Information Security Risk Management Analyst
Job Description
Summary
Apple is seeking an Information Security Risk Analyst to focus on the design and delivery of controls and processes within the AIS Foundations team. We’re a diverse collection of thinkers and doers, continually reimagining our products, systems, and practices to help people do what they love in new ways. This is a deeply reciprocal place, where everything we build is the result of people in different roles and teams working together to make each other’s ideas stronger. That same real passion for innovation that goes into our products also applies to our practices, strengthening our dedication to leave the world better than we found it.
Description
The Information Security Risk Management Analyst will serve as a technical advisor and work with application engineering, security, and cross functional compliance teams to assist them in supporting with the design and implementation of controls. The role will work cross-functionally with in-scope systems’ stakeholders to identify current control gaps, risks and identify and track associated remediation plans. The role will require the ability to identify and eliminate ambiguity in projects to ensure clarity and establish goals and expectations. The primary traits we are seeking in this role are someone who can (a) build relationships across the business, (b) solve problems/opportunities, and (c) communicate effectively with the team.
Minimum Qualifications
- Minimum Bachelor's degree. Concentration in Technology, Risk Management, Business, Finance, or a related field
- 7+ years of relevant security experience at a comparable company or consulting firm
- Familiarity with risk frameworks and applicable risk governance regulations
- Proven ability to work well on a team, as well as independently, with limited supervision
- Exceptional organizational, and communication skills incl. writing skills, handling/influencing multiple projects with varied deadlines, diverse stakeholders and changing priorities
Preferred Qualifications
- 10+ years security experience at a comparable company or consulting firm
- Familiarity with public/private/hybrid cloud concepts (GCP, AWS, Azure), IaaS, PaaS and SaaS Services (compute, storage, network, security, administration, automation, application services, databases) in either native cloud or hybrid-cloud environments
- Has an understanding of network security, encryption protocols, access control, and identity management.
- Understanding of key infrastructure including micro-services architectures, Git, code repositories, Infrastructure-as-a-code, Kubernetes, CI/CD frameworks
- Strong knowledge of, and prior experience with, common controls in: cloud platforms, systems development life cycle,computer operations, change management, networking, and security
- Risk management experience in a large organization requiring collaboration and partnership at all levels of personnel
- Knowledge of regulatory standards with a solid understanding of US technology and security requirements
