Senior Information Security Analyst

WHO YOU'LL WORK WITH

You will be reporting to the Director of Greater China Corporate Information Security (CIS) based out of GC HQ (Shanghai, China), and will work cross-functionally within the Corporate Information Security (CIS) teams and across Nike.  You will regularly meet with local and global Nike business and technology teams.

WHO WE ARE LOOKING FOR

We're looking for a Senior Information Security Analyst. This role on the Governance, Risk, Compliance, & Engagement team will include leveraging knowledge of security policies, standards, controls, and industry best practices to consult with partners across all of Nike Inc. The individual will play a critical role in ensuring that GRC functions are incorporated into key security services and program while validating risk mitigation functions within NIKE Inc. are functioning correctly.

• Bachelor's Degree in relevant field and minimum of 3 years relevant IT experience
• Certifications such as CISA, CRISC, and CISSP preferred
• Experience in a variety of information technology disciplines strongly desired
• Experience with local Cyber Security Regulations (PIPL, MLPS, DSL, etc.) strongly desired
• Former system administration experience, IT audit, or risk advisory experience desired
• Excellent analytical and problem-solving skills and strong attention to detail
• Demonstrated ability to think logically and strategically about technical solutions that are efficient, scalable, and re-usable
• Excellent collaboration skills and a drive to work as part of a cohesive team and partner to other teams within Nike, Inc. both at WHQ and globally
• Demonstrated ability to successfully navigate a highly-matrixed, ambiguous environment
• Exceptional communication skills, including the ability to gather relevant data and information, actively listen, verbalize ideas effectively, successfully negotiate tense situations, and manage and resolve conflict
• Demonstrated expertise of building a consensus across business and technology partners
• Passion for the Nike brand and for an innovative, Just Do It work environment
• Security certifications preferred but equivalent knowledge will be considered.
  • Certified Information Security Professional (CISSP)
  • Global Information Assurance Certification (GIAC)

WHAT YOU'LL WORK ON

If this, is you, you'll be working with the Governance team and performing these key tasks:

• Assess current platforms against Nike security and configuration standards
• Perform risk assessments in alignment with Nike methodologies and provide timely feedback to stakeholders
• Manage and prioritize the risk exception queue, distributing workload to other risk analysts
• Evaluate and process exceptions to information security policies and standards
• Identify, document and elevate visibility of information risk, where business direction creates potential for exposure to employee, athlete and product sensitive data streams.
• Interface with key security architects and engineers to ensure expectations and remediation activities are aligned to best practices
• Ability to quickly identify risks that require escalation to higher levels of leadership
• Ability to operate independently and show measurable progress daily
• Stay current on information technologies, trends, standards, and best practices
• Ability to obtain a deep level of technical and process knowledge across multiple security and IT domains in a short amount of time
• Create a subscription to the information risk assessment process through pro-active partnerships and collaboration with internal business partners.
• Become an advocate of NIKE Information security procedures, policies, and processes, and standards as a mechanism to enable the business effectively while managing risk appropriately.
• Provide enforcement of security policies, standards, and procedures by working cross functionally with Compliance and Governance functions within the Corporate Information Security organization.
• Stay current on information security technologies, trends, standards, and best practice