Supplier and Business Solutions Engineer, Information Security

Santa Clara Valley (Cupertino), California, United States
Corporate Functions


Weekly Hours: 40
Role Number:200367378
At Apple, one of our ambitions is to promote secure business—both internally and with our supplier partners. We are committed to ensuring our suppliers are meeting our security principles and expectations to promote strength in the global supply chain. The Supplier Trust program within Apple’s Information Security (AIS) organization is seeking someone who will develop innovative solutions through partnering with security, supplier, and business collaborators in order to grow and mature our third party security program.

Key Qualifications

  • 3 or more years' experience in one or more of the following areas: technical security assessments (of third-parties, or as a client-facing consultant), information security program evaluations (with an emphasis on third-party risk), information security analyst (with a focus on threats and risks to supply chain)
  • 3 or more years' experience collaborating across teams in a fast paced, multi-functional environment
  • Proven communication skills to distill sophisticated topics into succinct, clear language
  • Ability to optimally communicate the risk impact of security risks to internal business partners, including technical or non-technical audiences
  • Experience in interpreting information security KPIs and KRIs from large data sets
  • Experience in working with personnel from disparate organizational units (e.g. Legal, Procurement, Privacy)
  • Proven project management, inter-personal communication, and relationship management skills
  • Ability to focus and connect the work to team goals
  • Strong familiarity of common information security control standards (e.g. CIS Critical Security Controls)
  • Strategically partner with Business DRIs (e.g. GSMs) across Apple to onboard to Supplier Trust's program.
  • Serve as a communication liaison with Business DRIs, including process expectations, their role, and the necessity of their ownership of supplier information security risk
  • Develop and enact targeted campaigns to promote program growth, with a focus on higher risk areas (e.g. where suppliers access customer personal data)
  • Develop training and guidance materials for efficient and widespread articulation of Supplier Trust's program in partnership with the AIS SVOC team
  • Contribute to policy updates with respect to Apple Supplier Security Management


- Develop strategies to identify and communicate the supply chain risk to Apple’s business leaders using data derived from our supplier security program, technical testing, threat monitoring tooling, and industry knowledge. - Develop solutions to improve how we articulate information security risks and threats to Apple’s business leaders on a regular cadence. - Partner across Apple’s lines of business to build links between business interests and information security priorities. This includes identifying strategies for making supplier security decisions simpler for the business. - See opportunities for alignment and improvement between partner security teams in order to more optimally identify, measure, and reduce Apple’s supply chain risk. - Contribute to the development of information security risk measurement strategies that better model business risk. - Propose and implement solutions for improving our support early in the Procurement lifecycle. - Facilitate supplier-facing notifications to raise awareness of security priorities and threats facing the pertinent industries.

Education & Experience

Bachelor’s Degree or equivalent experience. Certifications from organizations such as ISC2, GIAC, or ISACA are a plus. Prior professional consulting experience in a client-facing capacity is a plus.

Additional Requirements