Information Security Analyst

WHO YOU'LL WORK WITH

You will be reporting to the Director of Greater China Corporate Information Security (CIS) based out of GC HQ (Shanghai, China), and will work cross-functionally within the Corporate Information Security (CIS) teams and across Nike. You will regularly meet with local and global Nike business and technology teams.

WHO WE ARE LOOKING FOR

We're looking for an Information Security Analyst. This role on the Governance, Risk, Compliance, & Engagement team will include leveraging knowledge of security policies, standards, controls, and industry best practices to consult with partners across all of Nike Inc. The individual will play a critical role in ensuring that GRC functions are incorporated into key security services and program while validating risk mitigation functions within NIKE Inc. are functioning correctly.

• Bachelor's Degree in relevant field and/or minimum of 1-3 years relevant IT experience
• Knowledge of information security principles and practices, best practice security architectures, general procedures and guidelines.
• Experience with local Cyber Security Regulations (PIPL, MLPS, DSL, etc.) strongly desired
• Excellent analytical and problem-solving skills and strong attention to detail
• Demonstrated ability to think logically and strategically about technical solutions that are efficient, scalable, and re-usable
• Excellent collaboration skills and a drive to work as part of a cohesive team and partner to other teams within Nike, Inc. both at WHQ and globally
• Exceptional communication skills, including the ability to gather relevant data and information, actively listen, verbalize ideas effectively, successfully negotiate tense situations, and manage and resolve conflict
• Passion for the Nike brand and for an innovative, Just Do It work environment

• Assess current platforms against Nike security and configuration standards
• Perform risk assessments in alignment with Nike methodologies and provide timely feedback to stakeholders
• Evaluate and process exceptions to information security policies and standards
• Identify, document and elevate visibility of information risk, where business direction creates potential for exposure to employee, athlete and product sensitive data streams.
• Ability to operate independently and show measurable progress daily
• Stay current on information technologies, trends, standards, and best practices
• Ability to obtain a deep level of technical and process knowledge across multiple security and IT domains in a short amount of time
• Create a subscription to the information risk assessment process through pro-active partnerships and collaboration with internal business partners.
• Become an advocate of NIKE Information security procedures, policies, and processes, and standards as a mechanism to enable the business effectively while managing risk appropriately.
• Provide enforcement of security policies, standards, and procedures by working cross functionally with Compliance and Governance functions within the Corporate Information Security organization.
• Stay current on information security technologies, trends, standards, and best practice