[Remote] Senior Information Security Analyst
Note: The job is a remote job and is open to candidates in USA. Nike, Inc. is a leading technology company focused on revolutionizing the future at the intersection of technology and sport. They are seeking a Senior Information Security Analyst to join the Information Risk Management team, where the role will involve conducting risk assessments and ensuring compliance with security policies across Nike's technology landscape.
Responsibilities
- Perform formal risk assessments on partner and vendor connections, evaluating vendor processes at the point of engagement with Nike
- Ensure sufficient validation of data sharing arrangements and agreements to protect Nike's sensitive information
- Confirm business objectives align with the type and volume of data used, maintaining a "need to know/use" mindset
- Review third-party SOC reports and vendor security documentation as part of assessment activities
- Help establish risk and remediation ownership for identified vendor-related risks and document findings in the Risk Register
- Assess moderately complex platforms and systems against Nike security and configuration standards
- Evaluate and process exceptions to information security policies and standards
- Perform compliance control validation testing to determine the operating effectiveness of IT controls for scoped systems
- Consult with technology units on IT general controls (ITGCs) and compliance matters
- Champion information security policies, standards, controls, and processes so compliance requirements are addressed as part of business-as-usual operations
- Identify, document, and elevate visibility to information risk where business direction creates potential exposure to employee, athlete, and product sensitive data streams
- Identify and profile Nike systems and processes that require risk assessments; scope specific assessments accordingly
- Perform detailed analysis of threats and vulnerabilities across information security domains including network security, asset security, security engineering, identity and access management, security operations, and software development security
- Review key system configurations and complex IT infrastructures (e.g., cloud services)
- Communicate effectively through risk reports, presentations, and stakeholder interactions to drive remediation of identified risks
- Support vendor risk management metrics, reporting, and master data stewardship to improve accuracy, timeliness, and completeness
- Provide analysis and insights into data supporting the effectiveness of technical and process-based cybersecurity controls
- Collaborate on process improvements for data retrieval, analysis, and risk assessment intake
- Contribute to IRM team projects and strategic initiatives as assigned, including documentation in ServiceNow (SNOW) and Box
- Support the risk analysis intake process and participate in daily standups and weekly process meetings
- Execute targeted internal and external (vendor) risk assessments in support of IRM strategy, following established team processes and enablers
- Be proactive in anticipating next steps in the risk assessment process and take action accordingly
- Collaborate with team members on assessment approach, scoping, documentation, and issue presentation activities
- Serve as an information security and CIS ambassador to Nike lines of business and management
- Provide enforcement of security policies, standards, and procedures by working cross-functionally with Compliance and Governance functions
- Stay current on information security technologies, trends, standards, best practices, and emerging threats and vulnerabilities
Skills
- Bachelor's degree in Business Information Management, Computer Science, or a related field, OR relevant experience in lieu of a degree
- 5+ years of experience in information security, risk management, GRC, or a related field
- Knowledge of information security principles and practices, best practice security architectures, general procedures, and guidelines
- Knowledge of information security frameworks and best practices (e.g., NIST, ISO 27000, COBIT, COSO)
- Experience performing vendor/third-party risk assessments and internal information security risk assessments
- Experience assessing systems against security standards and performing control validation or baseline assessments
- Strong analytical and problem-solving skills with experience identifying solutions for complex problems in enterprise environments
- Superb communication skills (written and verbal) with comfort and experience in presentation delivery and proven persuasion skills
- The ability to appropriately communicate complex security risks to non-technical staff
- Must be trustworthy in keeping sensitive data confidential
- Demonstrated desire for continual learning and improvement
- Experience reviewing third-party SOC reports preferred
- Experience with ServiceNow, Confluence, or Jira preferred
- Advanced knowledge of Excel and PowerPoint; experience organizing and analyzing large datasets preferred
- CISSP, CISM, CRISC, or relevant GIAC Management Focus Area certifications preferred
Company Overview
Company H1B Sponsorship