Apple’s Information Systems and Technology department is seeking an exceptional compliance analyst with a passion for technology, automation, and security, and a desire to relentlessly champion leading practices in a high-volume, dynamic environment. This is a fantastic opportunity for the right candidate seeking to learn the inner-workings of various business lines from hardware and software to retail and e-commerce at an esteemed Fortune 100 company.
Position Description:
The Compliance Manager will coordinate the efforts of several groups to ensure compliance with PCI-DSS, SOX 404, WebTrust, and EU Safe Harbor, as well as other federal and industry requirements. These responsibilities include:
• Liaise with various business groups to understand how they use IT systems in order to assess whether systems should be included within the scope of the various compliance areas (PCI, SOX, WebTrust, Safe Harbor)
• Perform PCI risk and gap analysis testing, IT General Controls testing, and ensure quality of testing results and working paper documentation
• Identify gaps in the design and operating effectiveness of controls, and identify opportunities for more efficient and effective controls
• Lead the remediation and reengineering of key controls and application controls
• Lead the innovation and continuous improvement of IS&T’s internal control framework, including the integration of multiple compliance requirements
• Work with other IT managers and Internal Audit to develop continuous monitoring and computer assisted audit techniques
• Regularly interact with senior management and internal and external auditors to convey findings identified through walkthroughs and testing, assess the risk and impact of deficiencies, and make recommendations for remediation
• Collaborate with various groups within IS&T to improve control related processes
• Work with IT managers to develop continuous monitoring and computer assisted audit techniques
Skills and Knowledge
The successful candidate will have:
• Excellent project management, problem-solving, and conflict resolution skills.
• General knowledge of security and compliance frameworks (PCI-DSS, PA-DSS, COBIT, SysTrust, etc)
• Strong knowledge of enterprise technologies and leading practices for securing them.
• General knowledge of ERP systems (SAP preferred), databases (Oracle preferred), operating systems (*nix preferred), and network operating systems (IOS preferred), with a strong desire to learn more about these and other technologies.
• At least a basic understanding of financial processes, especially processes that relate to financial statement reporting. Previous experience in an accounting field, and/or GAAP and GAAS knowledge is a strong plus.
• Strong knowledge of scripting languages (PHP, PERL, Shell, etc.) and database design and programming (MYSQL, Oracle) a plus, and willingness to learn more and be hands-on is required
• Hands-on knowledge of audit working paper organization and preparation, including test plans, lead sheets, and supporting documentation a plus
• Knowledge and/or hands-on experience with CMDB, database auditing tools, web application firewalls, and network security tools a plus
• Strong written and verbal English communication skills and be able to communicate effectively with people at all levels
• Ability to explain technical jargon in simplified terms.
• Ability to track and manage numerous parallel activities.
• Ability to work efficiently and independently with minimal supervision (ie, self-motivated and willing to stretch to meet important deadlines)
• Ability to work in a fast-paced, dynamic environment.
• Ability to work successfully in a cross-functional team environment.
• Ability to learn new technologies quickly.
•2+ years experience performing information systems audits. Experience performing audits under SAS 70, WebTrust, PCI, and other standards is a plus.
•BA/BS degree in accounting, information systems, or other degree having a focus on information systems. Equivalent work experience highlighting IT internal controls will be considered.
•Candidates possessing CISSP, CISA, or CPA certifications are preferred. |
|