Senior Security Compliance Engineer, Apple Services Engineering (ASE)

About The Position

Requirements

• Experience leading and managing SOX programs at scale, preferably in Big 4 or large enterprise environments 10+ years of experience evaluating product and infrastructure security risks, and providing strategic recommendations for effective mitigation
• 10+ years of security compliance framework experience
• Expertise with security standards such as SOX, PCI-DSS, ISO27K, SOC 1/2 or NIST (some combination of these is ideal)
• Understanding of one or more of the following technologies/focus areas are ideal - cloud, open sourced distributed systems, security
• Bachelor's Degree or equivalent experience

Nice To Haves

• Current CPA. CISA, CISSP, CISM, CIPT or other related certifications
• Experience with standards research and contributing to policy reform
• Experience with light scripting preferred
• Demonstrated track record of dealing with ambiguity and complexity in achieving and sustaining compliance across technologies at scale

Responsibilities

• building and growing a global cloud services governance, risk management and compliance program
• ensure we meet our legal, regulatory, and third party compliance obligations while safeguarding the systems that millions of our users rely on every day
• collaborate with engineering leaders at many levels, developers, quality engineers, compliance and security teams across Apple to institute the controls vital for the program
• partner with application security, platform security, SRE, central security and compliance groups at Apple to implement controls and processes and conduct gap assessments across ASE
• responsible for supporting dozens of key, ongoing compliance projects including preparation of regulatory materials, management of documentation, creation of presentations, and coordination of cross-functional activity
• deliver executive briefings on our internal control environment