategic pillars.
- - Report to leadership, and obtain buy-in, on proactive compliance approaches and goals.
- - Document and build out security policies, standards, and guidelines to support engineering compliance, and implementation of security controls.
Apple is seeking a Senior Security Audit, Risk, and Compliance Engineer responsible for planning, executing, and driving technical security projects in the governance, risk, and compliance space. Apple is unique in that its lines of business span a range of industries — technology, telecom, health, payments, financial services, insurance, and more. As a result, it is encouraged to continuously research and understand the technology implications of compliance requirements and frameworks relevant to the industries in which Apple competes. Current example include: PCI DSS, SOX, HIPAA, NY DFS, ISO 27001, ISO 27018, SOC Reporting, GDPR, CVI, China Cybersecurity Laws, CCPA.
Education & Experience
- Degree in Computer Science or Information Systems, or equivalent experience. - Certifications: CISSP, CISA strongly preferred
- Scripting (Bash, Python, JS), Databases (SQL, NoSQL), Dashboarding (Splunk, Tableau, ZenGRC), and/or Protocols (LDAP, SAML, RestAPI)