Apple PKI Compliance & Audit Program, IS&T Enterprise Systems
Santa Clara Valley (Cupertino), California, United States
The Apple PKI Compliance & Audit Program Lead is responsible for leading and executing Apple PKI’s compliance program to ensure compliance with the CA/Browser Forum Baseline Requirements, root program policies, WebTrust, and other external and internal policies. They will also lead Apple’s annual WebTrust audits. The successful candidate will have knowledge of common compliance requirements and regulatory frameworks, PKI, and a solid understanding of various technologies, information security, and risk management.
- 5 + years experience in a compliance field such as WebTrust, PCI, SOX and GDPR. Experience in CA / Browser Forum Baseline Requirements and major root store policies.
- Working knowledge of Public Key Infrastructure (PKI) is a must.
- Direct experience with internal control, risk management, IT governance and audit frameworks.
- Excellent organizational and communication skills.
- Ability to thrive in a fast-paced, multifaceted, sometimes ambiguous environment.
The Crypto Services team at Apple is responsible for protecting some of the most sensitive and critical data you can imagine. Using cryptographic keys and functions, we provide applications and services that are leveraged across many of the most business-critical functions within Apple. The Apple PKI issues certificates used across many products and services of Apple. The Apple PKI Compliance & Audit Program Lead will work closely with PKI engineers, security engineers, site reliability engineers, software engineers, and external auditors. IN THIS ROLE YOU WILL: Lead and execute Apple PKI’s compliance program Manage external audits for WebTrust and lead remediation efforts with internal teams! Perform internal risk assessments, identify gaps, and design/remediate procedures and controls to mitigate risks. Ensure the CA environment is compliant with the CP/CPS via management testing to ensure effectiveness of controls. Create and maintain detailed project tasks and communicate across multiple functional teams Lead process improvement opportunities for efficiency and automation for compliance controls and procedures! Be the domain expert for the public CA requirements, major root store policies, and internal procedures manage incident management process end-to-end with the appropriate external parties when compliance incidents occur
Education & Experience
Bachelor’s degree in Computer Science, or Management Information Systems preferred