IT Security Engineer – Governance, Risk and Compliance

Summary Posted: Mar 10, 2022
Role Number:200352499

Apple’s JMET is seeking an experienced IT Security Governance, Risk and Compliance (GRC) professional to join a world-class solution engineering team. This is a technical advisory role in a dynamic and fast paced environment. The position requires a mix of information security controls, software development and IT infrastructure management expertise with hands-on experience in security compliance, risk management and audit. This role will be responsible for advising, reviewing and ensuring security controls and their efficiency in a critical DevOps environment with IT infrastructures deployed globally. JMET is a rare team passionate about security initiatives that provides critical IT solutions across most of Apple’s product lines! Our services protect the integrity of Apple proprietary info as well as our customers’ data throughout the entire product ecosystem. These solutions are applied from the manufacturing space all the way to customer facing solutions.

Key Qualifications

* Minimum 8+ years’ experience in IT Security, Risk Management, Infrastructure, Software Engineering, DevSec and Compliance functions –
* Minimum 3 years focusing on Information Security Governance, Risk and Compliance within last 5 years.
* Familiar with industry security standards e.g. NIST Cybersecurity Framework, ISO27001 ISMS, OWASP App Security Testing guidelines etc.
* Relevant Security certifications (E.g. CISSP, CISM, CRISC, CISA, ISO27001 Lead Auditor)
* Experience working in global organizations with diversified cultural, language and time zone environment
* Hands-on experience in implementing and configuring multi-vendor infrastructure security solutions (e.g. firewall, IDS/IPS, Proxy and content filtering is a plus as is Full-stack Dev experience

Description
The main responsibility for this role is to ensure adequate and effective IT security controls in a critical IT engineering environment with infrastructures deployed globally. This includes but not limited to: Advisory responsibility for IT Security GRC management and processes in multi-functional groups including Dev, SRE and infrastructure teams. Design and implement IT security controls with reference to internal and external IT Audit, IT Security Strategy, Policy and Standard requirements Design and implement quality assurance (QA) measures to ensure control efficiency. Security liaison to handle internal and external compliance/audit for the functional organizations. Respond to IT threats and vulnerabilities and work closely with Infrastructure, SRE and Dev teams to fix Infra/Application security issues. Engineer innovative processes, solutions and tooling for Cybersecurity Governance, Risk and Compliance

Education & Experience
Technical BS/MS degree or equivalent work experience

Additional Requirements