Security Risk Manager

Imagine what you could do here. At Apple, new ideas have a way of becoming great products, services, and customer experiences very quickly. Bring passion and dedication to your job and there's no telling what you could accomplish. The Security Risk Manager role is a high-impact opportunity for a passionate individual who thrives by connecting the dots between technology, security, regulations, and risk. This individual is a technical leader responsible for collaborating with other technical teams to provide and drive technical risk assessment capabilities across multiple industries, product verticals, and frameworks.

Description

The Security Risk Manager will redefine how we assess and measure security risk across Apple's products and services, particularly using more quantitative methodologies. We are seeking someone to design and implement a more data-driven approach to identifying and valuing risks, and subsequently getting them sequenced and prioritized for treatment. The individual will establish a new assessment program to identify security risks, including the measurement of implemented (or lack thereof) controls, and work with other security teams to automate analysis and identification where feasible and develop reporting for consumption by leadership and end-user engineering teams.

Minimum Qualifications

1. Experience leveraging quantitative methodologies and techniques to measure the implementation of controls, severity of risks, and prioritization of remediation activities.
2. Performing top down, bottom up, and green-field risk assessments.
3. Data analysis and reporting techniques, to both identify and report on potential areas of risk and/or the factors that contribute to severity.

Preferred Qualifications

1. Partner strategically with department heads and build functional relationships with peers to understand their processes, risks, and controls.
2. Stay abreast of the latest industry trends and events that impact the security, privacy, or regulatory environment.
3. Plan and own the design, implementation, and operation of automated and manual risk identification and assessment activities.
4. Drive technology projects that implement controls or mitigate identified issues.
5. Bachelor's degree in Computer Science or equivalent experience.